Merge master into staging-next
This commit is contained in:
commit
aba90d9366
44 changed files with 1167 additions and 266 deletions
|
@ -135,6 +135,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- [nifi](https://nifi.apache.org), an easy to use, powerful, and reliable system to process and distribute data. Available as [services.nifi](options.html#opt-services.nifi.enable).
|
||||
|
||||
- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust.
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
||||
|
|
|
@ -975,6 +975,7 @@
|
|||
./services/security/hockeypuck.nix
|
||||
./services/security/hologram-server.nix
|
||||
./services/security/hologram-agent.nix
|
||||
./services/security/kanidm.nix
|
||||
./services/security/munge.nix
|
||||
./services/security/nginx-sso.nix
|
||||
./services/security/oauth2_proxy.nix
|
||||
|
|
345
nixos/modules/services/security/kanidm.nix
Normal file
345
nixos/modules/services/security/kanidm.nix
Normal file
|
@ -0,0 +1,345 @@
|
|||
{ config, lib, options, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.kanidm;
|
||||
settingsFormat = pkgs.formats.toml { };
|
||||
# Remove null values, so we can document optional values that don't end up in the generated TOML file.
|
||||
filterConfig = lib.converge (lib.filterAttrsRecursive (_: v: v != null));
|
||||
serverConfigFile = settingsFormat.generate "server.toml" (filterConfig cfg.serverSettings);
|
||||
clientConfigFile = settingsFormat.generate "kanidm-config.toml" (filterConfig cfg.clientSettings);
|
||||
unixConfigFile = settingsFormat.generate "kanidm-unixd.toml" (filterConfig cfg.unixSettings);
|
||||
|
||||
defaultServiceConfig = {
|
||||
BindReadOnlyPaths = [
|
||||
"/nix/store"
|
||||
"-/etc/resolv.conf"
|
||||
"-/etc/nsswitch.conf"
|
||||
"-/etc/hosts"
|
||||
"-/etc/localtime"
|
||||
];
|
||||
CapabilityBoundingSet = "";
|
||||
# ProtectClock= adds DeviceAllow=char-rtc r
|
||||
DeviceAllow = "";
|
||||
# Implies ProtectSystem=strict, which re-mounts all paths
|
||||
# DynamicUser = true;
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateMounts = true;
|
||||
PrivateNetwork = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = true;
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
# Would re-mount paths ignored by temporary root
|
||||
#ProtectSystem = "strict";
|
||||
ProtectControlGroups = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
RestrictAddressFamilies = [ ];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
|
||||
# Does not work well with the temporary root
|
||||
#UMask = "0066";
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
options.services.kanidm = {
|
||||
enableClient = lib.mkEnableOption "the Kanidm client";
|
||||
enableServer = lib.mkEnableOption "the Kanidm server";
|
||||
enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration.";
|
||||
|
||||
serverSettings = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
freeformType = settingsFormat.type;
|
||||
|
||||
options = {
|
||||
bindaddress = lib.mkOption {
|
||||
description = "Address/port combination the webserver binds to.";
|
||||
example = "[::1]:8443";
|
||||
type = lib.types.str;
|
||||
};
|
||||
# Should be optional but toml does not accept null
|
||||
ldapbindaddress = lib.mkOption {
|
||||
description = ''
|
||||
Address and port the LDAP server is bound to. Setting this to <literal>null</literal> disables the LDAP interface.
|
||||
'';
|
||||
example = "[::1]:636";
|
||||
default = null;
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
};
|
||||
origin = lib.mkOption {
|
||||
description = "The origin of your Kanidm instance. Must have https as protocol.";
|
||||
example = "https://idm.example.org";
|
||||
type = lib.types.strMatching "^https://.*";
|
||||
};
|
||||
domain = lib.mkOption {
|
||||
description = ''
|
||||
The <literal>domain</literal> that Kanidm manages. Must be below or equal to the domain
|
||||
specified in <literal>serverSettings.origin</literal>.
|
||||
This can be left at <literal>null</literal>, only if your instance has the role <literal>ReadOnlyReplica</literal>.
|
||||
While it is possible to change the domain later on, it requires extra steps!
|
||||
Please consider the warnings and execute the steps described
|
||||
<link xlink:href="https://kanidm.github.io/kanidm/stable/administrivia.html#rename-the-domain">in the documentation</link>.
|
||||
'';
|
||||
example = "example.org";
|
||||
default = null;
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
};
|
||||
db_path = lib.mkOption {
|
||||
description = "Path to Kanidm database.";
|
||||
default = "/var/lib/kanidm/kanidm.db";
|
||||
readOnly = true;
|
||||
type = lib.types.path;
|
||||
};
|
||||
log_level = lib.mkOption {
|
||||
description = "Log level of the server.";
|
||||
default = "default";
|
||||
type = lib.types.enum [ "default" "verbose" "perfbasic" "perffull" ];
|
||||
};
|
||||
role = lib.mkOption {
|
||||
description = "The role of this server. This affects the replication relationship and thereby available features.";
|
||||
default = "WriteReplica";
|
||||
type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
default = { };
|
||||
description = ''
|
||||
Settings for Kanidm, see
|
||||
<link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/server_configuration.md">the documentation</link>
|
||||
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/server.toml">example configuration</link>
|
||||
for possible values.
|
||||
'';
|
||||
};
|
||||
|
||||
clientSettings = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
freeformType = settingsFormat.type;
|
||||
|
||||
options.uri = lib.mkOption {
|
||||
description = "Address of the Kanidm server.";
|
||||
example = "http://127.0.0.1:8080";
|
||||
type = lib.types.str;
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
Configure Kanidm clients, needed for the PAM daemon. See
|
||||
<link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/client_tools.md#kanidm-configuration">the documentation</link>
|
||||
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/config">example configuration</link>
|
||||
for possible values.
|
||||
'';
|
||||
};
|
||||
|
||||
unixSettings = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
freeformType = settingsFormat.type;
|
||||
|
||||
options.pam_allowed_login_groups = lib.mkOption {
|
||||
description = "Kanidm groups that are allowed to login using PAM.";
|
||||
example = "my_pam_group";
|
||||
type = lib.types.listOf lib.types.str;
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
Configure Kanidm unix daemon.
|
||||
See <link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/pam_and_nsswitch.md#the-unix-daemon">the documentation</link>
|
||||
and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/unixd">example configuration</link>
|
||||
for possible values.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf (cfg.enableClient || cfg.enableServer || cfg.enablePam) {
|
||||
assertions =
|
||||
[
|
||||
{
|
||||
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_chain or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_chain);
|
||||
message = ''
|
||||
<option>services.kanidm.serverSettings.tls_chain</option> points to
|
||||
a file in the Nix store. You should use a quoted absolute path to
|
||||
prevent this.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = !cfg.enableServer || ((cfg.serverSettings.tls_key or null) == null) || (!lib.isStorePath cfg.serverSettings.tls_key);
|
||||
message = ''
|
||||
<option>services.kanidm.serverSettings.tls_key</option> points to
|
||||
a file in the Nix store. You should use a quoted absolute path to
|
||||
prevent this.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = !cfg.enableClient || options.services.kanidm.clientSettings.isDefined;
|
||||
message = ''
|
||||
<option>services.kanidm.clientSettings</option> needs to be configured
|
||||
if the client is enabled.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = !cfg.enablePam || options.services.kanidm.clientSettings.isDefined;
|
||||
message = ''
|
||||
<option>services.kanidm.clientSettings</option> needs to be configured
|
||||
for the PAM daemon to connect to the Kanidm server.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = !cfg.enableServer || (cfg.serverSettings.domain == null
|
||||
-> cfg.serverSettings.role == "WriteReplica" || cfg.serverSettings.role == "WriteReplicaNoUI");
|
||||
message = ''
|
||||
<option>services.kanidm.serverSettings.domain</option> can only be set if this instance
|
||||
is not a ReadOnlyReplica. Otherwise the db would inherit it from
|
||||
the instance it follows.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = lib.mkIf cfg.enableClient [ pkgs.kanidm ];
|
||||
|
||||
systemd.services.kanidm = lib.mkIf cfg.enableServer {
|
||||
description = "kanidm identity management daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = defaultServiceConfig // {
|
||||
StateDirectory = "kanidm";
|
||||
StateDirectoryMode = "0700";
|
||||
ExecStart = "${pkgs.kanidm}/bin/kanidmd server -c ${serverConfigFile}";
|
||||
User = "kanidm";
|
||||
Group = "kanidm";
