Merge staging-next into staging

This commit is contained in:
Frederik Rietdijk 2018-11-03 12:47:05 +01:00
commit e1baed0143
36 changed files with 603 additions and 298 deletions

18
.github/CODEOWNERS vendored
View file

@ -12,7 +12,7 @@
# Libraries
/lib @edolstra @nbp
/lib/systems @nbp @ericson2314
/lib/systems @nbp @ericson2314 @matthewbauer
/lib/generators.nix @edolstra @nbp @Profpatsch
/lib/debug.nix @edolstra @nbp @Profpatsch
@ -20,9 +20,11 @@
/default.nix @nbp
/pkgs/top-level/default.nix @nbp @Ericson2314
/pkgs/top-level/impure.nix @nbp @Ericson2314
/pkgs/top-level/stage.nix @nbp @Ericson2314
/pkgs/stdenv/generic @Ericson2314
/pkgs/stdenv/cross @Ericson2314
/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer
/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer
/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer
/pkgs/stdenv/generic @Ericson2314 @matthewbauer
/pkgs/stdenv/cross @Ericson2314 @matthewbauer
/pkgs/build-support/cc-wrapper @Ericson2314 @orivej
/pkgs/build-support/bintools-wrapper @Ericson2314 @orivej
/pkgs/build-support/setup-hooks @Ericson2314
@ -74,6 +76,14 @@
/pkgs/stdenv/darwin @NixOS/darwin-maintainers
/pkgs/os-specific/darwin @NixOS/darwin-maintainers
# C compilers
/pkgs/development/compilers/gcc @matthewbauer
/pkgs/development/compilers/llvm @matthewbauer
# Compatibility stuff
/pkgs/top-level/unix-tools.nix @matthewbauer
/pkgs/development/tools/xcbuild @matthewbauer
# Beam-related (Erlang, Elixir, LFE, etc)
/pkgs/development/beam-modules @gleber
/pkgs/development/interpreters/erlang @gleber

View file

@ -4163,6 +4163,11 @@
github = "taku0";
name = "Takuo Yonezawa";
};
talyz = {
email = "kim.lindberger@gmail.com";
github = "talyz";
name = "Kim Lindberger";
};
tari = {
email = "peter@taricorp.net";
github = "tari";

