From 5106a2f74fd0fcf8f0ed6b4d9fef2eb0a2281f68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:08:18 +0200 Subject: [PATCH 01/38] javaPackages.mavenfod: init --- pkgs/development/java-modules/maven-fod.nix | 55 +++++++++++++++++++++ pkgs/top-level/java-packages.nix | 4 +- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/java-modules/maven-fod.nix diff --git a/pkgs/development/java-modules/maven-fod.nix b/pkgs/development/java-modules/maven-fod.nix new file mode 100644 index 00000000000..3e0d460ee48 --- /dev/null +++ b/pkgs/development/java-modules/maven-fod.nix @@ -0,0 +1,55 @@ +{ lib +, stdenv +, maven +}: + +{ src +, patches ? [] +, pname +, version +, mvnSha256 ? "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" +, mvnHash ? "sha256-${mvnSha256}" +, mvnFetchExtraArgs ? {} +, ... +} @args: + +# originally extracted from dbeaver +# created to allow using maven packages in the same style as rust + +stdenv.mkDerivation (rec { + fetchedMavenDeps = stdenv.mkDerivation ({ + name = "${pname}-${version}-maven-deps"; + inherit src; + + buildInputs = [ + maven + ]; + + buildPhase = '' + mvn package -Dmaven.repo.local=$out/.m2 -P desktop,all-platforms + ''; + + # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside + installPhase = '' + find $out -type f \ + -name \*.lastUpdated -or \ + -name resolver-status.properties -or \ + -name _remote.repositories \ + -delete + ''; + + # don't do any fixup + dontFixup = true; + outputHashMode = "recursive"; + outputHash = mvnHash; + } // mvnFetchExtraArgs); + + buildPhase = '' + runHook preBuild + + mvnDeps=$(cp -dpR ${fetchedMavenDeps}/.m2 ./ && chmod +w -R .m2 && pwd) + mvn package --offline "-Dmaven.repo.local=$mvnDeps/.m2" -P desktop,all-platforms + + runHook postBuild + ''; +} // args) diff --git a/pkgs/top-level/java-packages.nix b/pkgs/top-level/java-packages.nix index cf6474f0da5..6f0f802f38e 100644 --- a/pkgs/top-level/java-packages.nix +++ b/pkgs/top-level/java-packages.nix @@ -9,8 +9,10 @@ let openjfx11 = callPackage ../development/compilers/openjdk/openjfx/11.nix { }; openjfx15 = callPackage ../development/compilers/openjdk/openjfx/15.nix { }; + mavenfod = callPackage ../development/java-modules/maven-fod.nix { }; + in { - inherit mavenbuild fetchMaven openjfx11 openjfx15; + inherit mavenbuild mavenfod fetchMaven openjfx11 openjfx15; compiler = let From a61cf20944911e20b91fa69b84749e52e72eefd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:08:33 +0200 Subject: [PATCH 02/38] dbeaver: use javaPackages.mavenfod --- pkgs/applications/misc/dbeaver/default.nix | 37 ++-------------------- 1 file changed, 3 insertions(+), 34 deletions(-) diff --git a/pkgs/applications/misc/dbeaver/default.nix b/pkgs/applications/misc/dbeaver/default.nix index 156cc7188dc..a53ed73532a 100644 --- a/pkgs/applications/misc/dbeaver/default.nix +++ b/pkgs/applications/misc/dbeaver/default.nix @@ -16,9 +16,10 @@ , maven , webkitgtk , glib-networking +, javaPackages }: -stdenv.mkDerivation rec { +javaPackages.mavenfod rec { pname = "dbeaver"; version = "21.3.0"; # When updating also update fetchedMavenDeps.sha256 @@ -29,31 +30,7 @@ stdenv.mkDerivation rec { sha256 = "iKxnuMm5hpreP706N+XxaBrDVVwVFRWKNmiCyXkOUCQ="; }; - fetchedMavenDeps = stdenv.mkDerivation { - name = "dbeaver-${version}-maven-deps"; - inherit src; - - buildInputs = [ - maven - ]; - - buildPhase = "mvn package -Dmaven.repo.local=$out/.m2 -P desktop,all-platforms"; - - # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside - installPhase = '' - find $out -type f \ - -name \*.lastUpdated -or \ - -name resolver-status.properties -or \ - -name _remote.repositories \ - -delete - ''; - - # don't do any fixup - dontFixup = true; - outputHashAlgo = "sha256"; - outputHashMode = "recursive"; - outputHash = "7Sm1hAoi5xc4MLONOD8ySLLkpao0qmlMRRva/8zR210="; - }; + mvnSha256 = "7Sm1hAoi5xc4MLONOD8ySLLkpao0qmlMRRva/8zR210="; nativeBuildInputs = [ copyDesktopItems @@ -88,14 +65,6 @@ stdenv.mkDerivation rec { }) ]; - buildPhase = '' - runHook preBuild - - mvn package --offline -Dmaven.repo.local=$(cp -dpR ${fetchedMavenDeps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2 -P desktop,all-platforms - - runHook postBuild - ''; - installPhase = let productTargetPath = "product/community/target/products/org.jkiss.dbeaver.core.product"; From d8110b0e75cd576adb82f4eb4946ddb8f90c578f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:08:59 +0200 Subject: [PATCH 03/38] keycloak: add keycloak.plugins --- pkgs/servers/keycloak/all-plugins.nix | 4 ++++ pkgs/servers/keycloak/default.nix | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 pkgs/servers/keycloak/all-plugins.nix diff --git a/pkgs/servers/keycloak/all-plugins.nix b/pkgs/servers/keycloak/all-plugins.nix new file mode 100644 index 00000000000..4a3fcd1cded --- /dev/null +++ b/pkgs/servers/keycloak/all-plugins.nix @@ -0,0 +1,4 @@ +{ callPackage }: + +{ +} diff --git a/pkgs/servers/keycloak/default.nix b/pkgs/servers/keycloak/default.nix index cd8373f0842..6bd2d3afd28 100644 --- a/pkgs/servers/keycloak/default.nix +++ b/pkgs/servers/keycloak/default.nix @@ -1,5 +1,6 @@ { stdenv, lib, fetchzip, makeWrapper, jre, writeText, nixosTests , postgresql_jdbc ? null, mysql_jdbc ? null +, callPackage }: let @@ -55,7 +56,10 @@ stdenv.mkDerivation rec { wrapProgram $out/bin/jboss-cli.sh --set JAVA_HOME ${jre} ''; - passthru.tests = nixosTests.keycloak; + passthru = { + tests = nixosTests.keycloak; + plugins = callPackage ./all-plugins.nix {}; + }; meta = with lib; { homepage = "https://www.keycloak.org/"; From 74801dd0ea01ba714071cc80922a379c0019262b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:09:19 +0200 Subject: [PATCH 04/38] keycloak.plugins.scim-for-keycloak: init at kc-15-b2 --- pkgs/servers/keycloak/all-plugins.nix | 1 + .../keycloak/scim-for-keycloak/default.nix | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 pkgs/servers/keycloak/scim-for-keycloak/default.nix diff --git a/pkgs/servers/keycloak/all-plugins.nix b/pkgs/servers/keycloak/all-plugins.nix index 4a3fcd1cded..e821becc872 100644 --- a/pkgs/servers/keycloak/all-plugins.nix +++ b/pkgs/servers/keycloak/all-plugins.nix @@ -1,4 +1,5 @@ { callPackage }: { + scim-for-keycloak = callPackage ./scim-for-keycloak {}; } diff --git a/pkgs/servers/keycloak/scim-for-keycloak/default.nix b/pkgs/servers/keycloak/scim-for-keycloak/default.nix new file mode 100644 index 00000000000..b2fa2accdec --- /dev/null +++ b/pkgs/servers/keycloak/scim-for-keycloak/default.nix @@ -0,0 +1,36 @@ +{ lib +, stdenv +, fetchFromGitHub +, maven +, javaPackages +}: + +javaPackages.mavenfod rec { + pname = "scim-for-keycloak"; + version = "kc-15-b2"; # When updating also update mvnHash + + src = fetchFromGitHub { + owner = "Captain-P-Goldfish"; + repo = "scim-for-keycloak"; + rev = version; + sha256 = "K34c7xISjEETI3jFkRLdZ0C8pZHTWtPtrrIzwC76Tv0="; + }; + + mvnHash = "sha256-L1i9Fn9l6Xun6usvqiDLtMkMscQMEcqgaWXV3OUKrwQ="; + + nativeBuildInputs = [ + maven + ]; + + installPhase = '' + EAR=$(find -iname "*.ear") + install -D "$EAR" "$out/$(basename $EAR)" + ''; + + meta = with lib; { + homepage = "https://github.com/Captain-P-Goldfish/scim-for-keycloak"; + description = "A third party module that extends Keycloak with SCIM functionality"; + license = licenses.bsd3; + maintainers = with maintainers; [ mkg20001 ]; + }; +} From 891f2053a019c5fa834988e59c9639b4b47545c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:26:29 +0200 Subject: [PATCH 05/38] nixos/keycloak: add plugins option Co-authored-by: Kim Lindberger --- nixos/modules/services/web-apps/keycloak.