|
||||
|
||||
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
||||
# This would otherwise override the CAP_NET_BIND_SERVICE capability.
|
||||
PrivateUsers = false;
|
||||
# Port needs to be exposed to the host network
|
||||
PrivateNetwork = false;
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||
TemporaryFileSystem = "/:ro";
|
||||
};
|
||||
environment.RUST_LOG = "info";
|
||||
};
|
||||
|
||||
systemd.services.kanidm-unixd = lib.mkIf cfg.enablePam {
|
||||
description = "Kanidm PAM daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
restartTriggers = [ unixConfigFile clientConfigFile ];
|
||||
serviceConfig = defaultServiceConfig // {
|
||||
CacheDirectory = "kanidm-unixd";
|
||||
CacheDirectoryMode = "0700";
|
||||
RuntimeDirectory = "kanidm-unixd";
|
||||
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd";
|
||||
User = "kanidm-unixd";
|
||||
Group = "kanidm-unixd";
|
||||
|
||||
BindReadOnlyPaths = [
|
||||
"/nix/store"
|
||||
"-/etc/resolv.conf"
|
||||
"-/etc/nsswitch.conf"
|
||||
"-/etc/hosts"
|
||||
"-/etc/localtime"
|
||||
"-/etc/kanidm"
|
||||
"-/etc/static/kanidm"
|
||||
];
|
||||
BindPaths = [
|
||||
# To create the socket
|
||||
"/run/kanidm-unixd:/var/run/kanidm-unixd"
|
||||
];
|
||||
# Needs to connect to kanidmd
|
||||
PrivateNetwork = false;
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
|
||||
TemporaryFileSystem = "/:ro";
|
||||
};
|
||||
environment.RUST_LOG = "info";
|
||||
};
|
||||
|
||||
systemd.services.kanidm-unixd-tasks = lib.mkIf cfg.enablePam {
|
||||
description = "Kanidm PAM home management daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" "kanidm-unixd.service" ];
|
||||
partOf = [ "kanidm-unixd.service" ];
|
||||
restartTriggers = [ unixConfigFile clientConfigFile ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.kanidm}/bin/kanidm_unixd_tasks";
|
||||
|
||||
BindReadOnlyPaths = [
|
||||
"/nix/store"
|
||||
"-/etc/resolv.conf"
|
||||
"-/etc/nsswitch.conf"
|
||||
"-/etc/hosts"
|
||||
"-/etc/localtime"
|
||||
"-/etc/kanidm"
|
||||
"-/etc/static/kanidm"
|
||||
];
|
||||
BindPaths = [
|
||||
# To manage home directories
|
||||
"/home"
|
||||
# To connect to kanidm-unixd
|
||||
"/run/kanidm-unixd:/var/run/kanidm-unixd"
|
||||
];
|
||||
# CAP_DAC_OVERRIDE is needed to ignore ownership of unixd socket
|
||||
CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_FOWNER" "CAP_DAC_OVERRIDE" "CAP_DAC_READ_SEARCH" ];
|
||||
IPAddressDeny = "any";
|
||||
# Need access to users
|
||||
PrivateUsers = false;
|
||||
# Need access to home directories
|
||||
ProtectHome = false;
|
||||
RestrictAddressFamilies = [ "AF_UNIX" ];
|
||||
TemporaryFileSystem = "/:ro";
|
||||
};
|
||||
environment.RUST_LOG = "info";
|
||||
};
|
||||
|
||||
# These paths are hardcoded
|
||||
environment.etc = lib.mkMerge [
|
||||
(lib.mkIf options.services.kanidm.clientSettings.isDefined {
|
||||
"kanidm/config".source = clientConfigFile;
|
||||
})
|
||||
(lib.mkIf cfg.enablePam {
|
||||
"kanidm/unixd".source = unixConfigFile;
|
||||
})
|
||||
];
|
||||
|
||||
system.nssModules = lib.mkIf cfg.enablePam [ pkgs.kanidm ];
|
||||
|
||||
system.nssDatabases.group = lib.optional cfg.enablePam "kanidm";
|
||||
system.nssDatabases.passwd = lib.optional cfg.enablePam "kanidm";
|
||||
|
||||
users.groups = lib.mkMerge [
|
||||
(lib.mkIf cfg.enableServer {
|
||||
kanidm = { };
|
||||
})
|
||||
(lib.mkIf cfg.enablePam {
|
||||
kanidm-unixd = { };
|
||||
})
|
||||
];
|
||||
users.users = lib.mkMerge [
|
||||
(lib.mkIf cfg.enableServer {
|
||||
kanidm = {
|
||||
description = "Kanidm server";
|
||||
isSystemUser = true;
|
||||
group = "kanidm";
|
||||
packages = with pkgs; [ kanidm ];
|
||||
};
|
||||
})
|
||||
(lib.mkIf cfg.enablePam {
|
||||
kanidm-unixd = {
|
||||
description = "Kanidm PAM daemon";
|
||||
isSystemUser = true;
|
||||
group = "kanidm-unixd";
|
||||
};
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ erictapen Flakebi ];
|
||||
meta.buildDocsInSandbox = false;
|
||||
}
|
|
@ -58,6 +58,13 @@ let
|
|||
# latter case it makes one last attempt at importing, allowing the system to
|
||||
# (eventually) boot even with a degraded pool.
|
||||
importLib = {zpoolCmd, awkCmd, cfgZfs}: ''
|
||||
for o in $(cat /proc/cmdline); do
|
||||
case $o in
|
||||
zfs_force|zfs_force=1|zfs_force=y)
|
||||
ZFS_FORCE="-f"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
poolReady() {
|
||||
pool="$1"
|
||||
state="$("${zpoolCmd}" import 2>/dev/null | "${awkCmd}" "/pool: $pool/ { found = 1 }; /state:/ { if (found == 1) { print \$2; exit } }; END { if (found == 0) { print \"MISSING\" } }")"
|
||||
|
@ -78,6 +85,95 @@ let
|
|||
}
|
||||
'';
|
||||
|
||||
getPoolFilesystems = pool:
|
||||
filter (x: x.fsType == "zfs" && (fsToPool x) == pool) config.system.build.fileSystems;
|
||||
|
||||
getPoolMounts = prefix: pool:
|
||||
let
|
||||
# Remove the "/" suffix because even though most mountpoints
|
||||
# won't have it, the "/" mountpoint will, and we can't have the
|
||||
# trailing slash in "/sysroot/" in stage 1.
|
||||
mountPoint = fs: escapeSystemdPath (prefix + (lib.removeSuffix "/" fs.mountPoint));
|
||||
in
|
||||
map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
|
||||
|
||||
getKeyLocations = pool:
|
||||
if isBool cfgZfs.requestEncryptionCredentials
|
||||
then "${cfgZfs.package}/sbin/zfs list -rHo name,keylocation,keystatus ${pool}"
|
||||
else "${cfgZfs.package}/sbin/zfs list -Ho name,keylocation,keystatus ${toString (filter (x: datasetToPool x == pool) cfgZfs.requestEncryptionCredentials)}";
|
||||
|
||||
createImportService = { pool, systemd, force, prefix ? "" }:
|
||||
nameValuePair "zfs-import-${pool}" {
|
||||
description = "Import ZFS pool \"${pool}\"";
|
||||
# we need systemd-udev-settle to ensure devices are available
|
||||
# In the future, hopefully someone will complete this:
|
||||
# https://github.com/zfsonlinux/zfs/pull/4943
|
||||
requires = [ "systemd-udev-settle.service" ];
|
||||
after = [
|
||||
"systemd-udev-settle.service"
|
||||
"systemd-modules-load.service"
|
||||
"systemd-ask-password-console.service"
|
||||
];
|
||||
wantedBy = (getPoolMounts prefix pool) ++ [ "local-fs.target" ];
|
||||
before = (getPoolMounts prefix pool) ++ [ "local-fs.target" ];
|
||||
unitConfig = {
|
||||
DefaultDependencies = "no";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
environment.ZFS_FORCE = optionalString force "-f";
|
||||
script = (importLib {
|
||||
# See comments at importLib definition.
|
||||
zpoolCmd = "${cfgZfs.package}/sbin/zpool";
|
||||
awkCmd = "${pkgs.gawk}/bin/awk";
|
||||
inherit cfgZfs;
|
||||
}) + ''
|
||||
poolImported "${pool}" && exit
|
||||
echo -n "importing ZFS pool \"${pool}\"..."
|
||||
# Loop across the import until it succeeds, because the devices needed may not be discovered yet.
|
||||
for trial in `seq 1 60`; do
|
||||
poolReady "${pool}" && poolImport "${pool}" && break
|
||||
sleep 1
|
||||
done
|
||||
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
|
||||
if poolImported "${pool}"; then
|
||||
${optionalString (if isBool cfgZfs.requestEncryptionCredentials
|
||||
then cfgZfs.requestEncryptionCredentials
|
||||
else cfgZfs.requestEncryptionCredentials != []) ''
|
||||
${getKeyLocations pool} | while IFS=$'\t' read ds kl ks; do
|
||||
{
|
||||
if [[ "$ks" != unavailable ]]; then
|
||||
continue
|
||||
fi
|
||||
case "$kl" in
|
||||
none )
|
||||
;;
|
||||
prompt )
|
||||
tries=3
|
||||
success=false
|
||||
while [[ $success != true ]] && [[ $tries -gt 0 ]]; do
|
||||
${systemd}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds" \
|
||||
&& success=true \
|
||||
|| tries=$((tries - 1))
|
||||
done
|
||||
[[ $success = true ]]
|
||||
;;
|
||||
* )
|
||||
${cfgZfs.package}/sbin/zfs load-key "$ds"
|
||||
;;
|
||||
esac
|
||||
} < /dev/null # To protect while read ds kl in case anything reads stdin
|
||||
done
|
||||
''}
|
||||
echo "Successfully imported ${pool}"
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
zedConf = generators.toKeyValue {
|
||||
mkKeyValue = generators.mkKeyValueDefault {
|
||||
mkValueString = v:
|
||||
|
@ -428,14 +524,6 @@ in
|
|||
'';
|
||||
postDeviceCommands = concatStringsSep "\n" ([''
|
||||
ZFS_FORCE="${optionalString cfgZfs.forceImportRoot "-f"}"
|
||||
|
||||
for o in $(cat /proc/cmdline); do
|
||||
case $o in
|
||||
zfs_force|zfs_force=1)