View file

@ -14,15 +14,16 @@ let
pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url;
pgSuperUser = config.services.postgresql.superUser;
databaseYml = ''
production:
adapter: postgresql
database: ${cfg.databaseName}
host: ${cfg.databaseHost}
password: ${cfg.databasePassword}
username: ${cfg.databaseUsername}
encoding: utf8
'';
databaseConfig = {
production = {
adapter = "postgresql";
database = cfg.databaseName;
host = cfg.databaseHost;
password = cfg.databasePassword;
username = cfg.databaseUsername;
encoding = "utf8";
};
};
gitalyToml = pkgs.writeText "gitaly.toml" ''
socket_path = "${lib.escape ["\""] gitalySocket}"
@ -45,35 +46,31 @@ let
'') gitlabConfig.production.repositories.storages))}
'';
gitlabShellYml = ''
user: ${cfg.user}
gitlab_url: "http+unix://${pathUrlQuote gitlabSocket}"
http_settings:
self_signed_cert: false
repos_path: "${cfg.statePath}/repositories"
secret_file: "${cfg.statePath}/config/gitlab_shell_secret"
log_file: "${cfg.statePath}/log/gitlab-shell.log"
custom_hooks_dir: "${cfg.statePath}/custom_hooks"
redis:
bin: ${pkgs.redis}/bin/redis-cli
host: 127.0.0.1
port: 6379
database: 0
namespace: resque:gitlab
'';
gitlabShellConfig = {
user = cfg.user;
gitlab_url = "http+unix://${pathUrlQuote gitlabSocket}";
http_settings.self_signed_cert = false;
repos_path = "${cfg.statePath}/repositories";
secret_file = "${cfg.statePath}/config/gitlab_shell_secret";
log_file = "${cfg.statePath}/log/gitlab-shell.log";
custom_hooks_dir = "${cfg.statePath}/custom_hooks";
redis = {
bin = "${pkgs.redis}/bin/redis-cli";
host = "127.0.0.1";
port = 6379;
database = 0;
namespace = "resque:gitlab";
};
};
redisYml = ''
production:
url: redis://localhost:6379/
'';
redisConfig.production.url = "redis://localhost:6379/";
secretsYml = ''
production:
secret_key_base: ${cfg.secrets.secret}
otp_key_base: ${cfg.secrets.otp}
db_key_base: ${cfg.secrets.db}
openid_connect_signing_key: ${builtins.toJSON cfg.secrets.jws}
'';
secretsConfig.production = {
secret_key_base = cfg.secrets.secret;
otp_key_base = cfg.secrets.otp;
db_key_base = cfg.secrets.db;
openid_connect_signing_key = cfg.secrets.jws;
};
gitlabConfig = {
# These are the default settings from config/gitlab.example.yml
@ -115,12 +112,8 @@ let
upload_pack = true;
receive_pack = true;
};
workhorse = {
secret_file = "${cfg.statePath}/.gitlab_workhorse_secret";
};
git = {
bin_path = "git";
};
workhorse.secret_file = "${cfg.statePath}/.gitlab_workhorse_secret";
git.bin_path = "git";
monitoring = {
ip_whitelist = [ "127.0.0.0/8" "::1/128" ];
sidekiq_exporter = {
@ -138,7 +131,7 @@ let
HOME = "${cfg.statePath}/home";
UNICORN_PATH = "${cfg.statePath}/";
GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/";
GITLAB_STATE_PATH = "${cfg.statePath}";
GITLAB_STATE_PATH = cfg.statePath;
GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads";
SCHEMA = "${cfg.statePath}/db/schema.rb";
GITLAB_LOG_PATH = "${cfg.statePath}/log";
@ -146,13 +139,11 @@ let
GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/shell/config.yml";
GITLAB_SHELL_SECRET_PATH = "${cfg.statePath}/config/gitlab_shell_secret";
GITLAB_SHELL_HOOKS_PATH = "${cfg.statePath}/shell/hooks";
GITLAB_REDIS_CONFIG_FILE = pkgs.writeText "gitlab-redis.yml" redisYml;
GITLAB_REDIS_CONFIG_FILE = pkgs.writeText "redis.yml" (builtins.toJSON redisConfig);
prometheus_multiproc_dir = "/run/gitlab";
RAILS_ENV = "production";
};
unicornConfig = builtins.readFile ./defaultUnicornConfig.rb;
gitlab-rake = pkgs.stdenv.mkDerivation rec {
name = "gitlab-rake";
buildInputs = [ pkgs.makeWrapper ];
@ -162,7 +153,6 @@ let
mkdir -p $out/bin
makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \
${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
--set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \
--set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \
--set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \
--run 'cd ${cfg.packages.gitlab}/share/gitlab'
@ -306,7 +296,6 @@ in {
initialRootPassword = mkOption {
type = types.str;
default = "UseNixOS!";
description = ''
Initial password of the root account if this is a new install.
'';
@ -461,10 +450,30 @@ in {
}
];
systemd.tmpfiles.rules = [
"d /run/gitlab 0755 ${cfg.user} ${cfg.group} -"
"d ${gitlabEnv.HOME} 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.backupPath} 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/db 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/log 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/repositories 2770 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/shell 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/tmp/pids 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/tmp/sockets 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/uploads 0700 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/custom_hooks/pre-receive.d 0700 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/custom_hooks/post-receive.d 0700 ${cfg.user} ${cfg.group} -"
"d ${cfg.statePath}/custom_hooks/update.d 0700 ${cfg.user} ${cfg.group} -"
"d ${gitlabConfig.production.shared.path}/artifacts 0750 ${cfg.user} ${cfg.group} -"
"d ${gitlabConfig.production.shared.path}/lfs-objects 0750 ${cfg.user} ${cfg.group} -"
"d ${gitlabConfig.production.shared.path}/pages 0750 ${cfg.user} ${cfg.group} -"
];
systemd.services.gitlab-sidekiq = {
after = [ "network.target" "redis.service" ];
after = [ "network.target" "redis.service" "gitlab.service" ];
wantedBy = [ "multi-user.target" ];
partOf = [ "gitlab.service" ];
environment = gitlabEnv;
path = with pkgs; [
config.services.postgresql.package
@ -486,10 +495,8 @@ in {
};
systemd.services.gitaly = {
after = [ "network.target" "gitlab.service" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.HOME = gitlabEnv.HOME;
environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH;
path = with pkgs; [ gitAndTools.git cfg.packages.gitaly.rubyEnv cfg.packages.gitaly.rubyEnv.wrappedRuby ];
serviceConfig = {
Type = "simple";
@ -505,8 +512,6 @@ in {
systemd.services.gitlab-workhorse = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment.HOME = gitlabEnv.HOME;
environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH;
path = with pkgs; [
gitAndTools.git
gnutar
@ -514,10 +519,6 @@ in {
openssh
gitlab-workhorse
];
preStart = ''
mkdir -p /run/gitlab
chown ${cfg.user}:${cfg.group} /run/gitlab
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
Type = "simple";
@ -538,7 +539,7 @@ in {
};
systemd.services.gitlab = {
after = [ "network.target" "postgresql.service" "redis.service" ];
after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "postgresql.service" "redis.service" ];
requires = [ "gitlab-sidekiq.service" ];
wantedBy = [ "multi-user.target" ];
environment = gitlabEnv;
@ -551,102 +552,75 @@ in {
gnupg
];
preStart = ''
mkdir -p ${cfg.backupPath}
mkdir -p ${cfg.statePath}/builds
mkdir -p ${cfg.statePath}/repositories
mkdir -p ${gitlabConfig.production.shared.path}/artifacts
mkdir -p ${gitlabConfig.production.shared.path}/lfs-objects
mkdir -p ${gitlabConfig.production.shared.path}/pages
mkdir -p ${cfg.statePath}/log
mkdir -p ${cfg.statePath}/tmp/pids
mkdir -p ${cfg.statePath}/tmp/sockets
mkdir -p ${cfg.statePath}/shell
mkdir -p ${cfg.statePath}/db
mkdir -p ${cfg.statePath}/uploads
mkdir -p ${cfg.statePath}/custom_hooks/pre-receive.d
mkdir -p ${cfg.statePath}/custom_hooks/post-receive.d
mkdir -p ${cfg.statePath}/custom_hooks/update.d
rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks
mkdir -p ${cfg.statePath}/config
${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/config/gitlab_shell_secret
mkdir -p /run/gitlab
mkdir -p ${cfg.statePath}/log
[ -d /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log
[ -d /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp
[ -d /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml
chown -R ${cfg.user}:${cfg.group} /run/gitlab
# Prepare home directory
mkdir -p ${gitlabEnv.HOME}/.ssh
touch ${gitlabEnv.HOME}/.ssh/authorized_keys
chown -R ${cfg.user}:${cfg.group} ${gitlabEnv.HOME}/
cp -rf ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db
cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
${optionalString cfg.smtp.enable ''
ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
''}
ln -sf ${cfg.statePath}/config /run/gitlab/config
if [ -e ${cfg.statePath}/lib ]; then
rm ${cfg.statePath}/lib
fi
ln -sf ${pkgs.gitlab}/share/gitlab/lib ${cfg.statePath}/lib
ln -sf ${cfg.packages.gitlab}/share/gitlab/lib ${cfg.statePath}/lib
[ -L /run/gitlab/config ] || ln -sf ${cfg.statePath}/config /run/gitlab/config
[ -L /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log
[ -L /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp
[ -L /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
${optionalString cfg.smtp.enable ''
ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
''}
cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
# JSON is a subset of YAML
ln -fs ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml
ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.statePath}/config/database.yml
ln -fs ${pkgs.writeText "secrets.yml" secretsYml} ${cfg.statePath}/config/secrets.yml
ln -fs ${pkgs.writeText "unicorn.rb" unicornConfig} ${cfg.statePath}/config/unicorn.rb
ln -sf ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml
ln -sf ${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} ${cfg.statePath}/config/database.yml
ln -sf ${pkgs.writeText "secrets.yml" (builtins.toJSON secretsConfig)} ${cfg.statePath}/config/secrets.yml
ln -sf ${./defaultUnicornConfig.rb} ${cfg.statePath}/config/unicorn.rb
# Install the shell required to push repositories
ln -sf ${pkgs.writeText "config.yml" (builtins.toJSON gitlabShellConfig)} /run/gitlab/shell-config.yml
[ -L ${cfg.statePath}/shell/hooks ] || ln -sf ${cfg.packages.gitlab-shell}/hooks ${cfg.statePath}/shell/hooks
${cfg.packages.gitlab-shell}/bin/install
chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}/
chmod -R ug+rwX,o-rwx+X ${cfg.statePath}/
chown -R ${cfg.user}:${cfg.group} /run/gitlab
# Install the shell required to push repositories
ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} "$GITLAB_SHELL_CONFIG_PATH"
ln -fs ${cfg.packages.gitlab-shell}/hooks "$GITLAB_SHELL_HOOKS_PATH"
${cfg.packages.gitlab-shell}/bin/install
if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then
if ! test -e "${cfg.statePath}/db-created"; then
if ! test -e "${cfg.statePath}/db-created"; then
if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then
${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "CREATE ROLE ${cfg.databaseUsername} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.databasePassword}'"
${pkgs.sudo}/bin/sudo -u ${pgSuperUser} ${config.services.postgresql.package}/bin/createdb --owner ${cfg.databaseUsername} ${cfg.databaseName}
touch "${cfg.statePath}/db-created"
# enable required pg_trgm extension for gitlab
${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql ${cfg.databaseName} -c "CREATE EXTENSION IF NOT EXISTS pg_trgm"
fi
# enable required pg_trgm extension for gitlab
${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql ${cfg.databaseName} -c "CREATE EXTENSION IF NOT EXISTS pg_trgm"
${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake db:schema:load
touch "${cfg.statePath}/db-created"
fi
# Always do the db migrations just to be sure the database is up-to-date
${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production
${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake db:migrate
# The gitlab:setup task is horribly broken somehow, the db:migrate
# task above and the db:seed_fu below will do the same for setting
# up the initial database
if ! test -e "${cfg.statePath}/db-seeded"; then
${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \
${pkgs.sudo}/bin/sudo -u ${cfg.user} ${gitlab-rake}/bin/gitlab-rake db:seed_fu \
GITLAB_ROOT_PASSWORD='${cfg.initialRootPassword}' GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}'
touch "${cfg.statePath}/db-seeded"
fi
# The gitlab:shell:setup regenerates the authorized_keys file so that
# the store path to the gitlab-shell in it gets updated
${pkgs.sudo}/bin/sudo -u ${cfg.user} force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup RAILS_ENV=production
${pkgs.sudo}/bin/sudo -u ${cfg.user} -H force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup
# The gitlab:shell:create_hooks task seems broken for fixing links
# so we instead delete all the hooks and create them anew
rm -f ${cfg.statePath}/repositories/**/*.git/hooks
${gitlab-rake}/bin/gitlab-rake gitlab:shell:create_hooks RAILS_ENV=production
${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake gitlab:shell:create_hooks
${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${pkgs.git}/bin/git config --global core.autocrlf "input"
# Change permissions in the last step because some of the
# intermediary scripts like to create directories as root.
chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}
chmod -R ug+rwX,o-rwx+X ${cfg.statePath}
chmod -R u+rwX,go-rwx+X ${gitlabEnv.HOME}
chmod -R ug+rwX,o-rwx ${cfg.statePath}/repositories
chmod -R ug-s ${cfg.statePath}/repositories

