From 41e97e2b78a0aec99e9c1af2dd1ff317ceab7885 Mon Sep 17 00:00:00 2001 From: Zane van Iperen Date: Sun, 26 Feb 2023 13:18:28 +0900 Subject: [PATCH 01/37] cyanrip: 0.8.1 -> 0.9.0 --- pkgs/applications/audio/cyanrip/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/cyanrip/default.nix b/pkgs/applications/audio/cyanrip/default.nix index 358c769ea07c..1828858b3cdb 100644 --- a/pkgs/applications/audio/cyanrip/default.nix +++ b/pkgs/applications/audio/cyanrip/default.nix @@ -12,13 +12,13 @@ }: stdenv.mkDerivation rec { pname = "cyanrip"; - version = "0.8.1"; + version = "0.9.0"; src = fetchFromGitHub { owner = "cyanreg"; repo = pname; rev = "v${version}"; - sha256 = "17bi2xhjv3f3i870whkyqckvjlg32wqkspash87zi0jw7m7jm229"; + sha256 = "sha256-gH/rWTRYX10Q2Y9oSaMu0bOy3SMbcSNmH3dkXHFAw90"; }; nativeBuildInputs = [ meson ninja pkg-config ]; From 8fd7b69da1b32bce2a60557154792f2fd72b0522 Mon Sep 17 00:00:00 2001 From: Vincenzo Mantova <1962985+xworld21@users.noreply.github.com> Date: Sun, 26 Mar 2023 15:49:49 +0100 Subject: [PATCH 02/37] copy-tarballs: use all the urls of each file If a file specifies multiple urls, try fetching all of them until nix-prefetch-url is successful. --- maintainers/scripts/copy-tarballs.pl | 109 +++++++++++++------------- maintainers/scripts/find-tarballs.nix | 8 +- 2 files changed, 60 insertions(+), 57 deletions(-) diff --git a/maintainers/scripts/copy-tarballs.pl b/maintainers/scripts/copy-tarballs.pl index c81b49bfb599..c2e9326d8f63 100755 --- a/maintainers/scripts/copy-tarballs.pl +++ b/maintainers/scripts/copy-tarballs.pl @@ -159,13 +159,18 @@ elsif (defined $expr) { # Check every fetchurl call discovered by find-tarballs.nix. my $mirrored = 0; my $have = 0; - foreach my $fetch (sort { $a->{url} cmp $b->{url} } @{$fetches}) { - my $url = $fetch->{url}; + foreach my $fetch (sort { $a->{urls}->[0] cmp $b->{urls}->[0] } @{$fetches}) { + my $urls = $fetch->{urls}; my $algo = $fetch->{type}; my $hash = $fetch->{hash}; my $name = $fetch->{name}; my $isPatch = $fetch->{isPatch}; + if ($isPatch) { + print STDERR "skipping $urls->[0] (support for patches is missing)\n"; + next; + } + if ($hash =~ /^([a-z0-9]+)-([A-Za-z0-9+\/=]+)$/) { $algo = $1; $hash = `nix hash to-base16 $hash` or die; @@ -180,62 +185,60 @@ elsif (defined $expr) { chomp $hash; } - if (defined $ENV{DEBUG}) { - print "$url $algo $hash\n"; - next; - } - - if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) { - print STDERR "skipping $url (unsupported scheme)\n"; - next; - } - - if ($isPatch) { - print STDERR "skipping $url (support for patches is missing)\n"; - next; - } - - next if defined $exclude && $url =~ /$exclude/; - - if (alreadyMirrored($algo, $hash)) { - $have++; - next; - } - my $storePath = makeFixedOutputPath(0, $algo, $hash, $name); - print STDERR "mirroring $url ($storePath, $algo, $hash)...\n"; + for my $url (@$urls) { + if (defined $ENV{DEBUG}) { + print "$url $algo $hash\n"; + next; + } - if ($dryRun) { + if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) { + print STDERR "skipping $url (unsupported scheme)\n"; + next; + } + + next if defined $exclude && $url =~ /$exclude/; + + if (alreadyMirrored($algo, $hash)) { + $have++; + last; + } + + print STDERR "mirroring $url ($storePath, $algo, $hash)...\n"; + + if ($dryRun) { + $mirrored++; + last; + } + + # Substitute the output. + if (!isValidPath($storePath)) { + system("nix-store", "-r", $storePath); + } + + # Otherwise download the file using nix-prefetch-url. + if (!isValidPath($storePath)) { + $ENV{QUIET} = 1; + $ENV{PRINT_PATH} = 1; + my $fh; + my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die; + waitpid($pid, 0) or die; + if ($? != 0) { + print STDERR "failed to fetch $url: $?\n"; + next; + } + <$fh>; my $storePath2 = <$fh>; chomp $storePath2; + if ($storePath ne $storePath2) { + warn "strange: $storePath != $storePath2\n"; + next; + } + } + + uploadFile($storePath, $url); $mirrored++; - next; + last; } - - # Substitute the output. - if (!isValidPath($storePath)) { - system("nix-store", "-r", $storePath); - } - - # Otherwise download the file using nix-prefetch-url. - if (!isValidPath($storePath)) { - $ENV{QUIET} = 1; - $ENV{PRINT_PATH} = 1; - my $fh; - my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die; - waitpid($pid, 0) or die; - if ($? != 0) { - print STDERR "failed to fetch $url: $?\n"; - next; - } - <$fh>; my $storePath2 = <$fh>; chomp $storePath2; - if ($storePath ne $storePath2) { - warn "strange: $storePath != $storePath2\n"; - next; - } - } - - uploadFile($storePath, $url); - $mirrored++; } print STDERR "mirrored $mirrored files, already have $have files\n"; diff --git a/maintainers/scripts/find-tarballs.nix b/maintainers/scripts/find-tarballs.nix index 685a33d137ce..c47b5168abd9 100644 --- a/maintainers/scripts/find-tarballs.nix +++ b/maintainers/scripts/find-tarballs.nix @@ -9,12 +9,12 @@ let root = expr; - uniqueUrls = map (x: x.file) (genericClosure { - startSet = map (file: { key = file.url; inherit file; }) urls; + uniqueFiles = map (x: x.file) (genericClosure { + startSet = map (file: { key = with file; (if type == null then "" else type + "+") + hash; inherit file; }) files; operator = const [ ]; }); - urls = map (drv: { url = head (drv.urls or [ drv.url ]); hash = drv.outputHash; isPatch = (drv?postFetch && drv.postFetch != ""); type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies; + files = map (drv: { urls = drv.urls or [ drv.url ]; hash = drv.outputHash; isPatch = (drv?postFetch && drv.postFetch != ""); type = drv.outputHashAlgo; name = drv.name; }) fetchurlDependencies; fetchurlDependencies = filter @@ -47,4 +47,4 @@ let canEval = val: (builtins.tryEval val).success; -in uniqueUrls +in uniqueFiles From 16d594a0e2017bfa8b24051f4697d8debc240bfb Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:27:05 +0200 Subject: [PATCH 03/37] lib.types.pkgs: init A nominal type. --- lib/types.nix | 8 ++++++++ nixos/doc/manual/development/option-types.section.md | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index e0da18a2febb..373d0ce7876f 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -476,6 +476,14 @@ rec { check = x: isDerivation x && hasAttr "shellPath" x; }; + pkgs = addCheck + (unique { message = "A Nixpkgs pkgs set can not be merged with another pkgs set."; } attrs // { + name = "pkgs"; + descriptionClass = "noun"; + description = "Nixpkgs package set"; + }) + (x: (x._type or null) == "pkgs"); + path = mkOptionType { name = "path"; descriptionClass = "noun"; diff --git a/nixos/doc/manual/development/option-types.section.md b/nixos/doc/manual/development/option-types.section.md index 9e2ecb8e3562..9e156ebff9d3 100644 --- a/nixos/doc/manual/development/option-types.section.md +++ b/nixos/doc/manual/development/option-types.section.md @@ -99,6 +99,10 @@ merging is handled. problems. ::: +`types.pkgs` + +: A type for the top level Nixpkgs package set. + ### Numeric types {#sec-option-types-numeric} `types.int` From 6e594fedb353d8c75e0ee0527e2d821d30568c82 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:32:10 +0200 Subject: [PATCH 04/37] nixos/nixpkgs: Use types.pkgs --- nixos/modules/misc/nixpkgs.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix index 7f44c3f6f3f0..55ec08acf445 100644 --- a/nixos/modules/misc/nixpkgs.nix +++ b/nixos/modules/misc/nixpkgs.nix @@ -49,10 +49,10 @@ let merge = lib.mergeOneOption; }; - pkgsType = mkOptionType { - name = "nixpkgs"; + pkgsType = types.pkgs // { + # This type is only used by itself, so let's elaborate the description a bit + # for the purpose of documentation. description = "An evaluation of Nixpkgs; the top level attribute set of packages"; - check = builtins.isAttrs; }; # Whether `pkgs` was constructed by this module - not if nixpkgs.pkgs or From 693e2c32871dcea7fe2ef455ee77571d3a117499 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:33:47 +0200 Subject: [PATCH 05/37] nixos/eval-config: Remove statically known mkIf mkIf is unnecessary when the condition is statically known - that is knowable before entering the module evaluation. By changing this to a precomputed module, we support changing the defined options to readOnly options. --- nixos/lib/eval-config.nix | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix index 1e086271e523..058ab7280ccc 100644 --- a/nixos/lib/eval-config.nix +++ b/nixos/lib/eval-config.nix @@ -38,6 +38,8 @@ let pkgs_ = pkgs; in let + inherit (lib) optional; + evalModulesMinimal = (import ./default.nix { inherit lib; # Implicit use of feature is noted in implementation. @@ -47,15 +49,19 @@ let pkgsModule = rec { _file = ./eval-config.nix; key = _file; - config = { - # Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override - # this. Since the latter defaults to the former, the former should - # default to the argument. That way this new default could propagate all - # they way through, but has the last priority behind everything else. - nixpkgs.system = lib.mkIf (system != null) (lib.mkDefault system); - - _module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_); - }; + config = lib.mkMerge ( + (optional (system != null) { + # Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override + # this. Since the latter defaults to the former, the former should + # default to the argument. That way this new default could propagate all + # they way through, but has the last priority behind everything else. + nixpkgs.system = lib.mkDefault system; + }) + ++ + (optional (pkgs_ != null) { + _module.args.pkgs = lib.mkForce pkgs_; + }) + ); }; withWarnings = x: From e5db80ae487b59b4e9f950d68983ffb0575e26c6 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:37:28 +0200 Subject: [PATCH 06/37] nixosModules.pkgsReadOnly: init --- flake.nix | 13 +++++ nixos/modules/misc/nixpkgs/read-only.nix | 74 ++++++++++++++++++++++++ nixos/modules/misc/nixpkgs/test.nix | 59 +++++++++++++++++++ 3 files changed, 146 insertions(+) create mode 100644 nixos/modules/misc/nixpkgs/read-only.nix diff --git a/flake.nix b/flake.nix index f9442d8ea2d2..fa00bffcdf92 100644 --- a/flake.nix +++ b/flake.nix @@ -57,6 +57,19 @@ nixosModules = { notDetected = ./nixos/modules/installer/scan/not-detected.nix; + + /* + Make the `nixpkgs.