|
||||
ZFS_FORCE="-f"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
''] ++ [(importLib {
|
||||
# See comments at importLib definition.
|
||||
zpoolCmd = "zpool";
|
||||
|
@ -464,6 +552,21 @@ in
|
|||
zfs load-key ${fs}
|
||||
'') cfgZfs.requestEncryptionCredentials}
|
||||
'') rootPools));
|
||||
|
||||
# Systemd in stage 1
|
||||
systemd = {
|
||||
packages = [cfgZfs.package];
|
||||
services = listToAttrs (map (pool: createImportService {
|
||||
inherit pool;
|
||||
systemd = config.boot.initrd.systemd.package;
|
||||
force = cfgZfs.forceImportRoot;
|
||||
prefix = "/sysroot";
|
||||
}) rootPools);
|
||||
extraBin = {
|
||||
# zpool and zfs are already in thanks to fsPackages
|
||||
awk = "${pkgs.gawk}/bin/awk";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.shutdownRamfs.contents."/etc/systemd/system-shutdown/zpool".source = pkgs.writeShellScript "zpool-sync-shutdown" ''
|
||||
|
@ -521,79 +624,11 @@ in
|
|||
systemd.packages = [ cfgZfs.package ];
|
||||
|
||||
systemd.services = let
|
||||
getPoolFilesystems = pool:
|
||||
filter (x: x.fsType == "zfs" && (fsToPool x) == pool) config.system.build.fileSystems;
|
||||
|
||||
getPoolMounts = pool:
|
||||
let
|
||||
mountPoint = fs: escapeSystemdPath fs.mountPoint;
|
||||
in
|
||||
map (x: "${mountPoint x}.mount") (getPoolFilesystems pool);
|
||||
|
||||
createImportService = pool:
|
||||
nameValuePair "zfs-import-${pool}" {
|
||||
description = "Import ZFS pool \"${pool}\"";
|
||||
# we need systemd-udev-settle until https://github.com/zfsonlinux/zfs/pull/4943 is merged
|
||||
requires = [ "systemd-udev-settle.service" ];
|
||||
after = [
|
||||
"systemd-udev-settle.service"
|
||||
"systemd-modules-load.service"
|
||||
"systemd-ask-password-console.service"
|
||||
];
|
||||
wantedBy = (getPoolMounts pool) ++ [ "local-fs.target" ];
|
||||
before = (getPoolMounts pool) ++ [ "local-fs.target" ];
|
||||
unitConfig = {
|
||||
DefaultDependencies = "no";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
environment.ZFS_FORCE = optionalString cfgZfs.forceImportAll "-f";
|
||||
script = (importLib {
|
||||
# See comments at importLib definition.
|
||||
zpoolCmd = "${cfgZfs.package}/sbin/zpool";
|
||||
awkCmd = "${pkgs.gawk}/bin/awk";
|
||||
inherit cfgZfs;
|
||||
}) + ''
|
||||
poolImported "${pool}" && exit
|
||||
echo -n "importing ZFS pool \"${pool}\"..."
|
||||
# Loop across the import until it succeeds, because the devices needed may not be discovered yet.
|
||||
for trial in `seq 1 60`; do
|
||||
poolReady "${pool}" && poolImport "${pool}" && break
|
||||
sleep 1
|
||||
done
|
||||
poolImported "${pool}" || poolImport "${pool}" # Try one last time, e.g. to import a degraded pool.
|
||||
if poolImported "${pool}"; then
|
||||
${optionalString (if isBool cfgZfs.requestEncryptionCredentials
|
||||
then cfgZfs.requestEncryptionCredentials
|
||||
else cfgZfs.requestEncryptionCredentials != []) ''
|
||||
${cfgZfs.package}/sbin/zfs list -rHo name,keylocation ${pool} | while IFS=$'\t' read ds kl; do
|
||||
{
|
||||
${optionalString (!isBool cfgZfs.requestEncryptionCredentials) ''
|
||||
if ! echo '${concatStringsSep "\n" cfgZfs.requestEncryptionCredentials}' | grep -qFx "$ds"; then
|
||||
continue
|
||||
fi
|
||||
''}
|
||||
case "$kl" in
|
||||
none )
|
||||
;;
|
||||
prompt )
|
||||
${config.systemd.package}/bin/systemd-ask-password "Enter key for $ds:" | ${cfgZfs.package}/sbin/zfs load-key "$ds"
|
||||
;;
|
||||
* )
|
||||
${cfgZfs.package}/sbin/zfs load-key "$ds"
|
||||
;;
|
||||
esac
|
||||
} < /dev/null # To protect while read ds kl in case anything reads stdin
|
||||
done
|
||||
''}
|
||||
echo "Successfully imported ${pool}"
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
'';
|
||||
};
|
||||
createImportService' = pool: createImportService {
|
||||
inherit pool;
|
||||
systemd = config.systemd.package;
|
||||
force = cfgZfs.forceImportAll;
|
||||
};
|
||||
|
||||
# This forces a sync of any ZFS pools prior to poweroff, even if they're set
|
||||
# to sync=disabled.
|
||||
|
@ -619,7 +654,7 @@ in
|
|||
wantedBy = [ "zfs.target" ];
|
||||
};
|
||||
|
||||
in listToAttrs (map createImportService dataPools ++
|
||||
in listToAttrs (map createImportService' dataPools ++
|
||||
map createSyncService allPools ++
|
||||
map createZfsService [ "zfs-mount" "zfs-share" "zfs-zed" ]);
|
||||
|
||||
|
|
|
@ -253,6 +253,7 @@ in
|
|||
k3s-single-node = handleTest ./k3s-single-node.nix {};
|
||||
k3s-single-node-docker = handleTest ./k3s-single-node-docker.nix {};
|
||||
kafka = handleTest ./kafka.nix {};
|
||||
kanidm = handleTest ./kanidm.nix {};
|
||||
kbd-setfont-decompress = handleTest ./kbd-setfont-decompress.nix {};
|
||||
kbd-update-search-paths-patch = handleTest ./kbd-update-search-paths-patch.nix {};
|
||||
kea = handleTest ./kea.nix {};
|
||||
|
|
|
@ -106,6 +106,5 @@ in
|
|||
malcontent = callInstalledTest ./malcontent.nix {};
|
||||
ostree = callInstalledTest ./ostree.nix {};
|
||||
pipewire = callInstalledTest ./pipewire.nix {};
|
||||
power-profiles-daemon = callInstalledTest ./power-profiles-daemon.nix {};
|
||||
xdg-desktop-portal = callInstalledTest ./xdg-desktop-portal.nix {};
|
||||
}
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
{ pkgs, lib, makeInstalledTest, ... }:
|
||||
|
||||
makeInstalledTest {
|
||||
tested = pkgs.power-profiles-daemon;
|
||||
|
||||
testConfig = {
|
||||
services.power-profiles-daemon.enable = true;
|
||||
};
|
||||
}
|
|
@ -27,7 +27,7 @@
|
|||
simpleUefiGrubSpecialisation
|
||||
simpleUefiSystemdBoot
|
||||
# swraid
|
||||
# zfsroot
|
||||
zfsroot
|
||||
;
|
||||
|
||||
}
|
||||
|
|
75
nixos/tests/kanidm.nix
Normal file
75
nixos/tests/kanidm.nix
Normal file
|
@ -0,0 +1,75 @@
|
|||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
let
|
||||
certs = import ./common/acme/server/snakeoil-certs.nix;
|
||||
serverDomain = certs.domain;
|
||||
in
|
||||
{
|
||||
name = "kanidm";
|
||||
meta.maintainers = with pkgs.lib.maintainers; [ erictapen Flakebi ];
|
||||
|
||||
nodes.server = { config, pkgs, lib, ... }: {
|
||||
services.kanidm = {
|
||||
enableServer = true;
|
||||
serverSettings = {
|
||||
origin = "https://${serverDomain}";
|
||||
domain = serverDomain;
|
||||
bindaddress = "[::1]:8443";
|
||||
ldapbindaddress = "[::1]:636";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts."${serverDomain}" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = certs."${serverDomain}".cert;
|
||||
sslCertificateKey = certs."${serverDomain}".key;
|
||||
locations."/".proxyPass = "http://[::1]:8443";
|
||||
};
|
||||
};
|
||||
|
||||
security.pki.certificateFiles = [ certs.ca.cert ];
|
||||
|
||||
networking.hosts."::1" = [ serverDomain ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
users.users.kanidm.shell = pkgs.bashInteractive;
|
||||
|
||||
environment.systemPackages = with pkgs; [ kanidm openldap ripgrep ];
|
||||
};
|
||||
|
||||
nodes.client = { pkgs, nodes, ... }: {
|
||||
services.kanidm = {
|
||||
enableClient = true;
|
||||
clientSettings = {
|
||||
uri = "https://${serverDomain}";
|
||||
};
|
||||
};
|
||||
|
||||
networking.hosts."${nodes.server.config.networking.primaryIPAddress}" = [ serverDomain ];
|
||||
|
||||
security.pki.certificateFiles = [ certs.ca.cert ];
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }:
|
||||
let
|
||||
ldapBaseDN = builtins.concatStringsSep "," (map (s: "dc=" + s) (pkgs.lib.splitString "." serverDomain));
|
||||
|
||||
# We need access to the config file in the test script.
|
||||
filteredConfig = pkgs.lib.converge
|
||||
(pkgs.lib.filterAttrsRecursive (_: v: v != null))
|
||||
nodes.server.config.services.kanidm.serverSettings;
|
||||
serverConfigFile = (pkgs.formats.toml { }).generate "server.toml" filteredConfig;
|
||||
|
||||
in
|
||||
''
|
||||
start_all()
|
||||
server.wait_for_unit("kanidm.service")
|
||||
server.wait_until_succeeds("curl -sf https://${serverDomain} | grep Kanidm")
|
||||
server.wait_until_succeeds("ldapsearch -H ldap://[::1]:636 -b '${ldapBaseDN}' -x '(name=test)'")
|
||||
client.wait_until_succeeds("kanidm login -D anonymous && kanidm self whoami | grep anonymous@${serverDomain}")
|
||||
(rv, result) = server.execute("kanidmd recover_account -d quiet -c ${serverConfigFile} -n admin 2>&1 | rg -o '[A-Za-z0-9]{48}'")
|
||||
assert rv == 0
|
||||
'';
|
||||
})
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
"packageVersion": "100.0-1",
|
||||
"packageVersion": "100.0-2",
|
||||
"source": {
|
||||
"rev": "100.0-1",
|
||||
"sha256": "1xczvsd39g821bh5n12vnn7sgi0x5dqj6vfizkavxj0a05jb4fla"
|
||||
"rev": "100.0-2",
|
||||
"sha256": "0pr7fb91zw5qlnfvaavzksd3c2xzgn1344mmfnz9yx2g42vcyi7d"
|
||||
},
|
||||
"firefox": {
|
||||
"version": "100.0",
|
||||
|
|
|
@ -43,13 +43,13 @@ assert enablePsiMedia -> enablePlugins;
|
|||
|
||||
mkDerivation rec {
|
||||
pname = "psi-plus";
|
||||
version = "1.5.1615";
|
||||
version = "1.5.1618";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "psi-plus";
|
||||
repo = "psi-plus-snapshots";
|
||||
rev = version;
|
||||
sha256 = "sha256-aD+JVGmBWHUav2bH9rXGtgqI+/5lJTMrYLRP7E65JxI=";
|
||||
sha256 = "sha256-ueZYFOZFCPQrg9etZCrY5ZTn7PZMkcuwbXVPPbW9S/A=";
|
||||
};
|
||||
|
||||
cmakeFlags = [
|
||||
|
|
|
@ -24,6 +24,9 @@ let
|
|||
|
||||
buildInputs = [ gmp ];
|
||||
|
||||
# Tests are relying on old Python 2 modules.
|
||||
doCheck = false;
|
||||
|
||||
preConfigure = ''
|
||||
sed -i 's,/usr/include,/no-such-dir,' configure
|
||||
sed -i "s!,'/usr/include/'!!" setup.py
|
||||
|
@ -66,5 +69,9 @@ in stdenv.mkDerivation rec {
|
|||
license = licenses.gpl3;
|
||||
maintainers = with maintainers; [ oxzi ];
|
||||
description = "WeeChat script for Off-the-Record messaging";
|
||||
knownVulnerabilities = [
|
||||
"There is no upstream release since 2018-03."
|
||||
"Utilizes deprecated and vulnerable pycrypto library with Debian patches from 2020-04."