View file

@ -0,0 +1,135 @@
{ config, lib, pkgs, ... }:
with lib;
with builtins;
let
cfg = config.virtualisation;
sanitizeImageName = image: replaceStrings ["/"] ["-"] image.imageName;
hash = drv: head (split "-" (baseNameOf drv.outPath));
# The label of an ext4 FS is limited to 16 bytes
labelFromImage = image: substring 0 16 (hash image);
# The Docker image is loaded and some files from /var/lib/docker/
# are written into a qcow image.
preload = image: pkgs.vmTools.runInLinuxVM (
pkgs.runCommand "docker-preload-image-${sanitizeImageName image}" {
buildInputs = with pkgs; [ docker e2fsprogs utillinux curl kmod ];
preVM = pkgs.vmTools.createEmptyImage {
size = cfg.dockerPreloader.qcowSize;
fullName = "docker-deamon-image.qcow2";
};
}
''
mkfs.ext4 /dev/vda
e2label /dev/vda ${labelFromImage image}
mkdir -p /var/lib/docker
mount -t ext4 /dev/vda /var/lib/docker
modprobe overlay
# from https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
cd /sys/fs/cgroup
for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
mkdir -p $sys
if ! mountpoint -q $sys; then
if ! mount -n -t cgroup -o $sys cgroup $sys; then
rmdir $sys || true
fi
fi
done
dockerd -H tcp://127.0.0.1:5555 -H unix:///var/run/docker.sock &
until $(curl --output /dev/null --silent --connect-timeout 2 http://127.0.0.1:5555); do
printf '.'
sleep 1
done
docker load -i ${image}
kill %1
find /var/lib/docker/ -maxdepth 1 -mindepth 1 -not -name "image" -not -name "overlay2" | xargs rm -rf
'');
preloadedImages = map preload cfg.dockerPreloader.images;
in
{
options.virtualisation.dockerPreloader = {
images = mkOption {
default = [ ];
type = types.listOf types.package;
description =
''
A list of Docker images to preload (in the /var/lib/docker directory).
'';
};
qcowSize = mkOption {
default = 1024;
type = types.int;
description =
''
The size (MB) of qcow files.
'';
};
};
config = {
assertions = [{
# If docker.storageDriver is null, Docker choose the storage
# driver. So, in this case, we cannot be sure overlay2 is used.
assertion = cfg.dockerPreloader.images == []
|| cfg.docker.storageDriver == "overlay2"
|| cfg.docker.storageDriver == "overlay"
|| cfg.docker.storageDriver == null;
message = "The Docker image Preloader only works with overlay2 storage driver!";
}];
virtualisation.qemu.options =
map (path: "-drive if=virtio,file=${path}/disk-image.qcow2,readonly,media=cdrom,format=qcow2")
preloadedImages;
# All attached QCOW files are mounted and their contents are linked
# to /var/lib/docker/ in order to make image available.
systemd.services.docker-preloader = {
description = "Preloaded Docker images";
wantedBy = ["docker.service"];
after = ["network.target"];
path = with pkgs; [ mount rsync jq ];
script = ''
mkdir -p /var/lib/docker/overlay2/l /var/lib/docker/image/overlay2
echo '{}' > /tmp/repositories.json
for i in ${concatStringsSep " " (map labelFromImage cfg.dockerPreloader.images)}; do
mkdir -p /mnt/docker-images/$i
# The ext4 label is limited to 16 bytes
mount /dev/disk/by-label/$(echo $i | cut -c1-16) -o ro,noload /mnt/docker-images/$i
find /mnt/docker-images/$i/overlay2/ -maxdepth 1 -mindepth 1 -not -name l\
-exec ln -s '{}' /var/lib/docker/overlay2/ \;
cp -P /mnt/docker-images/$i/overlay2/l/* /var/lib/docker/overlay2/l/
rsync -a /mnt/docker-images/$i/image/ /var/lib/docker/image/
# Accumulate image definitions
cp /tmp/repositories.json /tmp/repositories.json.tmp
jq -s '.[0] * .[1]' \
/tmp/repositories.json.tmp \
/mnt/docker-images/$i/image/overlay2/repositories.json \
> /tmp/repositories.json
done
mv /tmp/repositories.json /var/lib/docker/image/overlay2/repositories.json
'';
serviceConfig = {
Type = "oneshot";
};
};
};
}

View file

@ -185,7 +185,10 @@ let
in
{
imports = [ ../profiles/qemu-guest.nix ];
imports = [
../profiles/qemu-guest.nix
./docker-preloader.nix
];
options = {

View file

@ -283,6 +283,7 @@ in rec {
tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {};
tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {};
tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {};
tests.docker-preloader = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-preloader.nix {};
tests.docker-registry = callTest tests/docker-registry.nix {};
tests.dovecot = callTest tests/dovecot.nix {};
tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {};
@ -300,7 +301,7 @@ in rec {
tests.fsck = callTest tests/fsck.nix {};
tests.fwupd = callTest tests/fwupd.nix {};
tests.gdk-pixbuf = callTest tests/gdk-pixbuf.nix {};
#tests.gitlab = callTest tests/gitlab.nix {};
tests.gitlab = callTest tests/gitlab.nix {};
tests.gitolite = callTest tests/gitolite.nix {};
tests.gjs = callTest tests/gjs.nix {};
tests.gocd-agent = callTest tests/gocd-agent.nix {};

View file

@ -0,0 +1,27 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "docker-preloader";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lewo ];
};
nodes = {
docker =
{ pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.dockerPreloader.images = [ pkgs.dockerTools.examples.nix pkgs.dockerTools.examples.bash ];
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
services.openssh.extraConfig = "PermitEmptyPasswords yes";
users.extraUsers.root.password = "";
};
};
testScript = ''
startAll;
$docker->waitForUnit("sockets.target");
$docker->succeed("docker run nix nix-store --version");
$docker->succeed("docker run bash bash --version");
'';
})

View file

@ -1,14 +1,18 @@
# This test runs gitlab and checks if it works
import ./make-test.nix ({ pkgs, ...} : {
import ./make-test.nix ({ pkgs, lib, ...} : with lib; {
name = "gitlab";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ domenkozar offline ];
maintainers = [ globin ];
};
nodes = {
gitlab = { ... }: {
virtualisation.memorySize = 768;
virtualisation.memorySize = 4096;
systemd.services.gitlab.serviceConfig.Restart = mkForce "no";
systemd.services.gitlab-workhorse.serviceConfig.Restart = mkForce "no";
systemd.services.gitaly.serviceConfig.Restart = mkForce "no";
systemd.services.gitlab-sidekiq.serviceConfig.Restart = mkForce "no";
services.nginx = {
enable = true;
@ -19,10 +23,10 @@ import ./make-test.nix ({ pkgs, ...} : {
};
};
systemd.services.gitlab.serviceConfig.TimeoutStartSec = "10min";
services.gitlab = {
enable = true;
databasePassword = "dbPassword";
initialRootPassword = "notproduction";
secrets = {
secret = "secret";
otp = "otpsecret";
@ -65,8 +69,12 @@ import ./make-test.nix ({ pkgs, ...} : {
testScript = ''
$gitlab->start();
$gitlab->waitForUnit("gitaly.service");
$gitlab->waitForUnit("gitlab-workhorse.service");
$gitlab->waitForUnit("gitlab.service");
$gitlab->waitForUnit("gitlab-sidekiq.service");
$gitlab->waitUntilSucceeds("curl http://localhost:80/users/sign_in");
$gitlab->waitForFile("/var/gitlab/state/tmp/sockets/gitlab.socket");
$gitlab->waitUntilSucceeds("curl -sSf http://localhost/users/sign_in");
$gitlab->succeed("${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2")
'';
})