*` configuration read-only. Guarantees that `pkgs` + is the way you initialize it. + + Example: + + { + imports = [ nixpkgs.nixosModules.readOnlyPkgs ]; + nixpkgs.pkgs = nixpkgs.legacyPackages.x86_64-linux; + } + */ + readOnlyPkgs = ./nixos/modules/misc/nixpkgs/read-only.nix; }; }; } diff --git a/nixos/modules/misc/nixpkgs/read-only.nix b/nixos/modules/misc/nixpkgs/read-only.nix new file mode 100644 index 000000000000..2a783216a9d5 --- /dev/null +++ b/nixos/modules/misc/nixpkgs/read-only.nix @@ -0,0 +1,74 @@ +# A replacement for the traditional nixpkgs module, such that none of the modules +# can add their own configuration. This ensures that the Nixpkgs configuration is +# exactly as the user intends. +# This may also be used as a performance optimization when evaluating multiple +# configurations at once, with a shared `pkgs`. + +# This is a separate module, because merging this logic into the nixpkgs module +# is too burdensome, considering that it is already burdened with legacy. +# Moving this logic into a module does not lose any composition benefits, because +# its purpose is not something that composes anyway. + +{ lib, config, ... }: + +let + cfg = config.nixpkgs; + inherit (lib) mkOption types; + +in +{ + disabledModules = [ + ../nixpkgs.nix + ]; + options = { + nixpkgs = { + pkgs = mkOption { + type = lib.types.pkgs; + description = lib.mdDoc ''The pkgs module argument.''; + }; + config = mkOption { + internal = true; + type = types.unique { message = "nixpkgs.config is set to read-only"; } types.anything; + description = lib.mdDoc '' + The Nixpkgs `config` that `pkgs` was initialized with. + ''; + }; + overlays = mkOption { + internal = true; + type = types.unique { message = "nixpkgs.overlays is set to read-only"; } types.anything; + description = lib.mdDoc '' + The Nixpkgs overlays that `pkgs` was initialized with. + ''; + }; + hostPlatform = mkOption { + internal = true; + readOnly = true; + description = lib.mdDoc '' + The platform of the machine that is running the NixOS configuration. + ''; + }; + buildPlatform = mkOption { + internal = true; + readOnly = true; + description = lib.mdDoc '' + The platform of the machine that built the NixOS configuration. + ''; + }; + # NOTE: do not add the legacy options such as localSystem here. Let's keep + # this module simple and let module authors upgrade their code instead. + }; + }; + config = { + _module.args.pkgs = + # find mistaken definitions + builtins.seq cfg.config + builtins.seq cfg.overlays + builtins.seq cfg.hostPlatform + builtins.seq cfg.buildPlatform + cfg.pkgs; + nixpkgs.config = cfg.pkgs.config; + nixpkgs.overlays = cfg.pkgs.overlays; + nixpkgs.hostPlatform = cfg.pkgs.stdenv.hostPlatform; + nixpkgs.buildPlatform = cfg.pkgs.stdenv.buildPlatform; + }; +} diff --git a/nixos/modules/misc/nixpkgs/test.nix b/nixos/modules/misc/nixpkgs/test.nix index a6d8877ae070..0536cfc9624a 100644 --- a/nixos/modules/misc/nixpkgs/test.nix +++ b/nixos/modules/misc/nixpkgs/test.nix @@ -1,3 +1,5 @@ +# [nixpkgs]$ nix-build -A nixosTests.nixpkgs --show-trace + { evalMinimalConfig, pkgs, lib, stdenv }: let eval = mod: evalMinimalConfig { @@ -27,6 +29,47 @@ let let uncheckedEval = lib.evalModules { modules = [ ../nixpkgs.nix module ]; }; in map (ass: ass.message) (lib.filter (ass: !ass.assertion) uncheckedEval.config.assertions); + + readOnlyUndefined = evalMinimalConfig { + imports = [ ./read-only.nix ]; + }; + + readOnlyBad = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = { }; + }; + + readOnly = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + }; + + readOnlyBadConfig = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + nixpkgs.config.allowUnfree = true; # do in pkgs instead! + }; + + readOnlyBadOverlays = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + nixpkgs.overlays = [ (_: _: {}) ]; # do in pkgs instead! + }; + + readOnlyBadHostPlatform = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + nixpkgs.hostPlatform = "foo-linux"; # do in pkgs instead! + }; + + readOnlyBadBuildPlatform = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + nixpkgs.buildPlatform = "foo-linux"; # do in pkgs instead! + }; + + throws = x: ! (builtins.tryEval x).success; + in lib.recurseIntoAttrs { invokeNixpkgsSimple = @@ -65,5 +108,21 @@ lib.recurseIntoAttrs { nixpkgs.pkgs = pkgs; } == []; + + # Tests for the read-only.nix module + assert readOnly._module.args.pkgs.stdenv.hostPlatform.system == pkgs.stdenv.hostPlatform.system; + assert throws readOnlyBad._module.args.pkgs.stdenv; + assert throws readOnlyUndefined._module.args.pkgs.stdenv; + assert throws readOnlyBadConfig._module.args.pkgs.stdenv; + assert throws readOnlyBadOverlays._module.args.pkgs.stdenv; + assert throws readOnlyBadHostPlatform._module.args.pkgs.stdenv; + assert throws readOnlyBadBuildPlatform._module.args.pkgs.stdenv; + # read-only.nix does not provide legacy options, for the sake of simplicity + # If you're bothered by this, upgrade your configs to use the new *Platform + # options. + assert !readOnly.options.nixpkgs?system; + assert !readOnly.options.nixpkgs?localSystem; + assert !readOnly.options.nixpkgs?crossSystem; + pkgs.emptyFile; } From cd358fe24eb50358ef5a72c35c92adc62f984ff3 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:38:58 +0200 Subject: [PATCH 07/37] nixos/all-tests.nix: Set nixpkgs.system --- nixos/lib/testing/nodes.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index c538ab468c52..e9649e724c35 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -3,11 +3,9 @@ testModuleArgs@{ config, lib, hostPkgs, nodes, ... }: let inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mdDoc; - system = hostPkgs.stdenv.hostPlatform.system; - baseOS = import ../eval-config.nix { - inherit system; + system = null; # use modularly defined system inherit (config.node) specialArgs; modules = [ config.defaults ]; baseModules = (import ../../modules/module-list.nix) ++ @@ -17,11 +15,16 @@ let ({ config, ... }: { virtualisation.qemu.package = testModuleArgs.config.qemu.package; - + }) + ({ + config = { # Ensure we do not use aliases. Ideally this is only set # when the test framework is used by Nixpkgs NixOS tests. nixpkgs.config.allowAliases = false; - }) + # TODO: switch to nixpkgs.hostPlatform and make sure containers-imperative test still evaluates. + nixpkgs.system = hostPkgs.stdenv.hostPlatform.system; + }; + }) testModuleArgs.config.extraBaseModules ]; }; From 8442568a5bc453a4916f86bc428af92dfa759652 Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 10 May 2023 14:52:09 -0400 Subject: [PATCH 08/37] cargo-audit: 0.17.5 -> 0.17.6 Changelog: https://github.com/rustsec/rustsec/blob/cargo-audit/0.17.6/cargo-audit/CHANGELOG.md --- pkgs/development/tools/rust/cargo-audit/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/rust/cargo-audit/default.nix b/pkgs/development/tools/rust/cargo-audit/default.nix index 9845cca7925e..ed794a22896e 100644 --- a/pkgs/development/tools/rust/cargo-audit/default.nix +++ b/pkgs/development/tools/rust/cargo-audit/default.nix @@ -9,14 +9,14 @@ rustPlatform.buildRustPackage rec { pname = "cargo-audit"; - version = "0.17.5"; + version = "0.17.6"; src = fetchCrate { inherit pname version; - sha256 = "sha256-qsHy4MKQHBzChcOJ9TrlUbEnEtVxlzxDgZlahhDsoxM="; + sha256 = "sha256-ICNcBqlkX1k3J5vc/bfoXw/+l2LdHOchv4PfY0G7Y94="; }; - cargoSha256 = "sha256-7uBRybAkexBl3SldV4qudwPZ8JcKCUaAlwbAcT9JXy8="; + cargoSha256 = "sha256-ViqaiSLVfDJhMuHjHGi+NVRLPcRhe2a+oKXl4UNM+K8="; nativeBuildInputs = [ pkg-config From 6197c3446fcde2269a2bd4d2dca4a6ca357db663 Mon Sep 17 00:00:00 2001 From: figsoda Date: Wed, 10 May 2023 16:43:49 -0400 Subject: [PATCH 09/37] pods: 1.1.1 -> 1.1.2 Diff: https://github.com/marhkb/pods/compare/v1.1.1...v1.1.2 Changelog: https://github.com/marhkb/pods/releases/tag/v1.1.2 --- .../virtualization/pods/Cargo.lock | 84 +++++++++---------- .../virtualization/pods/default.nix | 4 +- 2 files changed, 44 insertions(+), 44 deletions(-) diff --git a/pkgs/applications/virtualization/pods/Cargo.lock b/pkgs/applications/virtualization/pods/Cargo.lock index 02fabce58d11..bd7e65b10144 100644 --- a/pkgs/applications/virtualization/pods/Cargo.lock +++ b/pkgs/applications/virtualization/pods/Cargo.lock @@ -120,9 +120,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.12.1" +version = "3.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8" +checksum = "3c6ed94e98ecff0c12dd1b04c15ec0d7d9458ca8fe806cea6f12954efe74c63b" [[package]] name = "byteorder" @@ -1092,9 +1092,9 @@ checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" [[package]] name = "js-sys" -version = "0.3.61" +version = "0.3.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730" +checksum = "68c16e1bfd491478ab155fd8b4896b86f9ede344949b641e61501e07c2b8b4d5" dependencies = [ "wasm-bindgen", ] @@ -1142,9 +1142,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.142" +version = "0.2.144" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317" +checksum = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1" [[package]] name = "libpanel" @@ -1188,9 +1188,9 @@ dependencies = [ [[package]] name = "linux-raw-sys" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b64f40e5e03e0d54f03845c8197d0291253cdbedfb1cb46b13c2c117554a9f4c" +checksum = "ece97ea872ece730aed82664c424eb4c8291e1ff2480247ccf7409044bc6479f" [[package]] name = "locale_config" @@ -1477,9 +1477,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.26" +version = "0.3.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160" +checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" [[package]] name = "podman-api" @@ -1518,7 +1518,7 @@ dependencies = [ [[package]] name = "pods" -version = "1.1.1" +version = "1.1.2" dependencies = [ "anyhow", "ashpd", @@ -1594,9 +1594,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.26" +version = "1.0.