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -25,11 +25,11 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "PortfolioPerformance";
|
||||
version = "0.57.1";
|
||||
version = "0.57.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/buchen/portfolio/releases/download/${version}/PortfolioPerformance-${version}-linux.gtk.x86_64.tar.gz";
|
||||
sha256 = "sha256-uEEFkHyApf+TObcu+Yo5vBOs2Erq0IXGhbjzlEe8NmI=";
|
||||
sha256 = "sha256-ftLKlNzr46iL/V+P3J1wtoUByGHHl7wrh4xctU4JYkM=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -7,13 +7,13 @@
|
|||
}:
|
||||
|
||||
let
|
||||
version = "3.9.1";
|
||||
version = "4.7.1";
|
||||
pname = "timeular";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://s3.amazonaws.com/timeular-desktop-packages/linux/production/Timeular-${version}.AppImage";
|
||||
sha256 = "103hy443p697jdkz6li8s1n6kg1r55jmiw2vbjz12kskf7njg4y4";
|
||||
sha256 = "sha256:0k8ywbdb41imq10ya9y27zks67a6drjb1h0hn8ycd7a6z6703rjz";
|
||||
};
|
||||
|
||||
appimageContents = appimageTools.extractType2 {
|
||||
|
@ -35,7 +35,7 @@ in appimageTools.wrapType2 rec {
|
|||
install -m 444 -D ${appimageContents}/timeular.desktop $out/share/applications/timeular.desktop
|
||||
install -m 444 -D ${appimageContents}/timeular.png $out/share/icons/hicolor/512x512/apps/timeular.png
|
||||
substituteInPlace $out/share/applications/timeular.desktop \
|
||||
--replace 'Exec=AppRun' 'Exec=${pname}'
|
||||
--replace "Exec=AppRun --no-sandbox %U" "Exec=$out/bin/${pname}"
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
{ lib, stdenv, fetchurl, pkg-config, openssl, libuuid, libmd, zlib, ncurses }:
|
||||
{ lib, stdenv, fetchurl, pkg-config, openssl, libbsd, libuuid, libmd, zlib, ncurses }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "got";
|
||||
version = "0.68.1";
|
||||
version = "0.69";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://gameoftrees.org/releases/portable/got-portable-${version}.tar.gz";
|
||||
sha256 = "122wignzrhsw00mfnh7mxcxvjyp9rk73yxzfyvmg7f5kmb0hng35";
|
||||
sha256 = "1cnl0yk866wzjwgas587kvb08njq7db71b5xqsdrwd1varp010vm";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
|
||||
buildInputs = [ openssl libuuid libmd zlib ncurses ];
|
||||
buildInputs = [ openssl libbsd libuuid libmd zlib ncurses ];
|
||||
|
||||
doInstallCheck = true;
|
||||
|
||||
|
|
|
@ -1,12 +1,38 @@
|
|||
{ stdenv, fetchurl, lib, qtbase, qtmultimedia, qtscript, qtsensors, qtwebengine, qtwebkit, openssl, xkeyboard_config, patchelfUnstable, wrapQtAppsHook }:
|
||||
{ stdenv
|
||||
, fetchurl
|
||||
, lib
|
||||
, qtbase
|
||||
, qtwebengine
|
||||
, qtdeclarative
|
||||
, qtwebchannel
|
||||
, syntax-highlighting
|
||||
, openssl
|
||||
, xkeyboard_config
|
||||
, patchelfUnstable
|
||||
, wrapQtAppsHook
|
||||
, writeText
|
||||
}:
|
||||
let
|
||||
# This abomination exists because p4v calls CRYPTO_set_mem_functions and
|
||||
# expects it to succeed. The function will fail if CRYPTO_malloc has already
|
||||
# been called, which happens at init time via qtwebengine -> ... -> libssh. I
|
||||
# suspect it was meant to work with a version of Qt where openssl is
|
||||
# statically linked or some other library is used.
|
||||
crypto-hack = writeText "crypto-hack.c" ''
|
||||
#include <stddef.h>
|
||||
int CRYPTO_set_mem_functions(
|
||||
void *(*m)(size_t, const char *, int),
|
||||
void *(*r)(void *, size_t, const char *, int),
|
||||
void (*f)(void *, const char *, int)) { return 1; }
|
||||
'';
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "p4v";
|
||||
version = "2020.1.1966006";
|
||||
version = "2021.3.2186916";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://cdist2.perforce.com/perforce/r20.1/bin.linux26x86_64/p4v.tgz";
|
||||
sha256 = "0zc70d7jgdrd2jli338n1h05hgb7jmmv8hvq205wh78vvllrlv10";
|
||||
url = "http://web.archive.org/web/20211118024745/https://cdist2.perforce.com/perforce/r21.3/bin.linux26x86_64/p4v.tgz";
|
||||
sha256 = "1zldg21xq4srww9pcfbv3p8320ghjnh333pz5r70z1gwbq4vf3jq";
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
@ -15,11 +41,10 @@ stdenv.mkDerivation rec {
|
|||
ldLibraryPath = lib.makeLibraryPath [
|
||||
stdenv.cc.cc.lib
|
||||
qtbase
|
||||
qtmultimedia
|
||||
qtscript
|
||||
qtsensors
|
||||
qtwebengine
|
||||
qtwebkit
|
||||
qtdeclarative
|
||||
qtwebchannel
|
||||
syntax-highlighting
|
||||
openssl
|
||||
];
|
||||
|
||||
|
@ -29,14 +54,17 @@ stdenv.mkDerivation rec {
|
|||
cp -r bin $out
|
||||
mkdir -p $out/lib
|
||||
cp -r lib/P4VResources $out/lib
|
||||
$CC -fPIC -shared -o $out/lib/libcrypto-hack.so ${crypto-hack}
|
||||
|
||||
for f in $out/bin/*.bin ; do
|
||||
patchelf --set-rpath $ldLibraryPath --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $f
|
||||
# combining this with above breaks rpath (patchelf bug?)
|
||||
patchelf --add-needed libstdc++.so $f \
|
||||
patchelf --add-needed libstdc++.so \
|
||||
--add-needed $out/lib/libcrypto-hack.so \
|
||||
--clear-symbol-version _ZNSt20bad_array_new_lengthD1Ev \
|
||||
--clear-symbol-version _ZTVSt20bad_array_new_length \
|
||||
--clear-symbol-version _ZTISt20bad_array_new_length \
|
||||
--clear-symbol-version _ZdlPvm \
|
||||
$f
|
||||
wrapQtApp $f \
|
||||
--suffix QT_XKB_CONFIG_ROOT : ${xkeyboard_config}/share/X11/xkb
|
||||
|
|
|
@ -19,15 +19,21 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "umockdev";
|
||||
version = "0.17.8";
|
||||
version = "0.17.9";
|
||||
|
||||
outputs = [ "bin" "out" "dev" "devdoc" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/martinpitt/umockdev/releases/download/${version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "sha256-s3zeWJxw5ohUtsv4NZGKcdP8khEYzIXycbBrAzdnVoU=";
|
||||
sha256 = "sha256-FEmWjJVmKKckC30zULGI/mZ3VNtirnweZq2gKh/Y5VE=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Hardcode absolute paths to libraries so that consumers
|
||||
# do not need to set LD_LIBRARY_PATH themselves.
|
||||
./hardcode-paths.patch
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
docbook-xsl-nons
|
||||
gobject-introspection
|
||||
|
@ -57,6 +63,21 @@ stdenv.mkDerivation rec {
|
|||
|
||||
doCheck = true;
|
||||
|
||||
postPatch = ''
|
||||
# Substitute the path to this derivation in the patch we apply.
|
||||
substituteInPlace src/umockdev-wrapper \
|
||||
--subst-var-by 'LIBDIR' "''${!outputLib}/lib"
|
||||
'';
|
||||
|
||||
preCheck = ''