View file

@ -0,0 +1,36 @@
{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, curl, libnotify, gdk_pixbuf }:
stdenv.mkDerivation rec {
version = "2018-10-11";
name = "cmusfm-unstable-${version}";
src = fetchFromGitHub {
owner = "Arkq";
repo = "cmusfm";
rev = "ad2fd0aad3f4f1a25add1b8c2f179e8859885873";
sha256 = "0wpwdwgyrp64nvwc6shy0n387p31j6aw6cnmfi9x2y1jhl5hbv6b";
};
# building
configureFlags = [ "--enable-libnotify" ];
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = [ curl libnotify gdk_pixbuf ];
meta = with stdenv.lib; {
description = "Last.fm and Libre.fm standalone scrobbler for the cmus music player";
longDescription = ''
Features:
+ Listening now notification support
+ Off-line played track cache for later submission
+ POSIX ERE-based file name parser
+ Desktop notification support (optionally)
+ Customizable scrobbling service
+ Small memory footprint
Configuration:
+ run `cmusfm init` to generate configuration file under ~/.config/cmus/cmusfm.conf
+ Inside cmus run `:set status_display_program=cmusfm` to set up cmusfm
'';
homepage = https://github.com/Arkq/cmusfm/;
maintainers = with stdenv.lib.maintainers; [ CharlesHD ];
license = licenses.gpl3Plus;
platforms = platforms.linux ++ platforms.darwin;
};
}

View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "josm-${version}";
version = "14289";
version = "14382";
src = fetchurl {
url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
sha256 = "102dph3479qskzf72cpb9139pq9ifka6pzna1c6s5rs2il6mfvsb";
sha256 = "1a2nx9jr1fvw95gdvl9kj3z0cs6ndafm0k4l0lwfx9p9qn4lgzjg";
};
buildInputs = [ jdk11 makeWrapper ];

View file

@ -11,8 +11,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-alicloud";
version = "1.17.0";
sha256 = "1zmywmcgfmx5ccp0qxj912sqymisxdg2s84b4qclfa225hrbaqpn";
version = "1.21.0";
sha256 = "17853l2s5z1y2g24wdkapdp26hw0sx5w73y118h0px85fiwhkq79";
};
archive =
{
@ -39,15 +39,15 @@
{
owner = "terraform-providers";
repo = "terraform-provider-aws";
version = "1.38.0";
sha256 = "1jhr2l8p7wf7kgr2y0c40n1jb9p2153xkpcp4b2half2vhsh1nwi";
version = "1.42.0";
sha256 = "1wi1m7i6vq53p36x1prax4yaz400834024q494zg0ckk4rvngfp6";
};
azurerm =
{
owner = "terraform-providers";
repo = "terraform-provider-azurerm";
version = "1.15.0";
sha256 = "1pdmj0ww5y2nwxivlf5l886nwd76hpqhwdayab2fp16zyl1qbpfd";
version = "1.17.0";
sha256 = "03sjlqkwy0qa382sjwi21g6h2fz1mpsiqcd4naj5zh76fkp8aslw";
};
azurestack =
{
@ -88,8 +88,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-circonus";
version = "0.1.1";
sha256 = "05n1q9hc0h31icxsmyi2y60wiwd5fs2hz1dqm3bl6hgh5x3ss1im";
version = "0.2.0";
sha256 = "1vcia3p31cgdwjs06k4244bk7ib2qp1f2lhc7hmyhdfi1c8jym45";
};
clc =
{
@ -102,8 +102,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-cloudflare";
version = "1.5.0";
sha256 = "0l8bmnxmjr2g3xxw8w0ay91cvs4kzc65wkdwybfahvq9r6mww45n";
version = "1.7.0";
sha256 = "0sqq6miwyh6z86b3wq2bhkaj4x39g2nqq784py8nm8gvs06gcm5a";
};
cloudscale =
{
@ -130,22 +130,22 @@
{
owner = "terraform-providers";
repo = "terraform-provider-consul";
version = "2.1.0";
sha256 = "1qm29vj8ms37zb4b3bhdv4b4vrl0am134zmc654lb2g582cnj9yw";
version = "2.2.0";
sha256 = "13jwvf7n7238pzvdq9m6vnl9vqa9hkr1mrcf9sa1q9lxkim9ijfk";
};
datadog =
{
owner = "terraform-providers";
repo = "terraform-provider-datadog";
version = "1.3.0";
sha256 = "0d3xccfkzibjp4jl8irja1cdhppdn3b7nh4wy857zvfxpfhz7aj2";
version = "1.4.0";
sha256 = "06ik2k0jkm4200d8njpsidwfjl12ikn5ciqkmlxfwr3b8s1w8kpa";
};
digitalocean =
{
owner = "terraform-providers";
repo = "terraform-provider-digitalocean";
version = "0.1.3";
sha256 = "10crxciw7y2gnm8vqp007vw0k7c1a1xk2z2zsjr5rksk6qlnri4k";
version = "1.0.2";
sha256 = "0ilkdnadzsidq8hia5wk4jyk6034pmajrpkgwf4ryz7kx41vy2g6";
};
dme =
{
@ -172,8 +172,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-docker";
version = "1.0.1";
sha256 = "1q5bsdvp47gvpiyqlzgrpxczlh6m9g870pn84ks49xfkwk5izpz6";
version = "1.1.0";
sha256 = "1ba9z9fd69hpg6kg30nf95zzskzipi74s1aadywc068gfrkdm9jj";
};
dyn =
{
@ -193,15 +193,15 @@
{
owner = "terraform-providers";
repo = "terraform-provider-fastly";
version = "0.3.0";
sha256 = "1hh4s81g256iy1rvp9snqbyhidz8n6p7pzanlxp89ffrq9p32sp0";
version = "0.4.0";
sha256 = "1fkn9b6ibs36cmhknb3x05g31rf73w70xwx05rh9fhybrz5dd9z9";
};
flexibleengine =
{
owner = "terraform-providers";
repo = "terraform-provider-flexibleengine";
version = "1.1.0";
sha256 = "07g6kc211crxf9nvgvghg05jdahd1fb09lpwfcps9ph259pwwam3";
version = "1.2.1";
sha256 = "000v6fmmnwfibzfssk23s9qwrb8a9l0j1qd14x2dqsc7ql0kbnz8";
};
github =
{
@ -221,8 +221,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-google";
version = "1.18.0";
sha256 = "0zwy1imby0xqvb86a82rdvglipf2sfpi3rmsj72iikp7vi3mqk64";
version = "1.19.1";
sha256 = "1n2a1y9103xkndmvr5cvj7i1m8s9lv61vgijgk3m2f73pb4znak0";
};
grafana =
{
@ -235,15 +235,22 @@
{
owner = "terraform-providers";
repo = "terraform-provider-hcloud";
version = "1.3.0";
sha256 = "0sb9pajsy0if18vgw5pllgv8qvb4v7pv65m2f3hfkck2za82ndwb";
version = "1.4.0";
sha256 = "00mq6p2y61z4hg9dncf3mj59cp6fx4iqrn86m96wkw346shs6prs";
};
helm =
{
owner = "terraform-providers";
repo = "terraform-provider-helm";
version = "0.6.2";
sha256 = "11j4lpzbrdszgkjf1gjyibh9c5w0fly01qdkrflv98ry5csx9q5b";
};
heroku =
{
owner = "terraform-providers";
repo = "terraform-provider-heroku";
version = "1.4.0";
sha256 = "159a9add5v4dj2bry1b85i74q2lb4pjjypkm5hzrbqys6gn2imhn";
version = "1.5.0";
sha256 = "0hzzhqd87vkcbzndsn15g4nl3qhv2kvnhs9zv6kbxaxm7p7rm3pz";
};
http =
{
@ -284,8 +291,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-kubernetes";
version = "1.2.0";
sha256 = "0slvhj8f7p27r9v4vb5vjyqpmzlpaji1djzwsxsf247df68mka61";
version = "1.3.0";
sha256 = "0fhh0r92whcxqz4z2kb6qx9dyygms5mz7ifhb9c7s2r22jnfz1j3";
};
librato =
{
@ -294,6 +301,13 @@
version = "0.1.0";
sha256 = "0bxadwj5s7bvc4vlymn3w6qckf14hz82r7q98w2nh55sqr52d923";
};
linode =
{
owner = "terraform-providers";
repo = "terraform-provider-linode";
version = "1.1.0";
sha256 = "19c269w8jjx04a8rhm4x7bg2xad3y0s74wgis446mwaw7mhla3l3";
};
local =
{
owner = "terraform-providers";
@ -340,8 +354,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-newrelic";
version = "1.0.1";
sha256 = "0g4fd2rvx90f2bmjl6jjdvrsx7ayhf30vj9y3mklhxgsd9x83wpq";
version = "1.1.0";
sha256 = "040pxbr4xp0h6s0njdwy0phlkblnk5p3xrcms2gkwyzkqpd82s8b";
};
nomad =
{
@ -371,12 +385,19 @@
version = "1.0.0";
sha256 = "12vpa09xrq8z1pjq0bwzq3889c4fl6c5kvynwqy0z1pdx21m60ha";
};
nutanix =
{
owner = "terraform-providers";
repo = "terraform-provider-nutanix";
version = "1.0.0";
sha256 = "16nky5ryyjvv7vny18ymxvy20ivwmqw7lagnz48pq8mnwwrp5541";
};
oci =
{
owner = "terraform-providers";
repo = "terraform-provider-oci";
version = "3.1.1";
sha256 = "0wrvb44gs0c1khvam5lrq53l2889japg7d4nyk2hrpywy9japc8m";
version = "3.5.0";
sha256 = "0f4m6rahis1n62w0h0amg8sjs5bb3ifnrfzq1dys7r01k5411wcf";
};
oneandone =
{
@ -389,22 +410,22 @@
{
owner = "terraform-providers";
repo = "terraform-provider-opc";
version = "1.2.1";
sha256 = "0mnvi47kbdwwpfzdlcd1mhd15w5b0ivwxi1a5lvs0zyqf0g0cas8";
version = "1.3.0";
sha256 = "1ksqjfp6gxgrpc9gcs9jv3wj5058z93h7prv4mhvc2bilal4gc0p";
};
openstack =
{
owner = "terraform-providers";
repo = "terraform-provider-openstack";
version = "1.9.0";
sha256 = "0prmdj78jsyrns876cglfp8a3dbpfl33bwb0dj072flh4yknfrdr";
version = "1.11.0";
sha256 = "1wqb7q10nyr4jy9ny4giazblwhh3qrn4s1f0xb5q702b5igbfwwm";
};
opentelekomcloud =
{
owner = "terraform-providers";
repo = "terraform-provider-opentelekomcloud";
version = "1.1.0";
sha256 = "04pcgygcz2ld5hp7f29j2z3d4ypy4fm4m1zbbs9l9gc3fya88iny";
version = "1.2.0";
sha256 = "05w899l18gmdywfhakjvaxqxxzd9cxga3s932ljfibr0ssipkhh9";
};
opsgenie =
{
@ -431,8 +452,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-packet";
version = "1.2.4";
sha256 = "11ga29d5bzmn6rzlb6sb28nh1zbbwglinzn185pysqx6n21l6wva";
version = "1.2.5";
sha256 = "1c40w1q18piip4fn572mnf67g07h6g03hnin23c7jw265m4yr222";
};
pagerduty =
{
@ -445,8 +466,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-panos";
version = "1.4.0";
sha256 = "033xpglbn0q805b129kf1ywl13m4pgrkwlvgl347nldysryiasxq";
version = "1.4.1";
sha256 = "1mlz01v01675cf9ja8i42c6ssklf65kd8wpjzf0j472lfwki4xpp";
};
postgresql =
{
@ -508,15 +529,15 @@
{
owner = "terraform-providers";
repo = "terraform-provider-runscope";
version = "0.4.0";
sha256 = "1n3q2hdwvkkn5rphrcl5qfv4ry2mrr13dcjwzhbym2i1nhpxkld0";
version = "0.5.0";
sha256 = "0n0m39gaiwhqigjny51a7g36ldik33alimkqqbv6hqyzrhk0qs8h";
};
scaleway =
{
owner = "terraform-providers";
repo = "terraform-provider-scaleway";
version = "1.6.0";
sha256 = "1ykcakfw0gp239jp4brpjynxzzvlhldfpv12hkgymj22s37n5jnn";
version = "1.7.0";
sha256 = "0gsjvpwfw2sc6ncy8v3j6gs0aanq3b08j3gid43687mfd782f4gk";
};
softlayer =
{
@ -553,6 +574,13 @@
version = "1.0.0";
sha256 = "0jl6bp6gwg96sdk5j6s13vv1j9gxjpy2yva3barmzv9138i665mz";
};
tencentcloud =
{
owner = "terraform-providers";
repo = "terraform-provider-tencentcloud";
version = "1.2.2";
sha256 = "1ypsfm48c30szg3zc1sknblhwcnca8aapfgp62bhszyqxq6zq37s";
};
terraform =
{
owner = "terraform-providers";
@ -592,8 +620,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-vault";
version = "1.1.4";
sha256 = "00i9rl9pnmicvndkmvcmlj6y80341dmkqnhq09f94yljh1w1zpvv";
version = "1.2.0";
sha256 = "1z92dcr5b665l69gxs1hw1rizc5znvf0ck1lksphd301l2ywk97b";
};
vcd =
{
@ -606,8 +634,8 @@
{
owner = "terraform-providers";
repo = "terraform-provider-vsphere";
version = "1.8.1";
sha256 = "0y6n7mvv1f3jqsxlvf68iq85k69fj7a333203vkvc83dba84aqki";
version = "1.9.0";
sha256 = "1by9klwvdw3m854jffimfnsz1lnbaixi4zcv4zzs63dc3flwy2b2";
};
matchbox =
{