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" +checksum = "8f4f29d145265ec1c483c7c654450edde0bfe043d3938d6972630663356d9500" dependencies = [ "proc-macro2", ] @@ -1677,9 +1677,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.37.18" +version = "0.37.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bbfc1d1c7c40c01715f47d71444744a81669ca84e8b63e25a55e169b1f86433" +checksum = "acf8729d8542766f1b2cf77eb034d52f40d375bb8b615d0b147089946e16613d" dependencies = [ "bitflags", "errno", @@ -1709,18 +1709,18 @@ checksum = "bebd363326d05ec3e2f532ab7660680f3b02130d780c299bca73469d521bc0ed" [[package]] name = "serde" -version = "1.0.160" +version = "1.0.162" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c" +checksum = "71b2f6e1ab5c2b98c05f0f35b236b22e8df7ead6ffbf51d7808da7f8817e7ab6" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.160" +version = "1.0.162" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df" +checksum = "a2a0814352fd64b58489904a44ea8d90cb1a91dcb6b4f5ebabc32c8318e93cb6" dependencies = [ "proc-macro2", "quote", @@ -1868,14 +1868,14 @@ dependencies = [ "hostname", "libc", "log", - "time 0.3.20", + "time 0.3.21", ] [[package]] name = "system-deps" -version = "6.0.5" +version = "6.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0fe581ad25d11420b873cf9aedaca0419c2b411487b134d4d21065f3d092055" +checksum = "e5fa6fb9ee296c0dc2df41a656ca7948546d061958115ddb0bcaae43ad0d17d2" dependencies = [ "cfg-expr", "heck", @@ -1962,9 +1962,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.20" +version = "0.3.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd0cbfecb4d19b5ea75bb31ad904eb5b9fa13f21079c3b92017ebdf4999a5890" +checksum = "8f3403384eaacbca9923fa06940178ac13e4edb725486d70e8e15881d0c836cc" dependencies = [ "itoa", "libc", @@ -1976,15 +1976,15 @@ dependencies = [ [[package]] name = "time-core" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd" +checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" [[package]] name = "time-macros" -version = "0.2.8" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd80a657e71da814b8e5d60d3374fc6d35045062245d80224748ae522dd76f36" +checksum = "372950940a5f07bf38dbe211d7283c9e6d7327df53794992d293e534c733d09b" dependencies = [ "time-core", ] @@ -2006,9 +2006,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.28.0" +version = "1.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3c786bf8134e5a3a166db9b29ab8f48134739014a3eca7bc6bfa95d673b136f" +checksum = "0aa32867d44e6f2ce3385e89dceb990188b8bb0fb25b0cf576647a6f98ac5105" dependencies = [ "autocfg", "bytes 1.4.0", @@ -2274,9 +2274,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.84" +version = "0.2.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b" +checksum = "5b6cb788c4e39112fbe1822277ef6fb3c55cd86b95cb3d3c4c1c9597e4ac74b4" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2284,24 +2284,24 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.84" +version = "0.2.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" +checksum = "35e522ed4105a9d626d885b35d62501b30d9666283a5c8be12c14a8bdafe7822" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.15", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-macro" -version = "0.2.84" +version = "0.2.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5" +checksum = "358a79a0cb89d21db8120cbfb91392335913e4890665b1a7981d9e956903b434" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2309,22 +2309,22 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.84" +version = "0.2.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6" +checksum = "4783ce29f09b9d93134d41297aded3a712b7b979e9c6f28c32cb88c973a94869" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.15", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.84" +version = "0.2.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d" +checksum = "a901d592cafaa4d711bc324edfaff879ac700b19c3dfd60058d2b445be2691eb" [[package]] name = "winapi" diff --git a/pkgs/applications/virtualization/pods/default.nix b/pkgs/applications/virtualization/pods/default.nix index 966f67eb39c6..acbf557dd25c 100644 --- a/pkgs/applications/virtualization/pods/default.nix +++ b/pkgs/applications/virtualization/pods/default.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation rec { pname = "pods"; - version = "1.1.1"; + version = "1.1.2"; src = fetchFromGitHub { owner = "marhkb"; repo = pname; rev = "v${version}"; - sha256 = "sha256-GTRHysG1zPr6MorGoSKYq8TgAdTH/bU/AxVrP2Ghqec="; + sha256 = "sha256-5euSMmyumZbUFsZuP7fa3wCm4n0Hx+F8bPlv4Xw/Hvw="; }; cargoDeps = rustPlatform.importCargoLock { From e0feb6da4748fdc8e9136758ae2570c5f313cf11 Mon Sep 17 00:00:00 2001 From: lunik1 Date: Wed, 10 May 2023 23:46:09 +0100 Subject: [PATCH 10/37] =?UTF-8?q?megacmd:=201.6.1=20=E2=86=92=201.6.3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/applications/misc/megacmd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/megacmd/default.nix b/pkgs/applications/misc/megacmd/default.nix index 32358aee2b78..9875631466c3 100644 --- a/pkgs/applications/misc/megacmd/default.nix +++ b/pkgs/applications/misc/megacmd/default.nix @@ -23,13 +23,13 @@ stdenv.mkDerivation rec { pname = "megacmd"; - version = "1.6.1"; + version = "1.6.3"; src = fetchFromGitHub { owner = "meganz"; repo = "MEGAcmd"; rev = "${version}_Linux"; - sha256 = "sha256-X8ysTVr4oZS3VHuCyq96J6TL9nvtAT/HVnMyz5iXSXo="; + sha256 = "sha256-JnxfFbM+NyeUrEMok62zlsQIxjrUvLLg4tUTiKPDZFc="; fetchSubmodules = true; }; From 34ba6c7e16b565d0189c571f1a7f6fbae96f6cef Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 11 May 2023 02:28:16 +0200 Subject: [PATCH 11/37] couchdb3: 3.3.1 -> 3.3.2 https://docs.couchdb.org/en/latest/whatsnew/3.3.html#version-3-3-2 https://docs.couchdb.org/en/latest/cve/2023-26268.html Fixes: CVE-2023-26268 --- pkgs/servers/http/couchdb/3.nix | 46 +++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/pkgs/servers/http/couchdb/3.nix b/pkgs/servers/http/couchdb/3.nix index 17130c422bb9..3ce5272c1d93 100644 --- a/pkgs/servers/http/couchdb/3.nix +++ b/pkgs/servers/http/couchdb/3.nix @@ -1,31 +1,55 @@ -{ lib, stdenv, fetchurl, erlang, icu, openssl, spidermonkey_91 -, coreutils, bash, python3, nixosTests }: +{ lib +, stdenv +, fetchurl +, erlang +, icu +, openssl +, spidermonkey_91 +, python3 +, nixosTests +}: stdenv.mkDerivation rec { pname = "couchdb"; - version = "3.3.1"; + version = "3.3.2"; src = fetchurl { url = "mirror://apache/couchdb/source/${version}/apache-${pname}-${version}.tar.gz"; - sha256 = "sha256-m4nXtU9+9StCvVGmoKLTsbBszjld8smdjx9H+TVeK+4="; + hash = "sha256-PWgj1C0Qzw1PhsnE/lnJkyyJ1oV4/LbEtCeNx2kwjao="; }; + postPatch = '' + substituteInPlace src/couch/rebar.config.script --replace '/usr/include/mozjs-91' "${spidermonkey_91.dev}/include/mozjs-91" + substituteInPlace configure --replace '/usr/include/''${SM_HEADERS}' "${spidermonkey_91.dev}/include/mozjs-91" + patchShebangs bin/rebar + ''; + nativeBuildInputs = [ erlang ]; - buildInputs = [ icu openssl spidermonkey_91 (python3.withPackages(ps: with ps; [ requests ]))]; - postPatch = '' - substituteInPlace src/couch/rebar.config.script --replace '/usr/include/mozjs-91' "${spidermonkey_91.dev}/include/mozjs-91" - patchShebangs bin/rebar - ''; + + buildInputs = [ + icu + openssl + spidermonkey_91 + (python3.withPackages(ps: with ps; [ requests ])) + ]; dontAddPrefix= "True"; - configureFlags = ["--spidermonkey-version=91"]; - buildFlags = ["release"]; + + configureFlags = [ + "--spidermonkey-version=91" + ]; + + buildFlags = [ + "release" + ]; installPhase = '' + runHook preInstall mkdir -p $out cp -r rel/couchdb/* $out + runHook postInstall ''; passthru.tests = { From 575171d619d01e2031efd581a11ce1a7c559b675 Mon Sep 17 00:00:00 2001 From: Emily Trau Date: Wed, 10 May 2023 15:46:59 +1000 Subject: [PATCH 12/37] minimal-bootstrap.gnupatch: init at 2.5.9 --- .../linux/minimal-bootstrap/default.nix | 3 + .../minimal-bootstrap/gnupatch/default.nix | 107 ++++++++++++++++++ 2 files changed, 110 insertions(+) create mode 100644 pkgs/os-specific/linux/minimal-bootstrap/gnupatch/default.nix diff --git a/pkgs/os-specific/linux/minimal-bootstrap/default.nix b/pkgs/os-specific/linux/minimal-bootstrap/default.nix index 509b7fe20593..f7207d380beb 100644 --- a/pkgs/os-specific/linux/minimal-bootstrap/default.nix +++ b/pkgs/os-specific/linux/minimal-bootstrap/default.nix @@ -21,4 +21,7 @@ lib.makeScope tinycc-bootstrappable = callPackage ./tinycc/bootstrappable.nix { }; tinycc-mes = callPackage ./tinycc/mes.nix { }; + + gnupatch = callPackage ./gnupatch { tinycc = tinycc-mes; }; + }) diff --git a/pkgs/os-specific/linux/minimal-bootstrap/gnupatch/default.nix b/pkgs/os-specific/linux/minimal-bootstrap/gnupatch/default.nix new file mode 100644 index 000000000000..2a44f3805d42 --- /dev/null +++ b/pkgs/os-specific/linux/minimal-bootstrap/gnupatch/default.nix @@ -0,0 +1,107 @@ +{ lib +, runCommand +, fetchurl +, tinycc +}: +let + pname = "gnupatch"; + # 2.6.x and later use features not implemented in mes-libc (eg. quotearg.h) + version = "2.5.9"; + + src = fetchurl { + url = "mirror://gnu/patch/patch-${version}.tar.gz"; + sha256 = "12nv7jx3gxfp50y11nxzlnmqqrpicjggw6pcsq0wyavkkm3cddgc"; + }; + + # Thanks to the live-bootstrap project! + # https://github.com/fosslinux/live-bootstrap/blob/1bc4296091c51f53a5598050c8956d16e945b0f5/sysa/patch-2.5.9/mk/main.mk + CFLAGS = [ + "-I." + "-DHAVE_DECL_GETENV" + "-DHAVE_DECL_MALLOC" + "-DHAVE_DIRENT_H" + "-DHAVE_LIMITS_H" + "-DHAVE_GETEUID" + "-DHAVE_MKTEMP" + "-DPACKAGE_BUGREPORT=" + "-Ded_PROGRAM=\\\"/nullop\\\"" + "-Dmbstate_t=int" # When HAVE_MBRTOWC is not enabled uses of mbstate_t are always a no-op + "-DRETSIGTYPE=int" + "-DHAVE_MKDIR" + "-DHAVE_RMDIR" + "-DHAVE_FCNTL_H" + "-DPACKAGE_NAME=\\\"patch\\\"" + "-DPACKAGE_VERSION=\\\"${version}\\\"" + "-DHAVE_MALLOC" + "-DHAVE_REALLOC" + "-DSTDC_HEADERS" + "-DHAVE_STRING_H" + "-DHAVE_STDLIB_H" + ]; + + # Maintenance note: List of sources from Makefile.in + SRCS = [ + "addext.c" + "argmatch.c" + "backupfile.c" + "basename.c" + "dirname.c" + "getopt.c" + "getopt1.c" + "inp.c" + "maketime.c" + "partime.c" + "patch.c" + "pch.c" + "quote.c" + "quotearg.c" + "quotesys.c" + "util.c" + "version.c" + "xmalloc.c" + ]; + sources = SRCS ++ [ + # mes-libc doesn't implement `error()` + "error.c" + ]; + + objects = map (x: lib.replaceStrings [".c"] [".o"] (builtins.baseNameOf x)) sources; +in +runCommand "${pname}-${version}" { + inherit pname version; + + nativeBuildInputs = [ tinycc ]; + + meta = with lib; { + description = "GNU Patch, a program to apply differences to files"; + homepage = "https://www.gnu.org/software/patch"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ emilytrau ]; + mainProgram = "patch"; + platforms = platforms.unix; + }; +} '' + # Unpack + ungz --file ${src} --output patch.tar + untar --file patch.tar + rm patch.tar + cd patch-${version} + + # Configure + catm config.h + + # Build + alias CC="tcc ${lib.concatStringsSep " " CFLAGS}" + ${lib.concatMapStringsSep "\n" (f: "CC -c ${f}") sources} + + # Link + CC -static -o patch ${lib.concatStringsSep " " objects} + + # Check + ./patch --version + + # Install + mkdir -p ''${out}/bin + cp ./patch ''${out}/bin + chmod 555 ''${out}/bin/patch +'' From 459643f5d2315c0a789f2cef3844eb5bc2eb3179 Mon Sep 17 00:00:00 2001 From: Emily Trau Date: Wed, 10 May 2023 16:23:28 +1000 Subject: [PATCH 13/37] minimal-bootstrap.gnumake: init at 4.4.1 --- .../linux/minimal-bootstrap/default.nix | 2 + .../gnumake/0001-No-impure-bin-sh.patch | 35 ++++ .../gnumake/0002-remove-impure-dirs.patch | 40 ++++ .../gnumake/0003-tinycc-support.patch | 58 ++++++ .../minimal-bootstrap/gnumake/default.nix | 190 ++++++++++++++++++ 5 files changed, 325 insertions(+) create mode 100644 pkgs/os-specific/linux/minimal-bootstrap/gnumake/0001-No-impure-bin-sh.patch create mode 100644 pkgs/os-specific/linux/minimal-bootstrap/gnumake/0002-remove-impure-dirs.patch create mode 100644 pkgs/os-specific/linux/minimal-bootstrap/gnumake/0003-tinycc-support.patch create mode 100644 pkgs/os-specific/linux/minimal-bootstrap/gnumake/default.nix diff --git a/pkgs/os-specific/linux/minimal-bootstrap/default.nix b/pkgs/os-specific/linux/minimal-bootstrap/default.nix index f7207d380beb..a0a9a7985d15 100644 --- a/pkgs/os-specific/linux/minimal-bootstrap/default.nix +++ b/pkgs/os-specific/linux/minimal-bootstrap/default.nix @@ -24,4 +24,6 @@ lib.makeScope gnupatch = callPackage ./gnupatch { tinycc = tinycc-mes; }; + gnumake = callPackage ./gnumake { tinycc = tinycc-mes; }; + }) diff --git a/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0001-No-impure-bin-sh.patch b/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0001-No-impure-bin-sh.patch new file mode 100644 index 000000000000..58ee2d6fe09b --- /dev/null +++ b/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0001-No-impure-bin-sh.patch @@ -0,0 +1,35 @@ +From e00a5257a6ca5fedbf68b09eee7df3502971a057 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= +Date: Sat, 24 Apr 2021 10:11:40 +0200 +Subject: [PATCH 1/2] No impure bin sh + +default_shell is used to populuate default shell used to execute jobs. +Unless SHELL is set to a different value this would be /bin/sh. +Our stdenv provides sh in form of bash anyway. Having this value not +hard-coded has some advantages: + +- It would ensure that on all systems it uses sh from its PATH rather + than /bin/sh, which helps as different systems might have different + shells there (bash vs. dash) +- In the past I had issues with LD_PRELOAD with BEAR, where /bin/sh + used a different glibc than BEAR which came from my development shell. +--- + src/job.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/job.c b/src/job.c +index ae1f18b..6b4ddb3 100644 +--- a/src/job.c ++++ b/src/job.c +@@ -77,7 +77,7 @@ char * vms_strsignal (int status); + + #else + +-const char *default_shell = "/bin/sh"; ++const char *default_shell = "sh"; + int batch_mode_shell = 0; + + #endif +-- +2.31.1 + diff --git a/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0002-remove-impure-dirs.patch b/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0002-remove-impure-dirs.patch new file mode 100644 index 000000000000..e62aee7d9993 --- /dev/null +++ b/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0002-remove-impure-dirs.patch @@ -0,0 +1,40 @@ +From 795d63d3c8b5c0dbb7e544954f75507b371b7228 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= +Date: Sat, 24 Apr 2021 10:20:16 +0200 +Subject: [PATCH 2/2] remove impure dirs + +--- + src/read.c | 3 --- + src/remake.c | 2 -- + 2 files changed, 5 deletions(-) + +diff --git a/src/read.c b/src/read.c +index fa197fb..defacfb 100644 +--- a/src/read.c ++++ b/src/read.c +@@ -109,9 +109,6 @@ static const char *default_include_directories[] = + #endif + INCLUDEDIR, + #ifndef _AMIGA +- "/usr/gnu/include", +- "/usr/local/include", +- "/usr/include", + #endif + 0 + }; +diff --git a/src/remake.c b/src/remake.c +index fb237c5..94bff7d 100644 +--- a/src/remake.c ++++ b/src/remake.c +@@ -1601,8 +1601,6 @@ library_search (const char *lib, FILE_TIMESTAMP *mtime_ptr) + static const char *dirs[] = + { + #ifndef _AMIGA +- "/lib", +- "/usr/lib", + #endif + #if defined(WINDOWS32) && !defined(LIBDIR) + /* +-- +2.31.1 + diff --git a/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0003-tinycc-support.patch b/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0003-tinycc-support.patch new file mode 100644 index 000000000000..e2e3f3395153 --- /dev/null +++ b/pkgs/os-specific/linux/minimal-bootstrap/gnumake/0003-tinycc-support.patch @@ -0,0 +1,58 @@ +diff --git a/src/dir.c b/src/dir.c +index 3e94b98..cfaa6a2 100644 +--- a/src/dir.c ++++ b/src/dir.c +@@ -1331,10 +1331,9 @@ local_stat (const char *path, struct stat *buf) + + /* Similarly for lstat. */ + #if !defined(lstat) && !defined(WINDOWS32) || defined(VMS) +-# ifndef VMS +-# ifndef HAVE_SYS_STAT_H ++// mes-libc implements but does not declare lstat ++# if (!defined(VMS) && !defined(HAVE_SYS_STAT_H)) || defined(__TINYC__) + int lstat (const char *path, struct stat *sbuf); +-# endif + # else + /* We are done with the fake lstat. Go back to the real lstat */ + # ifdef lstat +diff --git a/src/job.c b/src/job.c +index ea88561..8388a82 100644 +--- a/src/job.c ++++ b/src/job.c +@@ -2052,7 +2052,8 @@ job_next_command (struct child *child) + static int + load_too_high (void) + { +-#if defined(__MSDOS__) || defined(VMS) || defined(_AMIGA) || defined(__riscos__) ++// mes-libc does not support getloadavg ++#if defined(__MSDOS__) || defined(VMS) || defined(_AMIGA) || defined(__riscos__) || defined (__TINYC__) + return 1; + #else + static double last_sec; +diff --git a/src/main.c b/src/main.c +index a9d3a64..664d40f 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -2770,7 +2770,7 @@ main (int argc, char **argv, char **envp) + char *b = alloca (40); + sprintf (b, "MAKE_RESTARTS=%s%u", + OUTPUT_IS_TRACED () ? "-" : "", restarts); +- putenv (b); ++ // mes-libc does not support putenv + } + + fflush (stdout); +diff --git a/src/misc.c b/src/misc.c +index eb14f40..bffca82 100644 +--- a/src/misc.c ++++ b/src/misc.c +@@ -653,7 +653,8 @@ get_tmppath () + + # ifdef HAVE_MKTEMP + path = get_tmptemplate (); +- if (*mktemp (path) == '\0') ++ // tinycc: "src/misc.c:656: error: pointer expected" ++ if (!strcmp(mktemp (path), "")) + { + OSS (error, NILF, + _("cannot generate temp path from %s: %s"), path, strerror (errno)); diff --git a/pkgs/os-specific/linux/minimal-bootstrap/gnumake/default.nix b/pkgs/os-specific/linux/minimal-bootstrap/gnumake/default.nix new file mode 100644 index 000000000000..0db52e287425 --- /dev/null +++ b/pkgs/os-specific/linux/minimal-bootstrap/gnumake/default.nix @@ -0,0 +1,190 @@ +{ lib +, runCommand +, fetchurl +, tinycc +, gnupatch +}: +let + pname = "gnumake"; + version = "4.4.1"; + + src = fetchurl { + url = "mirror://gnu/make/make-${version}.tar.gz"; + sha256 = "1cwgcmwdn7gqn5da2ia91gkyiqs9birr10sy5ykpkaxzcwfzn5nx"; + }; + + patches = [ + # Replaces /bin/sh with sh, see patch file for reasoning + ./0001-No-impure-bin-sh.patch + # Purity: don't look for library dependencies (of the form `-lfoo') in /lib + # and /usr/lib. It's a stupid feature anyway. Likewise, when searching for + # included Makefiles, don't look in /usr/include and friends. + ./0002-remove-impure-dirs.patch + # Fixes for tinycc. See comments in patch file for reasoning + ./0003-tinycc-support.patch + ]; + + CFLAGS = [ + "-I./src" + "-I./lib" + "-DHAVE_CONFIG_H" + "-DMAKE_MAINTAINER_MODE" + "-DLIBDIR=\\\"${placeholder "out"}/lib\\\"" + "-DLOCALEDIR=\\\"/fake-locale\\\"" + "-DPOSIX=1" + # mes-libc doesn't implement osync_* methods + "-DNO_OUTPUT_SYNC=1" + # mes-libc doesn't define O_TMPFILE + "-DO_TMPFILE=020000000" + ] ++ config; + + /* + Maintenance notes: + + Generated by + ./configure \ + --build i686-pc-linux-gnu \ + --host i686-pc-linux-gnu \ + CC="${tinycc-mes}/bin/tcc -static" \ + ac_cv_func_dup=no + - `ac_cv_func_dup` disabled as mes-libc doesn't implement tmpfile() + + The output src/config.h was then manually filtered, removing definitions that + didn't have uses in the source code + */ + config = [ + "-DFILE_TIMESTAMP_HI_RES=0" + "-DHAVE_ALLOCA" + "-DHAVE_ALLOCA_H" + "-DHAVE_ATEXIT" + "-DHAVE_DECL_BSD_SIGNAL=0" + "-DHAVE_DECL_GETLOADAVG=0" + "-DHAVE_DECL_SYS_SIGLIST=0" + "-DHAVE_DECL__SYS_SIGLIST=0" + "-DHAVE_DECL___SYS_SIGLIST=0" + "-DHAVE_DIRENT_H" + "-DHAVE_DUP2" + "-DHAVE_FCNTL_H" + "-DHAVE_FDOPEN" + "-DHAVE_GETCWD" + "-DHAVE_GETTIMEOFDAY" + "-DHAVE_INTTYPES_H" + "-DHAVE_ISATTY" + "-DHAVE_LIMITS_H" + "-DHAVE_LOCALE_H" + "-DHAVE_MEMORY_H" + "-DHAVE_MKTEMP" + "-DHAVE_SA_RESTART" + "-DHAVE_SETVBUF" + "-DHAVE_SIGACTION" + "-DHAVE_SIGSETMASK" + "-DHAVE_STDINT_H" + "-DHAVE_STDLIB_H" + "-DHAVE_STRDUP" + "-DHAVE_STRERROR" + "-DHAVE_STRINGS_H" + "-DHAVE_STRING_H" + "-DHAVE_STRTOLL" + "-DHAVE_SYS_FILE_H" + "-DHAVE_SYS_PARAM_H" + "-DHAVE_SYS_RESOURCE_H" + "-DHAVE_SYS_SELECT_H" + "-DHAVE_SYS_STAT_H" + "-DHAVE_SYS_TIMEB_H" + "-DHAVE_SYS_TIME_H" + "-DHAVE_SYS_WAIT_H" + "-DHAVE_TTYNAME" + "-DHAVE_UMASK" + "-DHAVE_UNISTD_H" + "-DHAVE_WAITPID" + "-DMAKE_JOBSERVER" + "-DMAKE_SYMLINKS" + "-DPATH_SEPARATOR_CHAR=':'" + "-DSCCS_GET=\\\"get\\\"" + "-DSTDC_HEADERS" + "-Dsig_atomic_t=int" + "-Dvfork=fork" + ]; + + # Maintenance note: list of source files derived from Basic.mk + make_SOURCES = [ + "src/ar.c" + "src/arscan.c" + "src/commands.c" + "src/default.c" + "src/dir.c" + "src/expand.c" + "src/file.c" + "src/function.c" + "src/getopt.c" + "src/getopt1.c" + "src/guile.c" + "src/hash.c" + "src/implicit.c" + "src/job.c" + "src/load.c" + "src/loadapi.c" + "src/main.c" + "src/misc.c" + "src/output.c" + "src/read.c" + "src/remake.c" + "src/rule.c" + "src/shuffle.c" + "src/signame.c" + "src/strcache.c" + "src/variable.c" + "src/version.c" + "src/vpath.c" + ]; + glob_SOURCES = [ "lib/fnmatch.c" "lib/glob.c" ]; + remote_SOURCES = [ "src/remote-stub.c" ]; + sources = make_SOURCES ++ glob_SOURCES ++ remote_SOURCES ++ [ + "src/posixos.c" + ]; + + objects = map (x: lib.replaceStrings [".c"] [".o"] (builtins.baseNameOf x)) sources; +in +runCommand "${pname}-${version}" { + inherit pname version; + + nativeBuildInputs = [ tinycc gnupatch ]; + + meta = with lib; { + description = "A tool to control the generation of non-source files from sources"; + homepage = "https://www.gnu.org/software/make"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ emilytrau ]; + mainProgram = "make"; + platforms = platforms.unix; + }; +} '' + # Unpack + ungz --file ${src} --output make.tar + untar --file make.tar + rm make.tar + cd make-${version} + + # Patch + ${lib.concatMapStringsSep "\n" (f: "patch -Np1 -i ${f}") patches} + + # Configure + catm src/config.h src/mkconfig.h src/mkcustom.h + cp lib/glob.in.h lib/glob.h + cp lib/fnmatch.in.h lib/fnmatch.h + + # Compile + alias CC="tcc ${lib.concatStringsSep " " CFLAGS}" + ${lib.concatMapStringsSep "\n" (f: "CC -c ${f}") sources} + + # Link + CC -static -o make ${lib.concatStringsSep " " objects} + + # Check + ./make --version + + # Install + mkdir -p ''${out}/bin + cp ./make ''${out}/bin + chmod 555 ''${out}/bin/make +'' From 000a6a670f0b5edefb7206b095b62004095eeff5 Mon Sep 17 00:00:00 2001 From: Emily Trau Date: Wed, 10 May 2023 16:24:46 +1000 Subject: [PATCH 14/37] minimal-bootstrap: sort attrs --- .../linux/minimal-bootstrap/default.nix | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/pkgs/os-specific/linux/minimal-bootstrap/default.nix b/pkgs/os-specific/linux/minimal-bootstrap/default.nix index a0a9a7985d15..97c9a26b53fb 100644 --- a/pkgs/os-specific/linux/minimal-bootstrap/default.nix +++ b/pkgs/os-specific/linux/minimal-bootstrap/default.nix @@ -10,20 +10,21 @@ lib.makeScope # declared here. (extra: lib.callPackageWith ({ inherit lib config buildPlatform hostPlatform; } // extra)) (self: with self; { - inherit (callPackage ./utils.nix { }) fetchurl derivationWithMeta writeTextFile writeText runCommand; - - inherit (callPackage ./stage0-posix { }) kaem m2libc mescc-tools mescc-tools-extra; - - mes = callPackage ./mes { }; - mes-libc = callPackage ./mes/libc.nix { }; - - ln-boot = callPackage ./ln-boot { }; - - tinycc-bootstrappable = callPackage ./tinycc/bootstrappable.nix { }; - tinycc-mes = callPackage ./tinycc/mes.nix { }; gnupatch = callPackage ./gnupatch { tinycc = tinycc-mes; }; gnumake = callPackage ./gnumake { tinycc = tinycc-mes; }; + ln-boot = callPackage ./ln-boot { }; + + mes = callPackage ./mes { }; + mes-libc = callPackage ./mes/libc.nix { }; + + inherit (callPackage ./stage0-posix { }) kaem m2libc mescc-tools mescc-tools-extra; + + tinycc-bootstrappable = callPackage ./tinycc/bootstrappable.nix { }; + tinycc-mes = callPackage ./tinycc/mes.nix { }; + + inherit (callPackage ./utils.nix { }) fetchurl derivationWithMeta writeTextFile writeText runCommand; + }) From bb034f61a29552f0349536d2e2b8a11a4602cc4d Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 11 May 2023 05:03:17 +0000 Subject: [PATCH 15/37] python310Packages.riscv-isac: 0.16.1 -> 0.17.0 --- pkgs/development/python-modules/riscv-isac/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/riscv-isac/default.nix b/pkgs/development/python-modules/riscv-isac/default.nix index 98fff40285b2..a577cb8a054f 100644 --- a/pkgs/development/python-modules/riscv-isac/default.nix +++ b/pkgs/development/python-modules/riscv-isac/default.nix @@ -13,13 +13,13 @@ buildPythonPackage rec { pname = "riscv-isac"; - version = "0.16.1"; + version = "0.17.0"; src = fetchFromGitHub { owner = "riscv-software-src"; repo = pname; - rev = version; - hash = "sha256-Krjr9bvpoOeNfMbYj/QbJ+Y+AVLjwrzj8KKMUXCfnMA="; + rev = "refs/tags/${version}"; + hash = "sha256-I0RsvSCrSlNGVj8z+WUQx6vbdNkKCRyMFvNx+0mTBAE="; }; postPatch = "substituteInPlace riscv_isac/requirements.txt --replace 'pyelftools==0.26' pyelftools"; From 9c05958d2c9a50fca34d15b56c9a87122919e777 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 11 May 2023 06:35:06 +0000 Subject: [PATCH 16/37] python310Packages.xhtml2pdf: 0.2.9 -> 0.2.11 --- pkgs/development/python-modules/xhtml2pdf/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/xhtml2pdf/default.nix b/pkgs/development/python-modules/xhtml2pdf/default.nix index c7f768ab2a8a..5e1661cd989e 100644 --- a/pkgs/development/python-modules/xhtml2pdf/default.nix +++ b/pkgs/development/python-modules/xhtml2pdf/default.nix @@ -15,7 +15,7 @@ buildPythonPackage rec { pname = "xhtml2pdf"; - version = "0.2.9"; + version = "0.2.11"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -25,8 +25,8 @@ buildPythonPackage rec { owner = pname; repo = pname; # Currently it is not possible to fetch from version as there is a branch with the same name - rev = "refs/tags/${version}"; - hash = "sha256-MrzAsa0AZX3+0LN/Can3QBoPBRxb0a/F2jLBd8rD5H4="; + rev = "refs/tags/v${version}"; + hash = "sha256-L/HCw+O8bidtE5nDdO+cLS54m64dlJL+9Gjcye5gM+w="; }; propagatedBuildInputs = [ From 439625d5d543e085619f5b24d9da16f6737ebcfc Mon Sep 17 00:00:00 2001 From: Yaya Date: Thu, 11 May 2023 07:07:37 +0000 Subject: [PATCH 17/37] nixosTests.gitlab: Use module system based runner --- nixos/tests/all-tests.nix | 2 +- nixos/tests/gitlab.nix | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5459dd161b81..95f8fd1c4e04 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -267,7 +267,7 @@ in { gitdaemon = handleTest ./gitdaemon.nix {}; gitea = handleTest ./gitea.nix { giteaPackage = pkgs.gitea; }; github-runner = handleTest ./github-runner.nix {}; - gitlab = handleTest ./gitlab.nix {}; + gitlab = runTest ./gitlab.nix; gitolite = handleTest ./gitolite.nix {}; gitolite-fcgiwrap = handleTest ./gitolite-fcgiwrap.nix {}; glusterfs = handleTest ./glusterfs.nix {}; diff --git a/nixos/tests/gitlab.nix b/nixos/tests/gitlab.nix index c2a11bada0a3..ff10d3de812a 100644 --- a/nixos/tests/gitlab.nix +++ b/nixos/tests/gitlab.nix @@ -6,7 +6,7 @@ # - Creating Merge Requests and merging them # - Opening and closing issues. # - Downloading repository archives as tar.gz and tar.bz2 -import ./make-test-python.nix ({ pkgs, lib, ... }: +{ pkgs, lib, ... }: with lib; @@ -174,7 +174,7 @@ in { gitlab.wait_for_unit("gitlab.service") gitlab.wait_for_unit("gitlab-pages.service") gitlab.wait_for_unit("gitlab-sidekiq.service") - gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitlab.socket") + gitlab.wait_for_file("${nodes.gitlab.services.gitlab.statePath}/tmp/sockets/gitlab.socket") gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in") ''; @@ -419,15 +419,15 @@ in { + '' gitlab.systemctl("start gitlab-backup.service") gitlab.wait_for_unit("gitlab-backup.service") - gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/backup/dump_gitlab_backup.tar") + gitlab.wait_for_file("${nodes.gitlab.services.gitlab.statePath}/backup/dump_gitlab_backup.tar") gitlab.systemctl("stop postgresql.service gitlab.target") gitlab.succeed( - "find ${nodes.gitlab.config.services.gitlab.statePath} -mindepth 1 -maxdepth 1 -not -name backup -execdir rm -r {} +" + "find ${nodes.gitlab.services.gitlab.statePath} -mindepth 1 -maxdepth 1 -not -name backup -execdir rm -r {} +" ) gitlab.succeed("systemd-tmpfiles --create") - gitlab.succeed("rm -rf ${nodes.gitlab.config.services.postgresql.dataDir}") + gitlab.succeed("rm -rf ${nodes.gitlab.services.postgresql.dataDir}") gitlab.systemctl("start gitlab-config.service gitaly.service gitlab-postgresql.service") - gitlab.wait_for_file("${nodes.gitlab.config.services.gitlab.statePath}/tmp/sockets/gitaly.socket") + gitlab.wait_for_file("${nodes.gitlab.services.gitlab.statePath}/tmp/sockets/gitaly.socket") gitlab.succeed( "sudo -u gitlab -H gitlab-rake gitlab:backup:restore RAILS_ENV=production BACKUP=dump force=yes" ) @@ -435,4 +435,4 @@ in { '' + waitForServices + test false; -}) +} From 9b979714b6745a9ba1d24a2468806410396a2a1f Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 11 May 2023 09:41:22 +0200 Subject: [PATCH 18/37] python310Packages.riscv-isac: add changelog to meta - switch to pytestCheckHook - add pythonImportsCheck --- .../python-modules/riscv-isac/default.nix | 32 +++++++++++++++---- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/pkgs/development/python-modules/riscv-isac/default.nix b/pkgs/development/python-modules/riscv-isac/default.nix index a577cb8a054f..13aca2c0d7b6 100644 --- a/pkgs/development/python-modules/riscv-isac/default.nix +++ b/pkgs/development/python-modules/riscv-isac/default.nix @@ -1,19 +1,24 @@ -{ buildPythonPackage +{ lib +, buildPythonPackage , fetchFromGitHub -, lib , click , colorlog , gitpython +, pluggy , pyelftools , pytablewriter -, pytest +, pytestCheckHook , pyyaml , ruamel-yaml +, pythonOlder }: buildPythonPackage rec { pname = "riscv-isac"; version = "0.17.0"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchFromGitHub { owner = "riscv-software-src"; @@ -22,23 +27,36 @@ buildPythonPackage rec { hash = "sha256-I0RsvSCrSlNGVj8z+WUQx6vbdNkKCRyMFvNx+0mTBAE="; }; - postPatch = "substituteInPlace riscv_isac/requirements.txt --replace 'pyelftools==0.26' pyelftools"; + postPatch = '' + substituteInPlace riscv_isac/requirements.txt \ + --replace "pyelftools==0.26" "pyelftools" \ + --replace "pytest" "" + ''; propagatedBuildInputs = [ click colorlog gitpython + pluggy pyelftools pytablewriter - pytest pyyaml ruamel-yaml ]; + nativeCheckInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "riscv_isac" + ]; + meta = with lib; { - homepage = "https://github.com/riscv/riscv-isac"; description = "An ISA coverage extraction tool"; - maintainers = with maintainers; [ genericnerdyusername ]; + homepage = "https://github.com/riscv/riscv-isac"; + changelog = "https://github.com/riscv-software-src/riscv-isac/blob/${version}/CHANGELOG.md"; license = licenses.bsd3; + maintainers = with maintainers; [ genericnerdyusername ]; }; } From dfa2d97218c02e4f0a256b732441535bf2f46d5b Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 11 May 2023 09:57:20 +0200 Subject: [PATCH 19/37] python310Packages.xhtml2pdf: add changelog to meta --- pkgs/development/python-modules/xhtml2pdf/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/xhtml2pdf/default.nix b/pkgs/development/python-modules/xhtml2pdf/default.nix index 5e1661cd989e..931d08e12c1c 100644 --- a/pkgs/development/python-modules/xhtml2pdf/default.nix +++ b/pkgs/development/python-modules/xhtml2pdf/default.nix @@ -20,11 +20,9 @@ buildPythonPackage rec { disabled = pythonOlder "3.7"; - # Tests are only available on GitHub src = fetchFromGitHub { owner = pname; repo = pname; - # Currently it is not possible to fetch from version as there is a branch with the same name rev = "refs/tags/v${version}"; hash = "sha256-L/HCw+O8bidtE5nDdO+cLS54m64dlJL+9Gjcye5gM+w="; }; @@ -51,6 +49,7 @@ buildPythonPackage rec { meta = with lib; { description = "A PDF generator using HTML and CSS"; homepage = "https://github.com/xhtml2pdf/xhtml2pdf"; + changelog = "https://github.com/xhtml2pdf/xhtml2pdf/releases/tag/v${version}"; license = licenses.asl20; maintainers = with maintainers; [ ]; }; From 40865ec0db2e4a7f9d5b25c102299084efbb6d47 Mon Sep 17 00:00:00 2001 From: QJoly Date: Thu, 11 May 2023 10:09:43 +0200 Subject: [PATCH 20/37] tfautomv: init at 0.5.1 Delete DoCheck = True; --- .../networking/cluster/tfautomv/default.nix | 27 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 29 insertions(+) create mode 100644 pkgs/applications/networking/cluster/tfautomv/default.nix diff --git a/pkgs/applications/networking/cluster/tfautomv/default.nix b/pkgs/applications/networking/cluster/tfautomv/default.nix new file mode 100644 index 000000000000..94dc0754ff70 --- /dev/null +++ b/pkgs/applications/networking/cluster/tfautomv/default.nix @@ -0,0 +1,27 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "tfautomv"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "padok-team"; + repo = pname; + rev = "v${version}"; + hash = "sha256-shpoi/N/gfzisjj1tvZGSEuorqaoOJMhYOjx+Y8F/Ds="; + }; + + vendorHash = "sha256-BjmtUamecTSwT7gHM/6uz1r/P8O0TWzp9Dk43rdmxXU="; + + ldflags = [ "-s" "-w" ]; + + meta = with lib; { + homepage = "https://github.com/padok-team/tfautomv"; + description = "When refactoring a Terraform codebase, you often need to write moved blocks. This can be tedious. Let tfautomv do it for you"; + license = licenses.asl20; + maintainers = with maintainers; [ qjoly ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f8b6ffab9979..bab635bae8fd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -39454,6 +39454,8 @@ with pkgs; terragrunt = callPackage ../applications/networking/cluster/terragrunt { }; + tfautomv = callPackage ../applications/networking/cluster/tfautomv { }; + terranix = callPackage ../applications/networking/cluster/terranix { }; terraspace = callPackage ../applications/networking/cluster/terraspace { }; From d9668c2ef2f9d115ef2bf573cd407afcc413ea4e Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Thu, 11 May 2023 09:42:18 +0100 Subject: [PATCH 21/37] tailscale: 1.40.0 -> 1.40.1 Diff: https://github.com/tailscale/tailscale/compare/v1.40.0...v1.40.1 --- pkgs/servers/tailscale/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/tailscale/default.nix b/pkgs/servers/tailscale/default.nix index fce7a5ad3e73..77727c3ad341 100644 --- a/pkgs/servers/tailscale/default.nix +++ b/pkgs/servers/tailscale/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "tailscale"; - version = "1.40.0"; + version = "1.40.1"; src = fetchFromGitHub { owner = "tailscale"; repo = "tailscale"; rev = "v${version}"; - hash = "sha256-iPf3ams613VHPesbxoBaaw9eav5p781+wEmbJ+15yfY="; + hash = "sha256-OCKWr62peDrh6zQVAS2iPPzgB1uZb1Fev23szvNNPkE="; }; vendorHash = "sha256-lirn07XE3JOS6oiwZBMwxzywkbXHowOJUMWWLrZtccY="; From 5525a97401bc061ad5bed4548e87376e8e0b09e8 Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Thu, 11 May 2023 12:14:08 +0200 Subject: [PATCH 22/37] swaynotificationcenter: set meta.mainProgram --- pkgs/applications/misc/swaynotificationcenter/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/applications/misc/swaynotificationcenter/default.nix b/pkgs/applications/misc/swaynotificationcenter/default.nix index 41a065349c4e..e9d9a9ef3872 100644 --- a/pkgs/applications/misc/swaynotificationcenter/default.nix +++ b/pkgs/applications/misc/swaynotificationcenter/default.nix @@ -83,6 +83,7 @@ stdenv.mkDerivation (finalAttrs: rec { changelog = "https://github.com/ErikReider/SwayNotificationCenter/releases/tag/v${version}"; license = licenses.gpl3; platforms = platforms.linux; + mainProgram = "swaync"; maintainers = with maintainers; [ berbiche pedrohlc ]; }; }) From bd7c4e7b367253072b3e06d5dd8c7dbd805c8624 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Thu, 11 May 2023 14:17:40 +0300 Subject: [PATCH 23/37] clang16Stdenv: init --- pkgs/os-specific/darwin/apple-sdk-11.0/default.nix | 2 +- pkgs/top-level/aliases.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix index 1133cca002a8..e4cc740ba1e7 100644 --- a/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk-11.0/default.nix @@ -70,7 +70,7 @@ let stdenv = mkStdenv stdenv; } // builtins.listToAttrs (map (v: { name = "clang${v}Stdenv"; value = mkStdenv pkgs."llvmPackages_${v}".stdenv; }) - [ "12" "13" "14" "15" ] + [ "12" "13" "14" "15" "16" ] ); callPackage = newScope (packages // pkgs.darwin // { inherit MacOSX-SDK; }); diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index c22d2e9f65cd..d0c6d2df6707 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -236,6 +236,7 @@ mapAliases ({ clang13Stdenv = lowPrio llvmPackages_13.stdenv; clang14Stdenv = lowPrio llvmPackages_14.stdenv; clang15Stdenv = lowPrio llvmPackages_15.stdenv; + clang16Stdenv = lowPrio llvmPackages_16.stdenv; clangAnalyzer = throw "'clangAnalyzer' has been renamed to/replaced by 'clang-analyzer'"; # Converted to throw 2022-02-22 clasp = clingo; # added 2022-12-22 From ac203678995755284471f98ce5e884f44e7429d6 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 11 May 2023 11:44:55 +0000 Subject: [PATCH 24/37] python310Packages.azure-mgmt-datafactory: 3.0.0 -> 3.1.0 --- .../python-modules/azure-mgmt-datafactory/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/azure-mgmt-datafactory/default.nix b/pkgs/development/python-modules/azure-mgmt-datafactory/default.nix index 8104cfd34029..735bcba46c37 100644 --- a/pkgs/development/python-modules/azure-mgmt-datafactory/default.nix +++ b/pkgs/development/python-modules/azure-mgmt-datafactory/default.nix @@ -10,7 +10,7 @@ buildPythonPackage rec { pname = "azure-mgmt-datafactory"; - version = "3.0.0"; + version = "3.1.0"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -18,7 +18,7 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; extension = "zip"; - hash = "sha256-aVfH65fJnsTSr0MR0Fr5yamxIOv2+aST953uCr7QXOk="; + hash = "sha256-lsOUxDoXocf1fUIcY4q74/vd86LO7yumJg7rJ6i3zcg="; }; propagatedBuildInputs = [ From 403c30813f249a54a5013562e6e923349a7fc3db Mon Sep 17 00:00:00 2001 From: Tomas Kala Date: Wed, 10 May 2023 14:39:53 +0200 Subject: [PATCH 25/37] maintainers: add tomaskala --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index c666365beca0..287e1418b336 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -15901,6 +15901,12 @@ githubId = 8577941; name = "Kevin Rauscher"; }; + tomaskala = { + email = "public+nixpkgs@tomaskala.com"; + github = "tomaskala"; + githubId = 7727887; + name = "Tomas Kala"; + }; tomberek = { email = "tomberek@gmail.com"; matrix = "@tomberek:matrix.org"; From 8b2d1e455452186f2f7aa57d14d289bc9894a52b Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Thu, 11 May 2023 14:31:21 +0200 Subject: [PATCH 26/37] nixos/tests/gitlab.nix: Document running it `nix-build $file` is not possible anymore, so this helps both newcomers and old hands. It's documented in the manual, but that's far away. --- nixos/tests/gitlab.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/tests/gitlab.nix b/nixos/tests/gitlab.nix index ff10d3de812a..672b497e7ec6 100644 --- a/nixos/tests/gitlab.nix +++ b/nixos/tests/gitlab.nix @@ -6,6 +6,9 @@ # - Creating Merge Requests and merging them # - Opening and closing issues. # - Downloading repository archives as tar.gz and tar.bz2 +# Run with +# [nixpkgs]$ nix-build -A nixosTests.gitlab + { pkgs, lib, ... }: with lib; From f7e248bb6a3ce52fbaa848e62da709e0111a4f38 Mon Sep 17 00:00:00 2001 From: QJoly Date: Thu, 11 May 2023 08:07:39 +0200 Subject: [PATCH 27/37] kubefirst: init at 2.0.8 doCheck under ldflags Fix lint --- .../networking/cluster/kubefirst/default.nix | 26 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 pkgs/applications/networking/cluster/kubefirst/default.nix diff --git a/pkgs/applications/networking/cluster/kubefirst/default.nix b/pkgs/applications/networking/cluster/kubefirst/default.nix new file mode 100644 index 000000000000..c90460d1692b --- /dev/null +++ b/pkgs/applications/networking/cluster/kubefirst/default.nix @@ -0,0 +1,26 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubefirst"; + version = "2.0.8"; + + src = fetchFromGitHub { + owner = "kubefirst"; + repo = pname; + rev = "v${version}"; + hash = "sha256-JGseXRUehRuH1kuTfmkAJcfRN3vM0zN7K8pnOfJ0LAs="; + }; + + vendorHash = "sha256-Sc6HXJXkZ9vW6sxEKCTo6LDHeOGLTz0oN9JH11iUA/k="; + + ldflags = [ "-s" "-w" "-X github.com/kubefirst/runtime/configs.K1Version=v${version}"]; + + doCheck = false; + + meta = with lib; { + description = "The Kubefirst CLI creates instant GitOps platforms that integrate some of the best tools in cloud native from scratch."; + homepage = "https://github.com/kubefirst/kubefirst/"; + license = licenses.mit; + maintainers = with maintainers; [ qjoly ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f8b6ffab9979..451510d3f496 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -31653,6 +31653,8 @@ with pkgs; kubecfg = callPackage ../applications/networking/cluster/kubecfg { }; + kubefirst = callPackage ../applications/networking/cluster/kubefirst { }; + kube-score = callPackage ../applications/networking/cluster/kube-score { }; kubectl-evict-pod = callPackage ../applications/networking/cluster/kubectl-evict-pod { From 485eb94007ddc068fd3e8b3cc0882ed1658145a0 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 11 May 2023 13:58:53 +0000 Subject: [PATCH 28/37] cmctl: 1.11.1 -> 1.11.2 --- pkgs/applications/networking/cluster/cmctl/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/networking/cluster/cmctl/default.nix b/pkgs/applications/networking/cluster/cmctl/default.nix index 9f313f3ae1bc..ab4789741fbf 100644 --- a/pkgs/applications/networking/cluster/cmctl/default.nix +++ b/pkgs/applications/networking/cluster/cmctl/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "cmctl"; - version = "1.11.1"; + version = "1.11.2"; src = fetchFromGitHub { owner = "cert-manager"; repo = "cert-manager"; - rev = "e3a2a803e8ed7f8a88d5f535d6e9a061c1571194"; - sha256 = "0484dh520plgmrv39lbih44z1dz0r3sf115kqvcpfmg13b0328d0"; + rev = "4767427a40e0e193c976fd6bc228f50de8950572"; + sha256 = "128s5vd4hp5mr0rnb21grzmijzx0ibpv71as36dcgw7z4v3gq7lx"; }; - vendorSha256 = "sha256-tKvvqYGwLEoSfGzBRLx8xC/0Kz1uLmHYQ+gcHOW+550="; + vendorSha256 = "sha256-+r0QpD97r6dokUr07Qjb9kvoK+oz2rvml0cIebtYuHg="; subPackages = [ "cmd/ctl" ]; From b213791e7e85ced036ac1f8c41ef07e53d89e83a Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:44:54 +0200 Subject: [PATCH 29/37] nixos/all-tests.nix: Add readOnlyPkgs module --- nixos/lib/testing/nodes.nix | 1 + nixos/tests/all-tests.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index e9649e724c35..5a6b30b8f8d5 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -17,6 +17,7 @@ let virtualisation.qemu.package = testModuleArgs.config.qemu.package; }) ({ + key = "nodes.nix-pkgs"; config = { # Ensure we do not use aliases. Ideally this is only set # when the test framework is used by Nixpkgs NixOS tests. diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5dd39c9b142f..643162a2d863 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -65,6 +65,27 @@ let runTestOn ; + # Using a single instance of nixpkgs makes test evaluation faster. + # To make sure we don't accidentally depend on a modified pkgs, we make the + # related options read-only. We need to test the right configuration. + # + # If your service depends on a nixpkgs setting, first try to avoid that, but + # otherwise, you can remove the readOnlyPkgs import and test your service as + # usual. + readOnlyPkgs = + # TODO: We currently accept this for nixosTests, so that the `pkgs` argument + # is consistent with `pkgs` in `pkgs.nixosTests`. Can we reinitialize + # it with `allowAliases = false`? + # warnIf pkgs.config.allowAliases "nixosTests: pkgs includes aliases." + { + _class = "nixosTest"; + defaults = { + nixpkgs.pkgs = pkgs; + imports = [ ../modules/misc/nixpkgs/read-only.nix ]; + disabledModules = [{ key = "nodes.nix-pkgs"; }]; + }; + }; + in { # Testing the test driver From d0b0f9e441c70253ea4ba42162b5e60057ba6883 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:45:11 +0200 Subject: [PATCH 30/37] nixosTests.acme: Use a read-only pkgs This speeds up evaluation by a factor 2. Ballpark figures from my machine: ``` $ time nix-build nixos/release.nix -A tests.acme /nix/store/q4fxp55k64clcarsx8xc8f6s10szlfvz-vm-test-run-acme /nix/store/lnfqg051sxx05hclva84bcbnjfc71c8x-vm-test-run-acme real 1m28.142s user 1m7.474s sys 0m7.932s $ time nix-build nixos/release.nix -A tests.acme /nix/store/q4fxp55k64clcarsx8xc8f6s10szlfvz-vm-test-run-acme /nix/store/lnfqg051sxx05hclva84bcbnjfc71c8x-vm-test-run-acme real 0m38.235s user 0m33.814s sys 0m2.283s ``` --- nixos/tests/all-tests.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 643162a2d863..9abe419b1c03 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -98,7 +98,7 @@ in { _3proxy = runTest ./3proxy.nix; aaaaxy = runTest ./aaaaxy.nix; - acme = runTest ./acme.nix; + acme = runTest { imports = [ ./acme.nix readOnlyPkgs ]; }; adguardhome = runTest ./adguardhome.nix; aesmd = runTestOn ["x86_64-linux"] ./aesmd.nix; agate = runTest ./web-servers/agate.nix; From f659db7ba28e8474df72cb505c790ff2cf92c1a4 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 17:10:40 +0200 Subject: [PATCH 31/37] nixos/testing: Add node.pkgs option By factoring out this logic, it's easier for other projects to make use of it this optimization too (and do it correctly). --- nixos/lib/testing/nodes.nix | 22 +++++++++++++++++++++- nixos/tests/all-tests.nix | 6 +----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index 5a6b30b8f8d5..d1238a374f24 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -1,7 +1,7 @@ testModuleArgs@{ config, lib, hostPkgs, nodes, ... }: let - inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mdDoc; + inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mkIf mdDoc; baseOS = import ../eval-config.nix { @@ -72,6 +72,19 @@ in default = { }; }; + node.pkgs = mkOption { + description = mdDoc '' + The Nixpkgs to use for the nodes. + + Setting this will make the `nixpkgs.*` options read-only, to avoid mistakenly testing with a Nixpkgs configuration that diverges from regular use. + ''; + type = types.nullOr types.pkgs; + default = null; + defaultText = literalMD '' + `null`, so construct `pkgs` according to the `nixpkgs.*` options as usual. + ''; + }; + node.specialArgs = mkOption { type = types.lazyAttrsOf types.raw; default = { }; @@ -104,5 +117,12 @@ in config.nodes; passthru.nodes = config.nodesCompat; + + defaults = mkIf (config.node.pkgs != null) { + nixpkgs.pkgs = config.node.pkgs; + imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; + disabledModules = [{ key = "nodes.nix-pkgs"; }]; + }; + }; } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9abe419b1c03..ccdd572e5ece 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -79,11 +79,7 @@ let # warnIf pkgs.config.allowAliases "nixosTests: pkgs includes aliases." { _class = "nixosTest"; - defaults = { - nixpkgs.pkgs = pkgs; - imports = [ ../modules/misc/nixpkgs/read-only.nix ]; - disabledModules = [{ key = "nodes.nix-pkgs"; }]; - }; + node.pkgs = pkgs; }; in { From 0f83261f0e2ccfa116076d1848550d1b6bccc852 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 17:39:08 +0200 Subject: [PATCH 32/37] nixos/testing: Add node.pkgsReadOnly escape hatch By adding this option indirection, a test can declare all by itself that it needs a custom nixpkgs. This is a more convenient way of going about this when the caller of the test framework receives a `node.pkgs` unconditionally. --- nixos/lib/testing/nodes.nix | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index d1238a374f24..0197097e8884 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -1,7 +1,17 @@ testModuleArgs@{ config, lib, hostPkgs, nodes, ... }: let - inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mkIf mdDoc; + inherit (lib) + literalExpression + literalMD + mapAttrs + mdDoc + mkDefault + mkIf + mkOption mkForce + optional + types + ; baseOS = import ../eval-config.nix { @@ -85,6 +95,17 @@ in ''; }; + node.pkgsReadOnly = mkOption { + description = mdDoc '' + Whether to make the `nixpkgs.*` options read-only. This is only relevant when [`node.pkgs`](#test-opt-node.pkgs) is set. + + Set this to `false` when any of the [`nodes`](#test-opt-nodes) needs to configure any of the `nixpkgs.*` options. This will slow down evaluation of your test a bit. + ''; + type = types.bool; + default = config.node.pkgs != null; + defaultText = literalExpression ''node.pkgs != null''; + }; + node.specialArgs = mkOption { type = types.lazyAttrsOf types.raw; default = { }; @@ -118,7 +139,7 @@ in passthru.nodes = config.nodesCompat; - defaults = mkIf (config.node.pkgs != null) { + defaults = mkIf config.node.pkgsReadOnly { nixpkgs.pkgs = config.node.pkgs; imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; disabledModules = [{ key = "nodes.nix-pkgs"; }]; From b0e17891f2d27c2661a5b7a03d77bfec64b508e4 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 17:47:29 +0200 Subject: [PATCH 33/37] nixos/testing/nodes.nix: Do not rely on disabledModules It's just not necessary. --- nixos/lib/testing/nodes.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index 0197097e8884..6e439fd814db 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -10,6 +10,7 @@ let mkIf mkOption mkForce optional + optionalAttrs types ; @@ -26,7 +27,7 @@ let { virtualisation.qemu.package = testModuleArgs.config.qemu.package; }) - ({ + (optionalAttrs (!config.node.pkgsReadOnly) { key = "nodes.nix-pkgs"; config = { # Ensure we do not use aliases. Ideally this is only set @@ -142,7 +143,6 @@ in defaults = mkIf config.node.pkgsReadOnly { nixpkgs.pkgs = config.node.pkgs; imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; - disabledModules = [{ key = "nodes.nix-pkgs"; }]; }; }; From 16e3647337b4cacb8f9200d4e2dfbf2f0ba87a98 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 19:25:33 +0200 Subject: [PATCH 34/37] nixos/all-tests: Enable readOnlyPkgs by default for runTest Most tests are not affected by this because they use the `handleTest` function instead. --- nixos/tests/all-tests.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index ccdd572e5ece..ae21f60c03dc 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -46,7 +46,7 @@ let inherit (rec { doRunTest = arg: ((import ../lib/testing-python.nix { inherit system pkgs; }).evalTest { - imports = [ arg ]; + imports = [ arg readOnlyPkgs ]; }).config.result; findTests = tree: if tree?recurseForDerivations && tree.recurseForDerivations @@ -94,7 +94,7 @@ in { _3proxy = runTest ./3proxy.nix; aaaaxy = runTest ./aaaaxy.nix; - acme = runTest { imports = [ ./acme.nix readOnlyPkgs ]; }; + acme = runTest ./acme.nix; adguardhome = runTest ./adguardhome.nix; aesmd = runTestOn ["x86_64-linux"] ./aesmd.nix; agate = runTest ./web-servers/agate.nix; From 64d505e2273e0b1df1e019c506a2e28aa9289bc9 Mon Sep 17 00:00:00 2001 From: Ilan Joselevich Date: Thu, 11 May 2023 18:03:14 +0300 Subject: [PATCH 35/37] nixos/tests/harmonia: check if settings work --- nixos/tests/harmonia.