|
||||
# Our patch makes the path to the `LD_PRELOAD`ed library absolute.
|
||||
# When running tests, the library is not yet installed, though,
|
||||
# so we need to replace the absolute path with a local one during build.
|
||||
# We are using a symlink that will be overridden during installation.
|
||||
mkdir -p "$out/lib"
|
||||
ln -s "$PWD/libumockdev-preload.so.0" "$out/lib/libumockdev-preload.so.0"
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Mock hardware devices for creating unit tests";
|
||||
license = licenses.lgpl21Plus;
|
||||
|
|
69
pkgs/development/libraries/umockdev/hardcode-paths.patch
Normal file
69
pkgs/development/libraries/umockdev/hardcode-paths.patch
Normal file
|
@ -0,0 +1,69 @@
|
|||
diff --git a/meson.build b/meson.build
|
||||
index 2ed9027..1f6bbf2 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -38,6 +38,7 @@ g_ir_compiler = find_program('g-ir-compiler', required: false)
|
||||
|
||||
conf.set('PACKAGE_NAME', meson.project_name())
|
||||
conf.set_quoted('VERSION', meson.project_version())
|
||||
+conf.set_quoted('LIBDIR', get_option('prefix') / get_option('libdir'))
|
||||
|
||||
# glibc versions somewhere between 2.28 and 2.34
|
||||
if cc.has_function('__fxstatat', prefix: '#include <sys/stat.h>')
|
||||
@@ -148,7 +149,7 @@ hacked_gir = custom_target('UMockdev-1.0 hacked gir',
|
||||
|
||||
if g_ir_compiler.found()
|
||||
umockdev_typelib = custom_target('UMockdev-1.0 typelib',
|
||||
- command: [g_ir_compiler, '--output', '@OUTPUT@', '-l', 'libumockdev.so.0', '@INPUT@'],
|
||||
+ command: [g_ir_compiler, '--output', '@OUTPUT@', '-l', get_option('prefix') / get_option('libdir') / 'libumockdev.so.0', '@INPUT@'],
|
||||
input: hacked_gir,
|
||||
output: 'UMockdev-1.0.typelib',
|
||||
install: true,
|
||||
diff --git a/src/config.vapi b/src/config.vapi
|
||||
index 5269dd0..a2ec46d 100644
|
||||
--- a/src/config.vapi
|
||||
+++ b/src/config.vapi
|
||||
@@ -2,5 +2,6 @@
|
||||
namespace Config {
|
||||
public const string PACKAGE_NAME;
|
||||
public const string VERSION;
|
||||
+ public const string LIBDIR;
|
||||
}
|
||||
|
||||
diff --git a/src/umockdev-record.vala b/src/umockdev-record.vala
|
||||
index 8434d32..68c7f8e 100644
|
||||
--- a/src/umockdev-record.vala
|
||||
+++ b/src/umockdev-record.vala
|
||||
@@ -435,7 +435,7 @@ main (string[] args)
|
||||
preload = "";
|
||||
else
|
||||
preload = preload + ":";
|
||||
- Environment.set_variable("LD_PRELOAD", preload + "libumockdev-preload.so.0", true);
|
||||
+ Environment.set_variable("LD_PRELOAD", preload + Config.LIBDIR + "/libumockdev-preload.so.0", true);
|
||||
|
||||
try {
|
||||
root_dir = DirUtils.make_tmp("umockdev.XXXXXX");
|
||||
diff --git a/src/umockdev-run.vala b/src/umockdev-run.vala
|
||||
index 9a1ba10..6df2522 100644
|
||||
--- a/src/umockdev-run.vala
|
||||
+++ b/src/umockdev-run.vala
|
||||
@@ -95,7 +95,7 @@ main (string[] args)
|
||||
preload = "";
|
||||
else
|
||||
preload = preload + ":";
|
||||
- Environment.set_variable ("LD_PRELOAD", preload + "libumockdev-preload.so.0", true);
|
||||
+ Environment.set_variable ("LD_PRELOAD", preload + Config.LIBDIR + "/libumockdev-preload.so.0", true);
|
||||
|
||||
var testbed = new UMockdev.Testbed ();
|
||||
|
||||
diff --git a/src/umockdev-wrapper b/src/umockdev-wrapper
|
||||
index 6ce4dcd..706c49a 100755
|
||||
--- a/src/umockdev-wrapper
|
||||
+++ b/src/umockdev-wrapper
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/bin/sh
|
||||
# Wrapper program to preload the libumockdev library, so that test programs can
|
||||
# set $UMOCKDEV_DIR for redirecting sysfs and other queries to a test bed.
|
||||
-exec env LD_PRELOAD=libumockdev-preload.so.0:$LD_PRELOAD "$@"
|
||||
+exec env LD_PRELOAD=@LIBDIR@/libumockdev-preload.so.0:$LD_PRELOAD "$@"
|
||||
|
65
pkgs/development/python-modules/aiolimiter/default.nix
Normal file
65
pkgs/development/python-modules/aiolimiter/default.nix
Normal file
|
@ -0,0 +1,65 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, poetry-core
|
||||
, importlib-metadata
|
||||
, pytest-asyncio
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, toml
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "aiolimiter";
|
||||
version = "1.0.0";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mjpieters";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-4wByVZoOLhrXFx9oK19GBmRcjGoJolQ3Gwx9vQV/n8s=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = lib.optionals (pythonOlder "3.8") [
|
||||
importlib-metadata
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytest-asyncio
|
||||
pytestCheckHook
|
||||
toml
|
||||
];
|
||||
|
||||
patches = [
|
||||
# Switch to poetry-core, https://github.com/mjpieters/aiolimiter/pull/77
|
||||
(fetchpatch {
|
||||
name = "switch-to-peotry-core.patch";
|
||||
url = "https://github.com/mjpieters/aiolimiter/commit/84a85eff42621b0daff8fcf6bb485db313faae0b.patch";
|
||||
sha256 = "sha256-xUfJwLvMF2Xt/V1bKBFn/fjn1uyw7bGNo9RpWxtyr50=";
|
||||
})
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace tox.ini \
|
||||
--replace " --cov=aiolimiter --cov-config=tox.ini --cov-report term-missing" ""
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [
|
||||
"aiolimiter"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Implementation of a rate limiter for asyncio";
|
||||
homepage = "https://github.com/mjpieters/aiolimiter";
|
||||
license = with licenses; [ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
|
@ -1,16 +1,20 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, pythonOlder
|
||||
, fetchPypi
|
||||
, msrest
|
||||
, msrestazure
|
||||
, azure-common
|
||||
, azure-mgmt-nspkg
|
||||
, azure-mgmt-core
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "azure-mgmt-msi";
|
||||
version = "6.0.0";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
extension = "zip";
|
||||
|
@ -19,9 +23,8 @@ buildPythonPackage rec {
|
|||
|
||||
propagatedBuildInputs = [
|
||||
msrest
|
||||
msrestazure
|
||||
azure-common
|
||||
azure-mgmt-nspkg
|
||||
azure-mgmt-core
|
||||
];
|
||||
|
||||
pythonNamespaces = [ "azure.mgmt" ];
|
||||
|
@ -29,9 +32,11 @@ buildPythonPackage rec {
|
|||
# has no tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [ "azure.mgmt.msi" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "This is the Microsoft Azure MSI Management Client Library";
|
||||
homepage = "https://github.com/Azure/azure-sdk-for-python";
|
||||
homepage = "https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/resources/azure-mgmt-msi";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ maxwilson ];
|
||||
};
|
||||
|
|
|
@ -8,14 +8,14 @@
|
|||
|
||||
|
||||
buildPythonPackage rec {
|
||||
version = "21.0.0";
|
||||
version = "21.1.0";
|
||||
pname = "azure-mgmt-resource";
|
||||
disabled = !isPy3k;
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
extension = "zip";
|
||||
sha256 = "sha256-y9J/UhxwtA/YO/Y88XsStbwD5ecNwrbnpxtevYuQDQM=";
|
||||
sha256 = "sha256-UpZa3jHNBZ/qKxUT1l/mFgRuQz3g5YPc9cnJvr8+vWk=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
, tzdata
|
||||
, hypothesis
|
||||
, pytestCheckHook
|
||||
, fetchpatch
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
|
@ -22,7 +23,25 @@ buildPythonPackage rec {
|
|||
sha256 = "sha256-00xdDOVdDanfsjQTd3yjMN2RFGel4cWRrAA3CvSnl24=";
|
||||
};
|
||||
|
||||
# Make sure test data update patch applies
|
||||
prePatch = ''
|
||||
substituteInPlace tests/data/zoneinfo_data.json --replace \"2020a\" \"2021a\"
|
||||
'';
|
||||
|
||||
patches = [
|
||||
# Update test suite's test data to zoneinfo 2022a
|
||||
# https://github.com/pganssle/zoneinfo/pull/115
|
||||
(fetchpatch {
|
||||
name = "backports-zoneinfo-2022a-update-test-data1.patch";
|
||||
url = "https://github.com/pganssle/zoneinfo/pull/115/commits/837e2a0f9f1a1332e4233f83e3648fa564a9ec9e.patch";
|
||||
sha256 = "196knwa212mr0b7zsh8papzr3f5mii87gcjjjx1r9zzvmk3g3ri0";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "backports-zoneinfo-2022a-update-test-data2.patch";
|
||||
url = "https://github.com/pganssle/zoneinfo/pull/115/commits/9fd330265b177916d6182249439bb40d5691eb58.patch";
|
||||
sha256 = "1zxa5bkwi8hbnh4c0qv72wv6vdp5jlxqizfjsc05ymzvwa99cf75";
|
||||
})
|
||||
|
||||
(substituteAll {
|
||||
name = "zoneinfo-path";
|
||||
src = ./zoneinfo.patch;
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "databricks-connect";
|
||||
version = "9.1.14";
|
||||
version = "9.1.15";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-l+mTqiQPuPJfGbEVSILpCTlxAka0GeCgIXjMG4Vs82o=";
|
||||
sha256 = "sha256-qXS/hgF2qKUtTfo9UZ5KBa9N0PHJqKA8SC/vgE46LmA=";
|
||||
};
|
||||
|
||||
sourceRoot = ".";
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "globus-sdk";
|
||||
version = "3.7.0";
|
||||
version = "3.8.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
|
@ -22,7 +22,7 @@ buildPythonPackage rec {
|
|||
owner = "globus";
|
||||
repo = "globus-sdk-python";
|
||||
rev = "refs/tags/${version}";
|
||||
hash = "sha256-Us3SCkrBPL3v9YCOQ7ceF3neCUZkJTrchYsvCRSX84Y=";
|
||||
hash = "sha256-JaAiAAf0zIJDXXl3zb4UE9XpmjZ8KQiEcZJm1ps+efA=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -14,14 +14,14 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "impacket";
|
||||
version = "0.9.24";
|
||||
version = "0.10.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-GNVX04f0kU+vpzmBO5FyvD+L2cA26Tv1iajg67cwS7o=";
|
||||
hash = "sha256-uOsCCiy7RxRmac/jHGS7Ln1kmdBJxJPWQYuXFvXHRYM=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
37
pkgs/development/python-modules/meater-python/default.nix
Normal file
37
pkgs/development/python-modules/meater-python/default.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{ lib
|
||||
, aiohttp
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "meater-python";