View file

@ -113,8 +113,8 @@ in rec {
terraform_0_10-full = terraform_0_10.withPlugins lib.attrValues;
terraform_0_11 = pluggable (generic {
version = "0.11.8";
sha256 = "1kdmx21l32vj5kvkimkx0s5mxgmgkdwlgbin4f3iqjflzip0cddh";
version = "0.11.10";
sha256 = "08mapla89g106bvqr41zfd7l4ki55by6207qlxq9caiha54nx4nb";
patches = [ ./provider-path.patch ];
passthru = { inherit plugins; };
});

View file

@ -11,29 +11,29 @@ let
groups = [ "default" "unicorn" "ed25519" "metrics" ];
};
version = "11.4.3";
version = "11.4.4";
sources = if gitlabEnterprise then {
gitlabDeb = fetchurl {
url = "https://packages.gitlab.com/gitlab/gitlab-ee/packages/debian/stretch/gitlab-ee_${version}-ee.0_amd64.deb/download.deb";
sha256 = "1cw75qj508z6n00rqgqjzdm2013kyb7c57cypmq0m08nc6f3jspz";
sha256 = "15lpcdjcw6lpmzlhqnpd6pgaxh7wvx2mldjd1vqr414r4bcnhgy4";
};
gitlab = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitlab-ee";
rev = "v${version}-ee";
sha256 = "1vqc77whpbsifbm9vgcmpxnw13v8jz1s9q04i8jfv99c59fjlids";
sha256 = "046hchr7q4jnx3j4yxg3rdixfzlva35al3ci26pf9vxrbbl5y8cg";
};
} else {
gitlabDeb = fetchurl {
url = "https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/stretch/gitlab-ce_${version}-ce.0_amd64.deb/download.deb";
sha256 = "0vk03k42pp92h520wnynl9czcigjhj9m7y68z1x0gwqr9m61r7zm";
sha256 = "02p7azyjgb984bk491q6f4zk1mikbcd38rif08kl07bjjzzkir81";
};
gitlab = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitlab-ce";
rev = "v${version}";
sha256 = "1zvjz2gv2vwqqjz52zcvi0ap3d8rdbpgsqk9wv80hqq4v37a5gfx";
sha256 = "1hq9iyp0xrxwmncn61ja3pdj9h2hmdy1l63d1ic3r1dyacybaf2g";
};
};
@ -63,17 +63,7 @@ stdenv.mkDerivation rec {
--replace "ps -U" "${procps}/bin/ps -U"
sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake
# required for some gems:
cat > config/database.yml <<EOF
production:
adapter: <%= ENV["GITLAB_DATABASE_ADAPTER"] || sqlite %>
database: gitlab
host: <%= ENV["GITLAB_DATABASE_HOST"] || "127.0.0.1" %>
password: <%= ENV["GITLAB_DATABASE_PASSWORD"] || "blerg" %>
username: gitlab
encoding: utf8
EOF
sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb
'';
buildPhase = ''