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/tests/harmonia.nix b/nixos/tests/harmonia.nix index 3057caf70160..6cf9ad4d2335 100644 --- a/nixos/tests/harmonia.nix +++ b/nixos/tests/harmonia.nix @@ -8,6 +8,7 @@ services.harmonia = { enable = true; signKeyPath = pkgs.writeText "cache-key" "cache.example.com-1:9FhO0w+7HjZrhvmzT1VlAZw4OSAlFGTgC24Seg3tmPl4gZBdwZClzTTHr9cVzJpwsRSYLTu7hEAQe3ljy92CWg=="; + settings.priority = 35; }; networking.firewall.allowedTCPPorts = [ 5000 ]; @@ -26,7 +27,8 @@ start_all() harmonia.wait_for_unit("harmonia.service") - client01.wait_until_succeeds("curl -f http://harmonia:5000/nix-cache-info") + + client01.wait_until_succeeds("curl -f http://harmonia:5000/nix-cache-info | grep '${toString nodes.harmonia.services.harmonia.settings.priority}' >&2") client01.succeed("curl -f http://harmonia:5000/version | grep '${nodes.harmonia.services.harmonia.package.version}' >&2") client01.succeed("cat /etc/nix/nix.conf >&2") From f02865c040a2b279bdd4a12c8dba12159009e90d Mon Sep 17 00:00:00 2001 From: Tomas Kala Date: Wed, 10 May 2023 14:32:35 +0200 Subject: [PATCH 36/37] aws-secretsmanager-caching: init at 1.1.1.5 --- .../aws-secretsmanager-caching/default.nix | 63 +++++++++++++++++++ .../remove-coverage-tests.patch | 14 +++++ pkgs/top-level/python-packages.nix | 2 + 3 files changed, 79 insertions(+) create mode 100644 pkgs/development/python-modules/aws-secretsmanager-caching/default.nix create mode 100644 pkgs/development/python-modules/aws-secretsmanager-caching/remove-coverage-tests.patch diff --git a/pkgs/development/python-modules/aws-secretsmanager-caching/default.nix b/pkgs/development/python-modules/aws-secretsmanager-caching/default.nix new file mode 100644 index 000000000000..95343fbf373d --- /dev/null +++ b/pkgs/development/python-modules/aws-secretsmanager-caching/default.nix @@ -0,0 +1,63 @@ +{ lib +, buildPythonPackage +, pythonOlder +, fetchPypi +, setuptools-scm +, botocore +, pytestCheckHook +}: + +buildPythonPackage rec { + pname = "aws_secretsmanager_caching"; + version = "1.1.1.5"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; + + src = fetchPypi { + inherit pname version; + sha256 = "5cee2762bb89b72f3e5123feee8e45fbe44ffe163bfca08b28f27b2e2b7772e1"; + }; + + nativeBuildInputs = [ + setuptools-scm + ]; + + propagatedBuildInputs = [ + botocore + ]; + + patches = [ + # Remove coverage tests from the pytest invocation in setup.cfg. + ./remove-coverage-tests.patch + ]; + + postPatch = '' + substituteInPlace setup.py \ + --replace "'pytest-runner'," "" + ''; + + nativeCheckInputs = [ + pytestCheckHook + ]; + + disabledTestPaths = [ + # Integration tests require networking. + "test/integ" + ]; + + pythonImportsCheck = [ + "aws_secretsmanager_caching" + ]; + + meta = with lib; { + description = "Client-side AWS secrets manager caching library"; + homepage = "https://github.com/aws/aws-secretsmanager-caching-python"; + changelog = "https://github.com/aws/aws-secretsmanager-caching-python/releases/tag/v${version}"; + longDescription = '' + The AWS Secrets Manager Python caching client enables in-process caching of secrets for Python applications. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ tomaskala ]; + }; +} diff --git a/pkgs/development/python-modules/aws-secretsmanager-caching/remove-coverage-tests.patch b/pkgs/development/python-modules/aws-secretsmanager-caching/remove-coverage-tests.patch new file mode 100644 index 000000000000..57af75dcb4fa --- /dev/null +++ b/pkgs/development/python-modules/aws-secretsmanager-caching/remove-coverage-tests.patch @@ -0,0 +1,14 @@ +diff --git a/setup.cfg b/setup.cfg +index 5aa81b2..0c02ded 100644 +--- a/setup.cfg ++++ b/setup.cfg +@@ -3,9 +3,6 @@ xfail_strict = true + addopts = + --verbose + --doctest-modules +- --cov aws_secretsmanager_caching +- --cov-fail-under 90 +- --cov-report term-missing + --ignore doc/ + + [aliases] diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 7e3021fe6a9b..f35b6f8addd1 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -869,6 +869,8 @@ self: super: with self; { aws-sam-translator = callPackage ../development/python-modules/aws-sam-translator { }; + aws-secretsmanager-caching = callPackage ../development/python-modules/aws-secretsmanager-caching { }; + aws-xray-sdk = callPackage ../development/python-modules/aws-xray-sdk { }; awscrt = callPackage ../development/python-modules/awscrt { From a99852ad181f2399983dd9ac60798cf89ef3b711 Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Thu, 11 May 2023 13:36:05 +0200 Subject: [PATCH 37/37] lldap: build frontend from source Co-authored-by: Emily Lange --- pkgs/servers/ldap/lldap/default.nix | 127 +++++++++++++++++++--------- 1 file changed, 87 insertions(+), 40 deletions(-) diff --git a/pkgs/servers/ldap/lldap/default.nix b/pkgs/servers/ldap/lldap/default.nix index 50249e9dbe45..c4c6e1cc4384 100644 --- a/pkgs/servers/ldap/lldap/default.nix +++ b/pkgs/servers/ldap/lldap/default.nix @@ -1,68 +1,115 @@ -{ fetchFromGitHub +{ binaryen +, fetchFromGitHub +, fetchpatch , fetchzip , lib , lldap , nixosTests , rustPlatform +, stdenv +, wasm-bindgen-cli +, wasm-pack +, which }: let - # We cannot build the wasm frontend from source, as the - # wasm32-unknown-unknown rustc target isn't available in nixpkgs yet. - # Tracking issue: https://github.com/NixOS/nixpkgs/issues/89426 - frontend = fetchzip { - url = "https://github.com/lldap/lldap/releases/download/v${lldap.version}/amd64-lldap.tar.gz"; - hash = "sha256-/Ml4L5Gxpnmt1pLSiLNuxtzQYjTCatsVe/hE+Btl8BI="; - name = "lldap-frontend-${lldap.version}"; - postFetch = '' - mv $out $TMPDIR/extracted - mv $TMPDIR/extracted/app $out + + # version of wasm-opt, with https://github.com/rustwasm/wasm-pack/pull/1257 backported + wasm-pack-git = wasm-pack.overrideAttrs (oldAttrs: { + version = oldAttrs.version + "-git"; + patches = [(fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/rustwasm/wasm-pack/pull/1257.patch"; + sha256 = "sha256-npi9ewh0NaD67crTcje9AYxaLLOJOMzqjqEJXZF2LbQ="; + })]; + }); + + # replace with upstream wasm rustc, after resolution of + # https://github.com/NixOS/nixpkgs/issues/89426 + rustc-wasm = (rustPlatform.rust.rustc.override { + stdenv = stdenv.override { + targetPlatform = stdenv.targetPlatform // { + parsed = { + cpu.name = "wasm32"; + vendor.name = "unknown"; + kernel.name = "unknown"; + abi.name = "unknown"; + }; + }; + }; + }).overrideAttrs (attrs: { + configureFlags = attrs.configureFlags ++ ["--set=build.docs=false"]; + }); + + commonDerivationAttrs = rec { + pname = "lldap"; + version = "0.4.3"; + + src = fetchFromGitHub { + owner = "lldap"; + repo = "lldap"; + rev = "v${version}"; + hash = "sha256-FAUTykFh2eGVpx6LrCjV9xWbBPH8pCgAJv3vOXFMFZ4="; + }; + + postPatch = '' + ln -s --force ${./Cargo.lock} Cargo.lock ''; - }; -in -rustPlatform.buildRustPackage rec { - pname = "lldap"; - version = "0.4.3"; - src = fetchFromGitHub { - owner = "lldap"; - repo = "lldap"; - rev = "v${version}"; - hash = "sha256-FAUTykFh2eGVpx6LrCjV9xWbBPH8pCgAJv3vOXFMFZ4="; - }; - - # `Cargo.lock` has git dependencies, meaning can't use `cargoHash` - cargoLock = { - # 0.4.3 has been tagged before the actual Cargo.lock bump, resulting in an inconsitent lock file. - # To work around this, the Cargo.lock below is from the commit right after the tag: - # https://github.com/lldap/lldap/commit/7b4188a376baabda48d88fdca3a10756da48adda - lockFile = ./Cargo.lock; - outputHashes = { - "lber-0.4.1" = "sha256-2rGTpg8puIAXggX9rEbXPdirfetNOHWfFc80xqzPMT4="; - "opaque-ke-0.6.1" = "sha256-99gaDv7eIcYChmvOKQ4yXuaGVzo2Q6BcgSQOzsLF+fM="; - "yew_form-0.1.8" = "sha256-1n9C7NiFfTjbmc9B5bDEnz7ZpYJo9ZT8/dioRXJ65hc="; + # `Cargo.lock` has git dependencies, meaning can't use `cargoHash` + cargoLock = { + # 0.4.3 has been tagged before the actual Cargo.lock bump, resulting in an inconsitent lock file. + # To work around this, the Cargo.lock below is from the commit right after the tag: + # https://github.com/lldap/lldap/commit/7b4188a376baabda48d88fdca3a10756da48adda + lockFile = ./Cargo.lock; + outputHashes = { + "lber-0.4.1" = "sha256-2rGTpg8puIAXggX9rEbXPdirfetNOHWfFc80xqzPMT4="; + "opaque-ke-0.6.1" = "sha256-99gaDv7eIcYChmvOKQ4yXuaGVzo2Q6BcgSQOzsLF+fM="; + "yew_form-0.1.8" = "sha256-1n9C7NiFfTjbmc9B5bDEnz7ZpYJo9ZT8/dioRXJ65hc="; + }; }; }; + frontend = rustPlatform.buildRustPackage (commonDerivationAttrs // { + pname = commonDerivationAttrs.pname + "-frontend"; + + nativeBuildInputs = [ + wasm-pack-git wasm-bindgen-cli binaryen which rustc-wasm rustc-wasm.llvmPackages.lld + ]; + + buildPhase = '' + HOME=`pwd` RUSTFLAGS="-C linker=lld" ./app/build.sh + ''; + + installPhase = '' + mkdir -p $out + cp -R app/{index.html,pkg,static} $out/ + ''; + + doCheck = false; + }); + +in rustPlatform.buildRustPackage (commonDerivationAttrs // { patches = [ ./static-frontend-path.patch ]; - postPatch = '' - ln -s --force ${./Cargo.lock} Cargo.lock + postPatch = commonDerivationAttrs.postPatch + '' substituteInPlace server/src/infra/tcp_server.rs --subst-var-by frontend '${frontend}' ''; - passthru.tests = { - inherit (nixosTests) lldap; + passthru = { + inherit frontend; + tests = { + inherit (nixosTests) lldap; + }; }; meta = with lib; { description = "A lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication"; homepage = "https://github.com/lldap/lldap"; - changelog = "https://github.com/lldap/lldap/blob/v${version}/CHANGELOG.md"; + changelog = "https://github.com/lldap/lldap/blob/v${lldap.version}/CHANGELOG.md"; license = licenses.gpl3Only; platforms = platforms.linux; - maintainers = with maintainers; [ indeednotjames ]; + maintainers = with maintainers; [ indeednotjames bendlas ]; }; -} +})