|
||||
version = "0.0.8";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-86XJmKOc2MCyU9v0UAZsPCUL/kAXywOlQOIHaykNF1o=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
aiohttp
|
||||
];
|
||||
|
||||
# Module has no tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"meater"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Library for the Apption Labs Meater cooking probe";
|
||||
homepage = "https://github.com/Sotolotl/meater-python";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
58
pkgs/development/python-modules/pyrainbird/default.nix
Normal file
58
pkgs/development/python-modules/pyrainbird/default.nix
Normal file
|
@ -0,0 +1,58 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, parameterized
|
||||
, pycryptodome
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, pyyaml
|
||||
, requests
|
||||
, responses
|
||||
, setuptools
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pyrainbird";
|
||||
version = "0.4.3";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jbarrancos";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-uRHknWvoPKPu3B5MbSEUlWqBKwAbNMwsgXuf6PZxhkU=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pycryptodome
|
||||
pyyaml
|
||||
requests
|
||||
setuptools
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
parameterized
|
||||
responses
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace requirements.txt \
|
||||
--replace "datetime" ""
|
||||
substituteInPlace pytest.ini \
|
||||
--replace "--cov=pyrainbird --cov-report=term-missing --pep8 --flakes --mccabe" ""
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [
|
||||
"pyrainbird"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Module to interact with Rainbird controllers";
|
||||
homepage = "https://github.com/jbarrancos/pyrainbird/";
|
||||
license = with licenses; [ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
61
pkgs/development/python-modules/raincloudy/default.nix
Normal file
61
pkgs/development/python-modules/raincloudy/default.nix
Normal file
|
@ -0,0 +1,61 @@
|
|||
{ lib
|
||||
, beautifulsoup4
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, html5lib
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, requests
|
||||
, requests-mock
|
||||
, urllib3
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "raincloudy";
|
||||
version = "1.1.1";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "vanstinator";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-c6tux0DZY56a4BpuiMXtaqm8+JKNDiyMxrFUju3cp2Y=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
requests
|
||||
beautifulsoup4
|
||||
urllib3
|
||||
html5lib
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
requests-mock
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# https://github.com/vanstinator/raincloudy/pull/60
|
||||
substituteInPlace setup.py \
|
||||
--replace "bs4" "beautifulsoup4" \
|
||||
--replace "html5lib==1.0.1" "html5lib"
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [
|
||||
"raincloudy"
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# Test requires network access
|
||||
"test_attributes"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Module to interact with Melnor RainCloud Smart Garden Watering Irrigation Timer";
|
||||
homepage = "https://github.com/vanstinator/raincloudy";
|
||||
license = with licenses; [ asl20 ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
|
@ -14,16 +14,21 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "sqlite-utils";
|
||||
version = "3.26";
|
||||
version = "3.26.1";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-G2Fy9PEYtq0dIWhsgV4HZa5y+wLxcI3CYSgDL6ijkdo=";
|
||||
hash = "sha256-GK/036zijOSi9IWZSFifXrexY8dyo6cfwWyaF06x82c=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "click-default-group-wheel" "click-default-group"
|
||||
'';
|
||||
|
||||
propagatedBuildInputs = [
|
||||
click
|
||||
click-default-group
|
||||
|
@ -45,6 +50,6 @@ buildPythonPackage rec {
|
|||
description = "Python CLI utility and library for manipulating SQLite databases";
|
||||
homepage = "https://github.com/simonw/sqlite-utils";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ meatcar ];
|
||||
maintainers = with maintainers; [ meatcar techknowlogick ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,23 +2,31 @@
|
|||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "flip-link";
|
||||
version = "0.1.4";
|
||||
version = "0.1.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "knurling-rs";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-LE0cWS6sOb9/VvGloezNnePHGldnpfNTdCFUv3F/nwE=";
|
||||
sha256 = "sha256-Sf2HlAfPlg8Er2g17AnRmUkvRhTw5AVPuL2B92hFvpA=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-8WBMF5stMB4JXvYwa5yHVFV+3utDuMFJNTZ4fZFDftw=";
|
||||
cargoSha256 = "sha256-2VgsO2hUIvSPNQhR13+bGTxXa6xZXcK0amfiWv2EIxk=";
|
||||
|
||||
buildInputs = lib.optional stdenv.isDarwin libiconv;
|
||||
|
||||
checkFlags = [
|
||||
# requires embedded toolchains
|
||||
"--skip should_link_example_firmware::case_1_normal"
|
||||
"--skip should_link_example_firmware::case_2_custom_linkerscript"
|
||||
"--skip should_verify_memory_layout"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Adds zero-cost stack overflow protection to your embedded programs";
|
||||
homepage = "https://github.com/knurling-rs/flip-link";
|
||||
license = with licenses; [ asl20 mit ];
|
||||
maintainers = [ maintainers.FlorianFranzen ];
|
||||
changelog = "https://github.com/knurling-rs/flip-link/blob/v${version}/CHANGELOG.md";
|
||||
license = with licenses; [ asl20 /* or */ mit ];
|
||||
maintainers = with maintainers; [ FlorianFranzen newam ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,19 +2,23 @@
|
|||
|
||||
buildGoModule rec {
|
||||
pname = "protoc-gen-twirp_php";
|
||||
version = "0.8.0";
|
||||
version = "0.8.1";
|
||||
|
||||
# fetchFromGitHub currently not possible, because go.mod and go.sum are export-ignored
|
||||
src = fetchgit {
|
||||
url = "https://github.com/twirphp/twirp.git";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-TaHfyYoWsA/g5xZFxIMNwE1w6Dd9Cq5bp1gpQudYLs0=";
|
||||
sha256 = "sha256-5PACgKqc8rWqaA6Syj5NyxHm3827yd67tm0mwVSMnWQ=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-qQFlBviRISEnPBt0q5391RqUrPTI/QDxg3MNfwWE8MI=";
|
||||
|
||||
subPackages = [ "protoc-gen-twirp_php" ];
|
||||
|
||||
ldflags = [
|
||||
"-X main.version=${version}"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "PHP port of Twitch's Twirp RPC framework";
|
||||
homepage = "https://github.com/twirphp/twirp";
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
, libxml2
|
||||
, libxslt
|
||||
, docbook_xml_dtd_45
|
||||
, docbook_xsl
|
||||
, docbook-xsl-nons
|
||||
, glib
|
||||
, systemd
|
||||
, polkit
|
||||
|
@ -21,39 +21,33 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bolt";
|
||||
version = "0.9.1";
|
||||
version = "0.9.2";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.freedesktop.org";
|
||||
owner = "bolt";
|
||||
repo = "bolt";
|
||||
rev = version;
|
||||
sha256 = "1phgp8fs0dlj74kbkqlvfniwc32daz47b3pvsxlfxqzyrp77xrfm";
|
||||
sha256 = "eXjj7oD5HOW/AG2uxDa0tSleKmbouFd2fwlL2HHFiMA=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# meson install tries to create /var/lib/boltd
|
||||
./0001-skip-mkdir.patch
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/104429
|
||||
# Test does not work on ZFS with atime disabled.
|
||||
# Upstream issue: https://gitlab.freedesktop.org/bolt/bolt/-/issues/167
|
||||
(fetchpatch {
|
||||
name = "disable-atime-tests.diff";
|
||||
url = "https://gitlab.freedesktop.org/roberth/bolt/-/commit/1f672a7de2ebc4dd51590bb90f3b873a8ac0f4e6.diff";
|
||||
sha256 = "134f5s6kjqs6612pwq5pm1miy58crn1kxbyyqhzjnzmf9m57fnc8";
|
||||
})
|
||||
|
||||
# Fix tests with newer umockdev
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.freedesktop.org/bolt/bolt/-/commit/130e09d1c7ff02c09e4ad1c9c36e9940b68e58d8.patch";
|
||||
sha256 = "HycuM7z4VvtBuZZLU68tBxGT1YjaqJRS4sKyoTGHZEk=";
|
||||
url = "https://gitlab.freedesktop.org/bolt/bolt/-/commit/c2f1d5c40ad71b20507e02faa11037b395fac2f8.diff";
|
||||
revert = true;
|
||||
sha256 = "6w7ll65W/CydrWAVi/qgzhrQeDv1PWWShulLxoglF+I=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
asciidoc
|
||||
docbook_xml_dtd_45
|
||||
docbook_xsl
|
||||
docbook-xsl-nons
|
||||
libxml2
|
||||
libxslt
|
||||
meson
|
||||
|
|
|
@ -12,12 +12,12 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "iwd";
|
||||
version = "1.26";
|
||||
version = "1.27";
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git";
|
||||
rev = version;
|
||||
sha256 = "sha256-+BciYfb9++u9Ux4AdvPFFIFVq8j+TVoTLKqxzmn5p3o=";
|
||||
sha256 = "sha256-gN9+9Cc6zjZBXDhcHBH5wyucO5/vL7bKSLWM5laFqaA=";
|
||||
};
|
||||
|
||||
outputs = [ "out" "man" "doc" ]
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
, libgudev
|
||||
, glib
|
||||
, polkit
|
||||
, dbus
|
||||
, gobject-introspection
|
||||
, gettext
|
||||
, gtk-doc
|
||||
|
@ -29,34 +30,21 @@ let
|
|||
dbus-python
|
||||
python-dbusmock
|
||||
];
|
||||
testTypelibPath = lib.makeSearchPathOutput "lib" "lib/girepository-1.0" [ umockdev ];
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "power-profiles-daemon";
|
||||
version = "0.10.1";
|
||||
version = "0.11.1";
|
||||
|
||||
outputs = [ "out" "devdoc" "installedTests" ];
|
||||
outputs = [ "out" "devdoc" ];
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.freedesktop.org";
|
||||
owner = "hadess";
|
||||
repo = "power-profiles-daemon";
|
||||
rev = version;
|
||||
sha256 = "sha256-sQWiCHc0kEELdmPq9Qdk7OKDUgbM5R44639feC7gjJc=";
|
||||
sha256 = "sha256-qU9A9U2R3UioC7bo8Pc0IIsHIjghb6gsG4pTAg6tp9E=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Enable installed tests.