View file

@ -7,7 +7,16 @@ gatherLibraries() {
addEnvHooks "$targetOffset" gatherLibraries
isExecutable() {
readelf -h "$1" 2> /dev/null | grep -q '^ *Type: *EXEC\>'
# For dynamically linked ELF files it would be enough to check just for the
# INTERP section. However, we won't catch statically linked executables as
# they only have an ELF type of EXEC but no INTERP.
#
# So what we do here is just check whether *either* the ELF type is EXEC
# *or* there is an INTERP section. This also catches position-independent
# executables, as they typically have an INTERP section but their ELF type
# is DYN.
LANG=C readelf -h -l "$1" 2> /dev/null \
| grep -q '^ *Type: *EXEC\>\|^ *INTERP\>'
}
# We cache dependencies so that we don't need to search through all of them on
@ -157,7 +166,7 @@ autoPatchelf() {
isELF "$file" || continue
if isExecutable "$file"; then
# Skip if the executable is statically linked.
readelf -l "$file" | grep -q "^ *INTERP\\>" || continue
LANG=C readelf -l "$file" | grep -q "^ *INTERP\\>" || continue
fi
autoPatchelfFile "$file"
done < <(find "$prefix" -type f -print0)

View file

@ -1,18 +1,18 @@
{stdenv, fetchzip}:
let
version = "2.004";
version = "3.001";
in fetchzip rec {
name = "comfortaa-${version}";
url = "http://openfontlibrary.org/assets/downloads/comfortaa/38318a69b56162733bf82bc0170b7521/comfortaa.zip";
url = "https://orig00.deviantart.net/40a3/f/2017/093/d/4/comfortaa___font_by_aajohan-d1qr019.zip";
postFetch = ''
mkdir -p $out/share/fonts $out/share/doc
unzip -l $downloadedFile
unzip -j $downloadedFile \*.ttf -d $out/share/fonts/truetype
unzip -j $downloadedFile \*/FONTLOG.txt \*/donate.html -d $out/share/doc/${name}
'';
sha256 = "1gnscf3kw9p5gbc5594a22cc6nmiir9mhp1nl3mkbzd4v1jfbh2h";
sha256 = "0z7xr0cnn6ghwivrm5b5awq9bzhnay3y99qq6dkdgfkfdsaz0n9h";
meta = with stdenv.lib; {
homepage = http://aajohan.deviantart.com/art/Comfortaa-font-105395949;

View file

@ -1,11 +1,11 @@
{stdenv, fetchzip}:
let
version = "2014-11-11";
version = "2016-06-23";
in fetchzip {
name = "open-dyslexic-${version}";
url = https://github.com/antijingoist/open-dyslexic/archive/f4b5ba89018b44d633608907e15f93fb3fabbabc.zip;
url = https://github.com/antijingoist/open-dyslexic/archive/20160623-Stable.zip;
postFetch = ''
mkdir -p $out/share/{doc,fonts}
@ -13,7 +13,7 @@ in fetchzip {
unzip -j $downloadedFile \*/README.md -d $out/share/doc/open-dyslexic
'';
sha256 = "045xc7kj56q4ygnjppm8f8fwqqvf21x1piabm4nh8hwgly42a3w2";
sha256 = "1vl8z5rknh2hpr2f0v4b2qgs5kclx5pzyk8al7243k5db82a2cyi";
meta = with stdenv.lib; {
homepage = https://opendyslexic.org/;

View file

@ -1,7 +1,7 @@
{ stdenv, fetchzip }:
let
version = "3.0.2";
version = "3.0.3";
in fetchzip rec {
name = "overpass-${version}";
@ -12,7 +12,7 @@ in fetchzip rec {
mkdir -p $out/share/doc/${name} ; unzip -j $downloadedFile \*.md -d $out/share/doc/${name}
'';
sha256 = "05zv3zcfc9a707sn3hhf46b126k19d9byzvi5ixp5y2548vjvl6s";
sha256 = "1m6p7rrlyqikjvypp4698sn0lp3a4z0z5al4swblfhg8qaxzv5pg";
meta = with stdenv.lib; {
homepage = http://overpassfont.org/;

View file

@ -24,5 +24,6 @@ stdenv.mkDerivation rec {
license = licenses.mit;
maintainers = with maintainers; [ ashalkhakov matthewbauer ];
platforms = platforms.unix;
badPlatforms = [ "aarch64-linux" ];
};
}

View file

@ -370,6 +370,7 @@ self: super: {
safecopy = dontCheck super.safecopy;
sai-shape-syb = dontCheck super.sai-shape-syb;
scp-streams = dontCheck super.scp-streams;
sdl2 = dontCheck super.sdl2; # the test suite needs an x server
sdl2-ttf = dontCheck super.sdl2-ttf; # as of version 0.2.1, the test suite requires user intervention
separated = dontCheck super.separated;
shadowsocks = dontCheck super.shadowsocks;

View file

@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
rm -vf BUILD
'';
NIX_CFLAGS_COMPILE = "-Wno-error=unknown-warning-option";
enableParallelBuilds = true;
meta = with stdenv.lib; {

View file

@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
configureFlags = [ "--with-gssapi-impl=mit" ];
doCheck = true;
doCheck = !stdenv.hostPlatform.isDarwin;
meta = {
description = "GNU SASL, Simple Authentication and Security Layer library";

View file

@ -0,0 +1,13 @@
Common subdirectories: libid3tag-0.15.1b/msvc++ and libid3tag-0.15.1b-patched/msvc++
diff -uwp libid3tag-0.15.1b/utf16.c libid3tag-0.15.1b-patched/utf16.c
--- libid3tag-0.15.1b/utf16.c 2004-01-23 10:41:32.000000000 +0100
+++ libid3tag-0.15.1b-patched/utf16.c 2018-11-01 13:12:00.866050641 +0100
@@ -250,6 +250,8 @@ id3_ucs4_t *id3_utf16_deserialize(id3_by
id3_ucs4_t *ucs4;
end = *ptr + (length & ~1);
+ if (end == *ptr)
+ return 0;
utf16 = malloc((length / 2 + 1) * sizeof(*utf16));
if (utf16 == 0)

View file

@ -14,7 +14,10 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [ zlib gperf ];
patches = [ ./debian-patches.patch ];
patches = [
./debian-patches.patch
./CVE-2017-11550-and-CVE-2017-11551.patch
];
preConfigure = ''
configureFlagsArray+=(

View file

@ -3,12 +3,12 @@
, fetchPypi
, pkgs
, isPy3k
, python
}:
buildPythonPackage rec {
pname = "bsddb3";
version = "6.2.6";
disabled = isPy3k;
src = fetchPypi {
inherit pname version;
@ -17,8 +17,9 @@ buildPythonPackage rec {
buildInputs = [ pkgs.db ];
# Judging from SyntaxError in test
doCheck = false; # test suite breaks python3 compatibility
checkPhase = ''
${python.interpreter} test.py
'';
# Path to database need to be set.
# Somehow the setup.py flag is not propagated.

View file

@ -942,6 +942,10 @@ let
PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -L${pkgs.cyrus_sasl.out}/lib -L${pkgs.zlib.out}/lib -lssl -lcrypto -lsasl2 -lz";
});
ps = old.ps.overrideDerivation (attrs: {
preConfigure = "patchShebangs configure";
});
rlang = old.rlang.overrideDerivation (attrs: {
preConfigure = "patchShebangs configure";
});

View file

@ -1,16 +0,0 @@
diff --git a/tests/jq.test b/tests/jq.test
index 4a4018b..f5aa7d5 100644
--- a/src/tests/jq.test
+++ b/src/tests/jq.test
@@ -1144,9 +1144,9 @@ bsearch(4)
[1,2,3]
-4
-[strptime("%Y-%m-%dT%H:%M:%SZ")|(.,mktime)]
+[strptime("%Y-%m-%dT%H:%M:%SZ")|mktime]
"2015-03-05T23:51:47Z"
-[[2015,2,5,23,51,47,4,63],1425599507]
+[1425599507]
strftime("%Y-%m-%dT%H:%M:%SZ")
[2015,2,5,23,51,47,4,63]

View file

@ -2,33 +2,17 @@
stdenv.mkDerivation rec {
name = "jq-${version}";
version="1.5";
version="1.6";
src = fetchurl {
url="https://github.com/stedolan/jq/releases/download/jq-${version}/jq-${version}.tar.gz";
sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
sha256="1a76f46a652i2g333kfvrl6mp2w7whf6h1yly519izg4y967h9cn";
};
outputs = [ "bin" "doc" "man" "dev" "lib" "out" ];
buildInputs = [ oniguruma ];
patches = [
(fetchpatch {
name = "CVE-2015-8863.patch";
url = https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd.diff;
sha256 = "18bjanzvklfzlzzd690y88725l7iwl4f6wnr429na5pfmircbpvh";
})
(fetchpatch {
name = "CVE-2016-4074.patch";
url = https://patch-diff.githubusercontent.com/raw/stedolan/jq/pull/1214.diff;
sha256 = "1w8bapnyp56di6p9casbfczfn8258rw0z16grydavdjddfm280l9";
})
]
++ stdenv.lib.optional stdenv.isDarwin ./darwin-strptime-test.patch;
patchFlags = [ "-p2" ]; # `src` subdir was introduced after v1.5 was released
configureFlags =
[
"--bindir=\${bin}/bin"

View file

@ -1,9 +1,15 @@
{ stdenv, fetchFromGitHub, ocamlPackages, makeWrapper, writeScript
, dune, python3, rsync, fetchpatch }:
, dune, python3, rsync, fetchpatch, buck }:
let
# Manually set version - the setup script requires
# hg and git + keeping the .git directory around.
pyre-version = "0.0.14";
pyre-version = "0.0.17"; # also change typeshed revision below with $pyre-src/.typeshed-version
pyre-src = fetchFromGitHub {
owner = "facebook";
repo = "pyre-check";
rev = "v${pyre-version}";
sha256 = "0y86a3g5xbgh0byksyx5jw7yq7w840x85dhz9inz6mkg5j06mcis";
};
versionFile = writeScript "version.ml" ''
cat > "./version.ml" <<EOF
open Core
@ -20,12 +26,7 @@ let
pyre-bin = stdenv.mkDerivation {
name = "pyre-${pyre-version}";
src = fetchFromGitHub {
owner = "facebook";
repo = "pyre-check";
rev = "v${pyre-version}";
sha256 = "0c8xzaa3ljqb6llr041sydw0l4xqn7x21nw9vaymdxh35nx9bp2v";
};
src = pyre-src;
nativeBuildInputs = [ makeWrapper ];
@ -49,7 +50,6 @@ let
export HOME=.
# "external" because https://github.com/facebook/pyre-check/pull/8/files
cp Makefile.template Makefile
sed "s/%VERSION%/external/" dune.in > dune
cp ${versionFile} ./scripts/generate-version-number.sh
@ -77,20 +77,18 @@ let
description = "A performant type-checker for Python 3";
homepage = https://pyre-check.org;
license = licenses.mit;
platforms = with platforms; linux;
platforms = ocamlPackages.ocaml.meta.platforms;
maintainers = with maintainers; [ teh ];
};
};
typeshed = stdenv.mkDerivation {
name = "typeshed";
# typeshed doesn't have versions, it seems to be synchronized with
# mypy relases. I'm assigning a random version here (same as pyre).
version = pyre-version;
src = fetchFromGitHub {
owner = "python";
repo = "typeshed";
rev = "a08c6ea";
sha256 = "0wy8yh43vhyyc4g7iqnmlj66kz5in02y5qc0c4jdckhpa3mchaqk";
rev = "bc3f9fe1d3c43b00c04cedb23e0eeebc9e1734b6";
sha256 = "06b2kj4n49h4sgi8hn5kalmir8llhanfdc7f1924cxvrkj5ry94b";
};
phases = [ "unpackPhase" "installPhase" ];
installPhase = "cp -r $src $out";
@ -98,19 +96,8 @@ typeshed = stdenv.mkDerivation {
in python3.pkgs.buildPythonApplication rec {
pname = "pyre-check";
version = pyre-version;
src = fetchFromGitHub {
owner = "facebook";
repo = "pyre-check";
rev = "v${pyre-version}";
sha256 = "0ig7bx2kfn2kbxw74wysh5365yp5gyby42l9l29iclrzdghgk32l";
};
patches = [
(fetchpatch {
url = "https://github.com/facebook/pyre-check/commit/b473d2ed9fc11e7c1cd0c7b8c42f521e5cdc2003.patch";
sha256 = "05xvyp7j4n6z92bxf64rxfq5pvaadxgx1c8c5qziy75vdz72lkcy";
})
./pyre-bdist-wheel.patch
];
src = pyre-src;
patches = [ ./pyre-bdist-wheel.patch ];
# The build-pypi-package script does some funky stuff with build
# directories - easier to patch it a bit than to replace it
@ -119,15 +106,21 @@ in python3.pkgs.buildPythonApplication rec {
mkdir ./build
substituteInPlace scripts/build-pypi-package.sh \
--replace 'NIX_BINARY_FILE' '${pyre-bin}/bin/pyre.bin' \
--replace 'BUILD_ROOT="$(mktemp -d)"' "BUILD_ROOT=$(pwd)/build"
--replace 'BUILD_ROOT="$(mktemp -d)"' "BUILD_ROOT=$PWD/build"
substituteInPlace client/buck.py \
--replace '"buck"' '"${buck}/bin/buck"'
substituteInPlace client/tests/buck_test.py \
--replace '"buck"' '"${buck}/bin/buck"'
'';
buildInputs = [ pyre-bin rsync ];
buildInputs = [ pyre-bin ];
nativeBuildInputs = [ rsync ]; # only required for build-pypi-package.sh
propagatedBuildInputs = with python3.pkgs; [ docutils typeshed ];
buildPhase = ''
bash scripts/build-pypi-package.sh --version ${pyre-version} --bundle-typeshed ${typeshed}
cp -r build/dist dist
'';
doCheck = false; # can't open file 'nix_run_setup':
checkPhase = ''
bash scripts/run-python-tests.sh
'';
}

View file

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, rustPlatform }:
{ stdenv, fetchFromGitHub, rustPlatform, Security }:
rustPlatform.buildRustPackage rec {
name = "cargo-asm-${version}";
@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec {
cargoSha256 = "1m2j6i8hc8isdlj77gv9m6sk6q0x3bvzpva2k16g27i1ngy1989b";
buildInputs = stdenv.lib.optional stdenv.isDarwin Security;
# Test checks against machine code output, which fails with some
# LLVM/compiler versions.
doCheck = false;