|
||||
# https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/merge_requests/92
|
||||
(fetchpatch {
|
||||
url = "https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/3c64d9e1732eb6425e33013c452f1c4aa7a26f7e.patch";
|
||||
sha256 = "din5VuZZwARNDInHtl44yJK8pLmlxr5eoD4iMT4a8HA=";
|
||||
})
|
||||
|
||||
# Install installed tests to separate output.
|
||||
./installed-tests-path.patch
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkg-config
|
||||
meson
|
||||
|
@ -70,9 +58,6 @@ stdenv.mkDerivation rec {
|
|||
gobject-introspection
|
||||
wrapGAppsNoGuiHook
|
||||
python3.pkgs.wrapPython
|
||||
|
||||
# For finding tests.
|
||||
(python3.withPackages testPythonPkgs)
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
|
@ -91,31 +76,28 @@ stdenv.mkDerivation rec {
|
|||
python3.pkgs.pygobject3
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
umockdev
|
||||
dbus
|
||||
(python3.withPackages testPythonPkgs)
|
||||
];
|
||||
|
||||
mesonFlags = [
|
||||
"-Dinstalled_test_prefix=${placeholder "installedTests"}"
|
||||
"-Dsystemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
|
||||
"-Dgtk_doc=true"
|
||||
];
|
||||
|
||||
doCheck = true;
|
||||
|
||||
PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
|
||||
|
||||
# Avoid double wrapping
|
||||
dontWrapGApps = true;
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs tests/unittest_inspector.py
|
||||
'';
|
||||
|
||||
preConfigure = ''
|
||||
# For finding tests.
|
||||
GI_TYPELIB_PATH_original=$GI_TYPELIB_PATH
|
||||
addToSearchPath GI_TYPELIB_PATH "${testTypelibPath}"
|
||||
'';
|
||||
|
||||
postConfigure = ''
|
||||
# Restore the original value to prevent the program from depending on umockdev.
|
||||
export GI_TYPELIB_PATH=$GI_TYPELIB_PATH_original
|
||||
unset GI_TYPELIB_PATH_original
|
||||
patchShebangs --build \
|
||||
tests/integration-test.py \
|
||||
tests/unittest_inspector.py
|
||||
'';
|
||||
|
||||
preInstall = ''
|
||||
|
@ -128,33 +110,22 @@ stdenv.mkDerivation rec {
|
|||
export PKEXEC_UID=-1
|
||||
'';
|
||||
|
||||
postCheck = ''
|
||||
# Do not contaminate the wrapper with test dependencies.
|
||||
unset GI_TYPELIB_PATH
|
||||
unset XDG_DATA_DIRS
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
# Avoid double wrapping
|
||||
makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
|
||||
# Make Python libraries available
|
||||
wrapPythonProgramsIn "$out/bin" "$pythonPath"
|
||||
|
||||
# Make Python libraries available for installed tests
|
||||
makeWrapperArgs+=(
|
||||
--prefix GI_TYPELIB_PATH : "${testTypelibPath}"
|
||||
--prefix PATH : "${lib.makeBinPath [ umockdev ]}"
|
||||
# Vala does not use absolute paths in typelibs
|
||||
# https://github.com/NixOS/nixpkgs/issues/47226
|
||||
# Also umockdev binaries use relative paths for LD_PRELOAD.
|
||||
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ umockdev ]}"
|
||||
# dbusmock calls its templates using exec so our regular patching of Python scripts
|
||||
# to add package directories to site will not carry over.
|
||||
# https://github.com/martinpitt/python-dbusmock/blob/2254e69279a02fb3027b500ed7288b77c7a80f2a/dbusmock/mockobject.py#L51
|
||||
# https://github.com/martinpitt/python-dbusmock/blob/2254e69279a02fb3027b500ed7288b77c7a80f2a/dbusmock/__main__.py#L60-L62
|
||||
--prefix PYTHONPATH : "${lib.makeSearchPath python3.sitePackages (testPythonPkgs python3.pkgs)}"
|
||||
)
|
||||
wrapPythonProgramsIn "$installedTests/libexec/installed-tests" "$pythonPath ${lib.concatStringsSep " " (testPythonPkgs python3.pkgs)}"
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
tests = {
|
||||
nixos = nixosTests.power-profiles-daemon;
|
||||
installed-tests = nixosTests.installed-tests.power-profiles-daemon;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,37 +0,0 @@
|
|||
diff --git a/meson_options.txt b/meson_options.txt
|
||||
index 7e89619..76497db 100644
|
||||
--- a/meson_options.txt
|
||||
+++ b/meson_options.txt
|
||||
@@ -1,3 +1,4 @@
|
||||
+option('installed_test_prefix', type: 'string', description: 'Prefix for installed tests')
|
||||
option('systemdsystemunitdir',
|
||||
description: 'systemd unit directory',
|
||||
type: 'string',
|
||||
diff --git a/tests/meson.build b/tests/meson.build
|
||||
index b306a7f..7670e1b 100644
|
||||
--- a/tests/meson.build
|
||||
+++ b/tests/meson.build
|
||||
@@ -2,8 +2,8 @@ envs = environment()
|
||||
envs.set ('top_builddir', meson.build_root())
|
||||
envs.set ('top_srcdir', meson.source_root())
|
||||
|
||||
-installed_test_bindir = libexecdir / 'installed-tests' / meson.project_name()
|
||||
-installed_test_datadir = datadir / 'installed-tests' / meson.project_name()
|
||||
+installed_test_bindir = get_option('installed_test_prefix') / 'libexec' / 'installed-tests' / meson.project_name()
|
||||
+installed_test_datadir = get_option('installed_test_prefix') / 'share' / 'installed-tests' / meson.project_name()
|
||||
|
||||
python3 = find_program('python3')
|
||||
unittest_inspector = find_program('unittest_inspector.py')
|
||||
diff --git a/tests/integration-test.py b/tests/integration-test.py
|
||||
index 22dc42c..0f92b76 100755
|
||||
--- a/tests/integration-test.py
|
||||
+++ b/tests/integration-test.py
|
||||
@@ -67,7 +67,7 @@ class Tests(dbusmock.DBusTestCase):
|
||||
print('Testing binaries from JHBuild (%s)' % cls.daemon_path)
|
||||
else:
|
||||
cls.daemon_path = None
|
||||
- with open('/usr/lib/systemd/system/power-profiles-daemon.service') as f:
|
||||
+ with open('/run/current-system/sw/lib/systemd/system/power-profiles-daemon.service') as f:
|
||||
for line in f:
|
||||
if line.startswith('ExecStart='):
|
||||
cls.daemon_path = line.split('=', 1)[1].strip()
|
|
@ -1516,7 +1516,8 @@
|
|||
pymazda
|
||||
];
|
||||
"meater" = ps: with ps; [
|
||||
]; # missing inputs: meater-python
|
||||
meater-python
|
||||
];
|
||||
"media_extractor" = ps: with ps; [
|
||||
aiohttp-cors
|
||||
youtube-dl-light
|
||||
|
@ -2121,9 +2122,11 @@
|
|||
radiotherm
|
||||
];
|
||||
"rainbird" = ps: with ps; [
|
||||
]; # missing inputs: pyrainbird
|
||||
pyrainbird
|
||||
];
|
||||
"raincloud" = ps: with ps; [
|
||||
]; # missing inputs: raincloudy
|
||||
raincloudy
|
||||
];
|
||||
"rainforest_eagle" = ps: with ps; [
|
||||
aioeagle
|
||||
ueagle
|
||||
|
@ -3451,6 +3454,7 @@
|
|||
"manual_mqtt"
|
||||
"maxcube"
|
||||
"mazda"
|
||||
"meater"
|
||||
"media_player"
|
||||
"media_source"
|
||||
"melcloud"
|
||||
|
|
89
pkgs/servers/kanidm/default.nix
Normal file
89
pkgs/servers/kanidm/default.nix
Normal file
|
@ -0,0 +1,89 @@
|
|||
{ stdenv
|
||||
, lib
|
||||
, formats
|
||||
, nixosTests
|
||||
, rustPlatform
|
||||
, fetchFromGitHub
|
||||
, installShellFiles
|
||||
, pkg-config
|
||||
, udev
|
||||
, openssl
|
||||
, sqlite
|
||||
, pam
|
||||
}:
|
||||
|
||||
let
|
||||
arch = if stdenv.isx86_64 then "x86_64" else "generic";
|
||||
in
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "kanidm";
|
||||
version = "1.1.0-alpha.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = pname;
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-zMtbE6Y9wXFPBqhmiTMJ3m6bLVZl+c6lRY39DWDlJNo=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256:1l7xqp457zfd9gfjp6f4lzgadfp6112jbip4irazw4084qwj0z6x";
|
||||
|
||||
KANIDM_BUILD_PROFILE = "release_nixos_${arch}";
|
||||
|
||||
postPatch =
|
||||
let
|
||||
format = (formats.toml { }).generate "${KANIDM_BUILD_PROFILE}.toml";
|
||||
profile = {
|
||||
web_ui_pkg_path = "@web_ui_pkg_path@";
|
||||
cpu_flags = if stdenv.isx86_64 then "x86_64_v1" else "none";
|
||||
};
|
||||
in
|
||||
''
|
||||
cp ${format profile} profiles/${KANIDM_BUILD_PROFILE}.toml
|
||||
substituteInPlace profiles/${KANIDM_BUILD_PROFILE}.toml \
|
||||
--replace '@web_ui_pkg_path@' "$out/ui"
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkg-config
|
||||
installShellFiles
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
udev
|
||||
openssl
|
||||
sqlite
|
||||
pam
|
||||
];
|
||||
|
||||
# Failing tests, probably due to network issues
|
||||
checkFlags = [
|
||||
"--skip default_entries"
|
||||
"--skip oauth2_openid_basic_flow"
|
||||
"--skip test_server"
|
||||
"--skip test_cache"
|
||||
];
|
||||
|
||||
preFixup = ''