View file

@ -1,5 +1,6 @@
{ stdenv, fetchFromGitHub, cmake
, freetype, SDL2, SDL2_mixer, openal, zlib, libpng, python, libvorbis }:
, freetype, SDL2, SDL2_mixer, openal, zlib, libpng, python, libvorbis
, libiconv }:
stdenv.mkDerivation rec {
name = "gemrb-${version}";
@ -13,7 +14,7 @@ stdenv.mkDerivation rec {
};
# TODO: make libpng, libvorbis, sdl_mixer, freetype, vlc, glew (and other gl reqs) optional
buildInputs = [ freetype python openal SDL2 SDL2_mixer zlib libpng libvorbis ];
buildInputs = [ freetype python openal SDL2 SDL2_mixer zlib libpng libvorbis libiconv ];
nativeBuildInputs = [ cmake ];

View file

@ -0,0 +1,83 @@
{ stdenv, lib, file, fetchurl, makeWrapper, autoPatchelfHook, jsoncpp }:
let
versionMajor = "6.3";
versionMinor = "6_1";
in
stdenv.mkDerivation rec {
name = "nomachine-client-${version}";
version = "${versionMajor}.${versionMinor}";
src =
if stdenv.hostPlatform.system == "x86_64-linux" then
fetchurl {
url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_x86_64.tar.gz";
sha256 = "1035j2z2rqmdfb8cfm1pakd05c575640604b8lkljmilpky9mw5d";
}
else if stdenv.hostPlatform.system == "i686-linux" then
fetchurl {
url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_i686.tar.gz";
sha256 = "07j9f6mlq9m01ch8ik5dybi283vrp5dlv156jr5n7n2chzk34kf3";
}
else
throw "NoMachine client is not supported on ${stdenv.hostPlatform.system}";
postUnpack = ''
mv $(find . -type f -name nxclient.tar.gz) .
mv $(find . -type f -name nxplayer.tar.gz) .
rm -r NX/
tar xf nxclient.tar.gz
tar xf nxplayer.tar.gz
rm $(find . -maxdepth 1 -type f)
'';
nativeBuildInputs = [ file makeWrapper autoPatchelfHook ];
buildInputs = [ jsoncpp ];
installPhase = ''
rm bin/nxplayer bin/nxclient
mkdir -p $out/NX
cp -r bin lib share $out/NX/
ln -s $out/NX/bin $out/bin
for i in share/icons/*; do
if [[ -d "$i" ]]; then
mkdir -p "$out/share/icons/hicolor/$(basename $i)/apps"
cp "$i"/* "$out/share/icons/hicolor/$(basename $i)/apps/"
fi
done
mkdir $out/share/applications
cp share/applnk/player/xdg/*.desktop $out/share/applications/
cp share/applnk/client/xdg-mime/*.desktop $out/share/applications/
mkdir -p $out/share/mime/packages
cp share/applnk/client/xdg-mime/*.xml $out/share/mime/packages/
for i in $out/share/applications/*.desktop; do
substituteInPlace "$i" --replace /usr/NX/bin $out/bin
done
'';
postFixup = ''
makeWrapper $out/bin/nxplayer.bin $out/bin/nxplayer --set NX_SYSTEM $out/NX
makeWrapper $out/bin/nxclient.bin $out/bin/nxclient --set NX_SYSTEM $out/NX
'';
dontBuild = true;
dontStrip = true;
meta = with stdenv.lib; {
description = "NoMachine remote desktop client (nxplayer)";
homepage = https://www.nomachine.com/;
license = {
fullName = "NoMachine 6 End-User License Agreement";
url = https://www.nomachine.com/licensing-6;
free = false;
};
maintainers = with maintainers; [ talyz ];
platforms = [ "x86_64-linux" "i686-linux" ];
};
}

View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "abcMIDI-${version}";
version = "2018.06.23";
version = "2018.10.25";
src = fetchzip {
url = "https://ifdo.ca/~seymour/runabc/${name}.zip";
sha256 = "0487dlw9v4ayb929w8bk71fs4nbcs1liyk59g6sfr4yn6dx2sl2d";
sha256 = "0q7yrds1hpis1821mdsz31c2cvn7hs73a10fi1mrk1v4hqql8vv3";
};
# There is also a file called "makefile" which seems to be preferred by the standard build phase

View file

@ -20,6 +20,9 @@ rustPlatform.buildRustPackage rec {
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security libiconv ];
# https://github.com/NixOS/nixpkgs/issues/49642
doCheck = !stdenv.isDarwin;
postInstall = ''
install -m 444 -Dt $out/share/man/man1 doc/bat.1

View file

@ -1,25 +1,23 @@
{ stdenv, fetchFromGitHub, rustPlatform, nix, boost, graphviz }:
{ stdenv, fetchFromGitHub, rustPlatform, nix, boost, graphviz, darwin }:
rustPlatform.buildRustPackage rec {
name = "nix-du-${version}";
version = "0.2.0";
version = "0.3.0";
src = fetchFromGitHub {
owner = "symphorien";
repo = "nix-du";
rev = "v${version}";
sha256 = "1n1qgqjbwbb59xnzgz0dn8h8pckh6yq3crh0w6x2sngijwh678x8";
sha256 = "1x6qpivxbn94034jfdxb97xi97fhcdv2z7llq2ccfc80mgd0gz8l";
};
cargoSha256 = "1qidbrkdpf4kliyvy2040qi3a67s8mr2r46rjcblr1v2gar0xgs0";
cargoSha256 = "0sva4lnhccm6ly7pa6m99s3fqkmh1dzv7r2727nsg2f55prd4kxc";
# switch to true when nix includes https://github.com/NixOS/nix/pull/2223 and
# https://github.com/NixOS/nix/pull/2234
doCheck = false;
doCheck = true;
checkInputs = [ graphviz ];
buildInputs = [
boost
nix
];
] ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
meta = with stdenv.lib; {
description = "A tool to determine which gc-roots take space in your nix store";

View file

@ -4388,6 +4388,8 @@ with pkgs;
nms = callPackage ../tools/misc/nms { };
nomachine-client = callPackage ../tools/admin/nomachine-client { };
notify-desktop = callPackage ../tools/misc/notify-desktop {};
nkf = callPackage ../tools/text/nkf {};
@ -7350,7 +7352,9 @@ with pkgs;
cargo-tree = callPackage ../tools/package-management/cargo-tree { };
cargo-update = callPackage ../tools/package-management/cargo-update { };
cargo-asm = callPackage ../development/tools/rust/cargo-asm { };
cargo-asm = callPackage ../development/tools/rust/cargo-asm {
inherit (darwin.apple_sdk.frameworks) Security;
};
cargo-fuzz = callPackage ../development/tools/rust/cargo-fuzz { };
pyo3-pack = callPackage ../development/tools/rust/pyo3-pack { };
@ -16045,6 +16049,8 @@ with pkgs;
pulseaudioSupport = config.pulseaudio or false;
};
cmusfm = callPackage ../applications/audio/cmusfm { };
cni = callPackage ../applications/networking/cluster/cni {};
cni-plugins = callPackage ../applications/networking/cluster/cni/plugins.nix {};

View file

@ -142,7 +142,7 @@ in
avr = mapTestOnCross lib.systems.examples.avr embedded;
arm-embedded = mapTestOnCross lib.systems.examples.arm-embedded embedded;
powerpc-embedded = mapTestOnCross lib.systems.examples.powerpc-embedded embedded;
powerpc-embedded = mapTestOnCross lib.systems.examples.ppc-embedded embedded;
aarch64-embedded = mapTestOnCross lib.systems.examples.aarch64-embedded embedded;
i686-embedded = mapTestOnCross lib.systems.examples.i686-embedded embedded;
x86_64-embedded = mapTestOnCross lib.systems.examples.x86_64-embedded embedded;