|
||||
installShellCompletion --bash $releaseDir/build/completions/*.bash
|
||||
installShellCompletion --zsh $releaseDir/build/completions/_*
|
||||
|
||||
# PAM and NSS need fix library names
|
||||
mv $out/lib/libnss_kanidm.so $out/lib/libnss_kanidm.so.2
|
||||
mv $out/lib/libpam_kanidm.so $out/lib/pam_kanidm.so
|
||||
|
||||
# We don't compile the wasm-part form source, as there isn't a rustc for
|
||||
# wasm32-unknown-unknown in nixpkgs yet.
|
||||
cp -r kanidmd_web_ui/pkg $out/ui
|
||||
'';
|
||||
|
||||
passthru.tests = { inherit (nixosTests) kanidm; };
|
||||
|
||||
meta = with lib; {
|
||||
description = "A simple, secure and fast identity management platform";
|
||||
homepage = "https://github.com/kanidm/kanidm";
|
||||
license = licenses.mpl20;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ erictapen Flakebi ];
|
||||
};
|
||||
}
|
|
@ -226,8 +226,19 @@ let
|
|||
azure-mgmt-media = overrideAzureMgmtPackage super.azure-mgmt-media "7.0.0" "zip"
|
||||
"sha256-tF6CpZTtkc1ap6XNXQHwOLesPPEiM+e6K+qqNHeQDo4=";
|
||||
|
||||
azure-mgmt-msi = overrideAzureMgmtPackage super.azure-mgmt-msi "0.2.0" "zip"
|
||||
"0rvik03njz940x2hvqg6iiq8k0d88gyygsr86w8s0sa12sdbq8l6";
|
||||
azure-mgmt-msi = super.azure-mgmt-msi.overridePythonAttrs (old: rec {
|
||||
version = "0.2.0";
|
||||
src = old.src.override {
|
||||
inherit version;
|
||||
sha256 = "0rvik03njz940x2hvqg6iiq8k0d88gyygsr86w8s0sa12sdbq8l6";
|
||||
};
|
||||
propagatedBuildInputs = with self; [
|
||||
msrest
|
||||
msrestazure
|
||||
azure-common
|
||||
azure-mgmt-nspkg
|
||||
];
|
||||
});
|
||||
|
||||
azure-mgmt-privatedns = overrideAzureMgmtPackage super.azure-mgmt-privatedns "1.0.0" "zip"
|
||||
"b60f16e43f7b291582c5f57bae1b083096d8303e9d9958e2c29227a55cc27c45";
|
||||
|
|
|
@ -34,9 +34,9 @@
|
|||
# https://discourse.nixos.org/t/avoid-rec-expresions-in-nixpkgs/8293/7
|
||||
# The names are prefixed with input_remapper to avoid potential
|
||||
# collisions with package names
|
||||
, input_remapper_version ? "unstable-2022-02-09"
|
||||
, input_remapper_src_rev ? "55227e0b5a28d21d7333c6c8ea1c691e56fd35c4"
|
||||
, input_remapper_src_hash ? "sha256-kzGlEaYN/JfAgbI0aMLr5mwObYOL43X7QU/ihDEBQFg="
|
||||
, input_remapper_version ? "1.4.2"
|
||||
, input_remapper_src_rev ? "af20f87a1298153e765b840a2164ba63b9ef937a"
|
||||
, input_remapper_src_hash ? "sha256-eG4Fx1z74Bq1HrfmzOuULQLziGdWnHLax8y2dymjWsI="
|
||||
}:
|
||||
|
||||
let
|
||||
|
|
|
@ -1,4 +1,11 @@
|
|||
{ stdenv, fetchFromGitHub, lib, bspwm, makeWrapper, git, bc }:
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, makeWrapper
|
||||
, git
|
||||
, bc
|
||||
, bspwm
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bsp-layout";
|
||||
|
@ -17,14 +24,22 @@ stdenv.mkDerivation rec {
|
|||
makeFlags = [ "PREFIX=$(out)" ];
|
||||
|
||||
postInstall = ''
|
||||
substituteInPlace $out/bin/bsp-layout --replace 'bc ' '${bc}/bin/bc '
|
||||
substituteInPlace $out/lib/bsp-layout/layout.sh --replace 'bc ' '${bc}/bin/bc '
|
||||
for layout in tall rtall wide rwide
|
||||
do
|
||||
substituteInPlace "$out/lib/bsp-layout/layouts/$layout.sh" --replace 'bc ' '${bc}/bin/bc '
|
||||
done
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Manage layouts in bspwm";
|
||||
longDescription = ''
|
||||
bsp-layout is a dynamic layout manager for bspwm, written in bash.
|
||||
It provides layout options to fit most workflows.
|
||||
'';
|
||||
homepage = "https://github.com/phenax/bsp-layout";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ devins2518 ];
|
||||
maintainers = with maintainers; [ devins2518 totoroot ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,14 +1,17 @@
|
|||
{ lib, stdenv, pkgs }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
version = "0.4.0";
|
||||
let
|
||||
pname = "ecdsautils";
|
||||
version = "0.4.1";
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit pname version;
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "freifunk-gluon";
|
||||
repo = "ecdsautils";
|
||||
rev = "07538893fb6c2a9539678c45f9dbbf1e4f222b46";
|
||||
sha256 = "18sr8x3qiw8s9l5pfi7r9i3ayplz4jqdml75ga9y933vj7vs0k4d";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-dv0guQTmot5UO1GkMgzvD6uJFyum5kV89LI3xWS1DZA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = with pkgs; [ cmake pkg-config doxygen ];
|
||||
|
@ -16,7 +19,7 @@ stdenv.mkDerivation {
|
|||
|
||||
meta = with lib; {
|
||||
description = "Tiny collection of programs used for ECDSA (keygen, sign, verify)";
|
||||
homepage = "https://github.com/tcatm/ecdsautils/";
|
||||
homepage = "https://github.com/freifunk-gluon/ecdsautils/";
|
||||
license = with licenses; [ mit bsd2 ];
|
||||
maintainers = with maintainers; [ ];
|
||||
platforms = platforms.unix;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, buildGoPackage, fetchFromGitHub }:
|
||||
{ lib, buildGoPackage, fetchFromGitHub, installShellFiles }:
|
||||
|
||||
buildGoPackage rec {
|
||||
pname = "sift";
|
||||
|
@ -7,6 +7,8 @@ buildGoPackage rec {
|
|||
|
||||
goPackagePath = "github.com/svent/sift";
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
src = fetchFromGitHub {
|
||||
inherit rev;
|
||||
owner = "svent";
|
||||
|
@ -14,12 +16,16 @@ buildGoPackage rec {
|
|||
sha256 = "0bgy0jf84z1c3msvb60ffj4axayfchdkf0xjnsbx9kad1v10g7i1";
|
||||
};
|
||||
|
||||
postInstall = ''
|
||||
installShellCompletion --cmd sift --bash go/src/github.com/svent/sift/sift-completion.bash
|
||||
'';
|
||||
|
||||
goDeps = ./deps.nix;
|
||||
|
||||
meta = with lib; {
|
||||
description = "A fast and powerful alternative to grep";
|
||||
homepage = "https://sift-tool.org";
|
||||
maintainers = [ maintainers.carlsverre ];
|
||||
maintainers = with maintainers; [ carlsverre viraptor ];
|
||||
license = licenses.gpl3;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -21850,6 +21850,8 @@ with pkgs;
|
|||
|
||||
jitsi-videobridge = callPackage ../servers/jitsi-videobridge { };
|
||||
|
||||
kanidm = callPackage ../servers/kanidm { };
|
||||
|
||||
kapowbang = callPackage ../servers/kapowbang { };
|
||||
|
||||
keycloak = callPackage ../servers/keycloak { };
|
||||
|
@ -28378,8 +28380,7 @@ with pkgs;
|
|||
ostinato = libsForQt5.callPackage ../applications/networking/ostinato { };
|
||||
|
||||
p4 = callPackage ../applications/version-management/p4 { };
|
||||
# Broken with Qt5.15 because qtwebkit is broken with it
|
||||
p4v = libsForQt514.callPackage ../applications/version-management/p4v { };
|
||||
p4v = libsForQt515.callPackage ../applications/version-management/p4v { };
|
||||
|
||||
partio = callPackage ../development/libraries/partio {};
|
||||
|
||||
|
|
|
@ -345,6 +345,8 @@ in {
|
|||
|
||||
aiolifx-effects = callPackage ../development/python-modules/aiolifx-effects { };
|
||||
|
||||
aiolimiter = callPackage ../development/python-modules/aiolimiter { };
|
||||
|
||||
aiolip = callPackage ../development/python-modules/aiolip { };
|
||||
|
||||
aiolyric = callPackage ../development/python-modules/aiolyric { };
|
||||
|
@ -5168,6 +5170,8 @@ in {
|
|||
|
||||
measurement = callPackage ../development/python-modules/measurement { };
|
||||
|
||||
meater-python = callPackage ../development/python-modules/meater-python { };
|
||||
|
||||
mecab-python3 = callPackage ../development/python-modules/mecab-python3 { };
|
||||
|
||||
mechanicalsoup = callPackage ../development/python-modules/mechanicalsoup { };
|
||||
|
@ -7700,6 +7704,8 @@ in {
|
|||
|
||||
py-radix = callPackage ../development/python-modules/py-radix { };
|
||||
|
||||
pyrainbird = callPackage ../development/python-modules/pyrainbird { };
|
||||
|
||||
pyramid_beaker = callPackage ../development/python-modules/pyramid_beaker { };
|
||||
|
||||
pyramid = callPackage ../development/python-modules/pyramid { };
|
||||
|
@ -8820,6 +8826,8 @@ in {
|
|||
|
||||
rainbowstream = callPackage ../development/python-modules/rainbowstream { };
|
||||
|
||||
raincloudy = callPackage ../development/python-modules/raincloudy { };
|
||||
|
||||
ramlfications = callPackage ../development/python-modules/ramlfications { };
|
||||
|
||||
random2 = callPackage ../development/python-modules/random2 { };
|
||||
|
|
Loading…
Reference in a new issue