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index df8c7114102..699c88bc239 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -216,6 +216,14 @@ in ''; }; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.path; + default = []; + description = '' + Keycloak plugin jar, ear files or derivations with them + ''; + }; + initialAdminPassword = lib.mkOption { type = lib.types.str; default = "changeme"; @@ -675,8 +683,18 @@ in umask u=rwx,g=,o= + install_plugin() { + if [ -d "$1" ]; then + find "$1" -type f \( -iname \*.ear -o -iname \*.jar \) -exec install -m 0500 -o keycloak -g keycloak "{}" "/run/keycloak/deployments/" \; + else + install -m 0500 -o keycloak -g keycloak "$1" "/run/keycloak/deployments/" + fi + } + install -T -m 0400 -o keycloak -g keycloak '${cfg.database.passwordFile}' /run/keycloak/secrets/db_password - '' + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' + '' + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + + lib.optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' + install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificate}' /run/keycloak/secrets/ssl_cert install -T -m 0400 -o keycloak -g keycloak '${cfg.sslCertificateKey}' /run/keycloak/secrets/ssl_key ''; From 985afdbb33cf546191307a2df7191ef9f470baf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:43:01 +0200 Subject: [PATCH 06/38] keycloak.plugins.keycloak-discord: init at 0.3.1 --- pkgs/servers/keycloak/all-plugins.nix | 1 + .../keycloak/keycloak-discord/default.nix | 28 +++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 pkgs/servers/keycloak/keycloak-discord/default.nix diff --git a/pkgs/servers/keycloak/all-plugins.nix b/pkgs/servers/keycloak/all-plugins.nix index e821becc872..84de940d077 100644 --- a/pkgs/servers/keycloak/all-plugins.nix +++ b/pkgs/servers/keycloak/all-plugins.nix @@ -2,4 +2,5 @@ { scim-for-keycloak = callPackage ./scim-for-keycloak {}; + keycloak-discord = callPackage ./keycloak-discord {}; } diff --git a/pkgs/servers/keycloak/keycloak-discord/default.nix b/pkgs/servers/keycloak/keycloak-discord/default.nix new file mode 100644 index 00000000000..710e66eb747 --- /dev/null +++ b/pkgs/servers/keycloak/keycloak-discord/default.nix @@ -0,0 +1,28 @@ +{ stdenv +, lib +, fetchurl +}: + +stdenv.mkDerivation rec { + pname = "keycloak-discord"; + version = "0.3.1"; + + src = fetchurl { + url = "https://github.com/wadahiro/keycloak-discord/releases/download/v${version}/keycloak-discord-ear-${version}.ear"; + sha256 = "0fswhbnxc80dpfqf5y6j29dxk3vcnm4kki6qdk22qliasvpw5n9c"; + }; + + dontUnpack = true; + dontBuild = true; + + installPhase = '' + install "$src" "$out/${pname}-ear-${version}.ear" + ''; + + meta = with lib; { + homepage = "https://github.com/wadahiro/keycloak-discord"; + description = "Keycloak Social Login extension for Discord"; + license = licenses.apsl20; + maintainers = with maintainers; [ mkg20001 ]; + }; +} From bd33583c88f0859768dbf84186128ffc597864f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Sun, 3 Oct 2021 20:43:29 +0200 Subject: [PATCH 07/38] nixosTests.keycloak: add discord plugin to test --- nixos/tests/keycloak.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix index 1be3fed6acc..e86faa0c9a7 100644 --- a/nixos/tests/keycloak.nix +++ b/nixos/tests/keycloak.nix @@ -16,8 +16,7 @@ let }; nodes = { - keycloak = { ... }: { - + keycloak = { config, ... }: { security.pki.certificateFiles = [ certs.ca.cert ]; @@ -36,6 +35,9 @@ let username = "bogus"; passwordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"; }; + plugins = with config.services.keycloak.package.plugins; [ + keycloak-discord + ]; }; environment.systemPackages = with pkgs; [ From 8e317c16309c7fe6f30213e705f3cecdbd2275eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Mon, 13 Dec 2021 17:55:07 +0100 Subject: [PATCH 08/38] javaPackages.mavenfod: make maven parameters configurable --- pkgs/applications/misc/dbeaver/default.nix | 1 + pkgs/development/java-modules/maven-fod.nix | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/misc/dbeaver/default.nix b/pkgs/applications/misc/dbeaver/default.nix index a53ed73532a..1a1a6753b06 100644 --- a/pkgs/applications/misc/dbeaver/default.nix +++ b/pkgs/applications/misc/dbeaver/default.nix @@ -31,6 +31,7 @@ javaPackages.mavenfod rec { }; mvnSha256 = "7Sm1hAoi5xc4MLONOD8ySLLkpao0qmlMRRva/8zR210="; + mvnParameters = "-P desktop,all-platforms"; nativeBuildInputs = [ copyDesktopItems diff --git a/pkgs/development/java-modules/maven-fod.nix b/pkgs/development/java-modules/maven-fod.nix index 3e0d460ee48..24ce572af57 100644 --- a/pkgs/development/java-modules/maven-fod.nix +++ b/pkgs/development/java-modules/maven-fod.nix @@ -10,6 +10,7 @@ , mvnSha256 ? "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" , mvnHash ? "sha256-${mvnSha256}" , mvnFetchExtraArgs ? {} +, mvnParameters ? "" , ... } @args: @@ -26,7 +27,7 @@ stdenv.mkDerivation (rec { ]; buildPhase = '' - mvn package -Dmaven.repo.local=$out/.m2 -P desktop,all-platforms + mvn package -Dmaven.repo.local=$out/.m2 ${mvnParameters} ''; # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside From b2e2e7c6363988bfee822ab0ff4f1ca76a8962fc Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Wed, 23 Feb 2022 17:01:14 +0100 Subject: [PATCH 09/38] synaesthesia: init at 2.4 --- .../audio/synaesthesia/default.nix | 33 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 35 insertions(+) create mode 100644 pkgs/applications/audio/synaesthesia/default.nix diff --git a/pkgs/applications/audio/synaesthesia/default.nix b/pkgs/applications/audio/synaesthesia/default.nix new file mode 100644 index 00000000000..efdd6f7e73a --- /dev/null +++ b/pkgs/applications/audio/synaesthesia/default.nix @@ -0,0 +1,33 @@ +{ stdenv +, lib +, fetchzip +, SDL +, pkg-config +, libSM +}: +stdenv.mkDerivation rec { + pname = "synaesthesia"; + version = "2.4"; + + src = fetchzip { + url = "https://logarithmic.net/pfh-files/synaesthesia/synaesthesia-${version}.tar.gz"; + sha256 = "0nzsdxbah0shm2vlziaaw3ilzlizd3d35rridkpg40nfxmq84qnx"; + }; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + SDL + libSM + ]; + + meta = { + homepage = "https://logarithmic.net/pfh/synaesthesia"; + description = "Program for representing sounds visually"; + license = lib.licenses.gpl2Only; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.infinisil ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e30157ec978..619e2acb9a7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10140,6 +10140,8 @@ with pkgs; symengine = callPackage ../development/libraries/symengine { }; + synaesthesia = callPackage ../applications/audio/synaesthesia { }; + sysbench = callPackage ../development/tools/misc/sysbench {}; system-config-printer = callPackage ../tools/misc/system-config-printer { From 73449ea799ec13e91349a4a4dae758e03e6c51aa Mon Sep 17 00:00:00 2001 From: tilcreator Date: Thu, 17 Mar 2022 17:50:49 +0100 Subject: [PATCH 10/38] inav-configurator: 3.0.2 -> 4.1.0 --- .../science/robotics/inav-configurator/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/robotics/inav-configurator/default.nix b/pkgs/applications/science/robotics/inav-configurator/default.nix index 40914a8ac1a..ec605a3a97e 100644 --- a/pkgs/applications/science/robotics/inav-configurator/default.nix +++ b/pkgs/applications/science/robotics/inav-configurator/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "inav-configurator"; - version = "3.0.2"; + version = "4.1.0"; src = fetchurl { url = "https://github.com/iNavFlight/inav-configurator/releases/download/${version}/INAV-Configurator_linux64_${version}.tar.gz"; - sha256 = "0v6dcg634wpp9q4ya3mj00j3pg25g62aq209iq2dsvj0a03afbp2"; + sha256 = "sha256-+rPzytnAQcNGbISFBHb4JS9Nqy0C2i36k+EPBvq/mso="; }; icon = fetchurl { From 96698efe0cd9e0ffe38d95e043acafa926fa5e0d Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 18 Mar 2022 00:32:53 +0100 Subject: [PATCH 11/38] lib/modules: Finally remove deprecated types.optionSet types.optionSet has been deprecated for almost 10 years now (0e333688cea468a28516bf6935648c03ed62a7bb)! A removal was already attempted in 2019 (27982b408e465554b8831f492362bc87ed0ec02a), but it was promptly reinstantiated since some third-party uses were discovered (f531ce75e4178c6867cc1d0f7fec96b2d5c3f1cb). It's finally time to remove it for good :) --- .../reviewing-contributions.chapter.md | 4 +-- lib/modules.nix | 34 ++++--------------- lib/options.nix | 2 -- lib/types.nix | 8 ----- 4 files changed, 8 insertions(+), 40 deletions(-) diff --git a/doc/contributing/reviewing-contributions.chapter.md b/doc/contributing/reviewing-contributions.chapter.md index 0a90781d0c5..b78fda6c288 100644 --- a/doc/contributing/reviewing-contributions.chapter.md +++ b/doc/contributing/reviewing-contributions.chapter.md @@ -122,7 +122,7 @@ Reviewing process: - [CODEOWNERS](https://help.github.com/articles/about-codeowners/) will make GitHub notify users based on the submitted changes, but it can happen that it misses some of the package maintainers. - Ensure that the module tests, if any, are succeeding. - Ensure that the introduced options are correct. - - Type should be appropriate (string related types differs in their merging capabilities, `optionSet` and `string` types are deprecated). + - Type should be appropriate (string related types differs in their merging capabilities, `loaOf` and `string` types are deprecated). - Description, default and example should be provided. - Ensure that option changes are backward compatible. - `mkRenamedOptionModule` and `mkAliasOptionModule` functions provide way to make option changes backward compatible. @@ -157,7 +157,7 @@ Reviewing process: - Ensure that the module tests, if any, are succeeding. - Ensure that the introduced options are correct. - - Type should be appropriate (string related types differs in their merging capabilities, `optionSet` and `string` types are deprecated). + - Type should be appropriate (string related types differs in their merging capabilities, `loaOf` and `string` types are deprecated). - Description, default and example should be provided. - Ensure that module `meta` field is present - Maintainers should be declared in `meta.maintainers`. diff --git a/lib/modules.nix b/lib/modules.nix index 01ba914ca80..735cb3c967a 100644 --- a/lib/modules.nix +++ b/lib/modules.nix @@ -609,17 +609,9 @@ rec { throw "The option `${showOption loc}' in `${opt._file}' is already declared in ${showFiles res.declarations}." else let - /* Add the modules of the current option to the list of modules - already collected. The options attribute except either a list of - submodules or a submodule. For each submodule, we add the file of the - current option declaration as the file use for the submodule. If the - submodule defines any filename, then we ignore the enclosing option file. */ - options' = toList opt.options.options; - getSubModules = opt.options.type.getSubModules or null; submodules = if getSubModules != null then map (setDefaultModuleLocation opt._file) getSubModules ++ res.options - else if opt.options ? options then map (coerceOption opt._file) options' ++ res.options else res.options; in opt.options // res // { declarations = res.declarations ++ [opt._file]; @@ -802,27 +794,13 @@ rec { compare = a: b: (a.priority or 1000) < (b.priority or 1000); in sort compare defs'; + # This calls substSubModules, whose entire purpose is only to ensure that + # option declarations in submodules have accurate position information. + # TODO: Merge this into mergeOptionDecls fixupOptionType = loc: opt: - let - options = opt.options or - (throw "Option `${showOption loc}' has type optionSet but has no option attribute, in ${showFiles opt.declarations}."); - - # Hack for backward compatibility: convert options of type - # optionSet to options of type submodule. FIXME: remove - # eventually. - f = tp: - if tp.name == "option set" || tp.name == "submodule" then - throw "The option ${showOption loc} uses submodules without a wrapping type, in ${showFiles opt.declarations}." - else if (tp.functor.wrapped.name or null) == "optionSet" then - if tp.name == "attrsOf" then types.attrsOf (types.submodule options) - else if tp.name == "listOf" then types.listOf (types.submodule options) - else if tp.name == "nullOr" then types.nullOr (types.submodule options) - else tp - else tp; - in - if opt.type.getSubModules or null == null - then opt // { type = f (opt.type or types.unspecified); } - else opt // { type = opt.type.substSubModules opt.options; options = []; }; + if opt.type.getSubModules or null == null + then opt // { type = opt.type or types.unspecified; } + else opt // { type = opt.type.substSubModules opt.options; options = []; }; /* Properties. */ diff --git a/lib/options.nix b/lib/options.nix index 9efc1249e58..8d0801775c4 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -79,8 +79,6 @@ rec { visible ? null, # Whether the option can be set only once readOnly ? null, - # Deprecated, used by types.optionSet. - options ? null } @ attrs: attrs // { _type = "option"; }; diff --git a/lib/types.nix b/lib/types.nix index 00d97bf5723..5c4b9631061 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -749,14 +749,6 @@ rec { nestedTypes.finalType = finalType; }; - # Obsolete alternative to configOf. It takes its option - # declarations from the ‘options’ attribute of containing option - # declaration. - optionSet = mkOptionType { - name = "optionSet"; - description = "option set"; - deprecationMessage = "Use `types.submodule' instead"; - }; # Augment the given type with an additional type check function. addCheck = elemType: check: elemType // { check = x: elemType.check x && check x; }; From 7b32b8b66f80c10e7d509d62051dfd64470b3ebb Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Fri, 18 Mar 2022 21:23:40 +0100 Subject: [PATCH 12/38] Remove ancient mkOption tests These are completely non-functional by now --- pkgs/test/mkOption/declare.nix | 53 ------------------------------- pkgs/test/mkOption/keep.nix | 11 ------- pkgs/test/mkOption/keep.ref | 57 ---------------------------------- pkgs/test/mkOption/merge.nix | 15 --------- pkgs/test/mkOption/merge.ref | 20 ------------ pkgs/test/mkOption/test.sh | 9 ------ 6 files changed, 165 deletions(-) delete mode 100644 pkgs/test/mkOption/declare.nix delete mode 100644 pkgs/test/mkOption/keep.nix delete mode 100644 pkgs/test/mkOption/keep.ref delete mode 100644 pkgs/test/mkOption/merge.nix delete mode 100644 pkgs/test/mkOption/merge.ref delete mode 100755 pkgs/test/mkOption/test.sh diff --git a/pkgs/test/mkOption/declare.nix b/pkgs/test/mkOption/declare.nix deleted file mode 100644 index 9e89a1c096d..00000000000 --- a/pkgs/test/mkOption/declare.nix +++ /dev/null @@ -1,53 +0,0 @@ -# sets of small configurations: -# Each configuration -rec { - # has 2 arguments pkgs and this. - configA = pkgs: this: { - # Can depends on other configuration - require = configB; - - # Defines new options - optionA = pkgs.lib.mkOption { - # With default values - default = false; - # And merging functions. - merge = pkgs.lib.mergeEnableOption; - }; - - # Add a new definition to other options. - optionB = this.optionA; - }; - - # Can be used for option header. - configB = pkgs: this: { - # Can depends on more than one configuration. - require = [ configC configD ]; - - optionB = pkgs.lib.mkOption { - default = false; - }; - - # Is not obliged to define other options. - }; - - configC = pkgs: this: { - require = [ configA ]; - - optionC = pkgs.lib.mkOption { - default = false; - }; - - # Use the default value if it is not overwritten. - optionA = this.optionC; - }; - - # Can also be used as option configuration only. - # without any arguments (backward compatibility) - configD = { - # Is not forced to specify the require attribute. - - # Is not force to make new options. - optionA = true; - optionD = false; - }; -} diff --git a/pkgs/test/mkOption/keep.nix b/pkgs/test/mkOption/keep.nix deleted file mode 100644 index 26fb8c28dd5..00000000000 --- a/pkgs/test/mkOption/keep.nix +++ /dev/null @@ -1,11 +0,0 @@ -let - pkgs = import ../../.. {}; - config = import ./declare.nix; -in - with (pkgs.lib); - - finalReferenceOptionSets - filterOptionSets - pkgs - # List of main configurations. - [ config.configB config.configC ] diff --git a/pkgs/test/mkOption/keep.ref b/pkgs/test/mkOption/keep.ref deleted file mode 100644 index a3a051eb48c..00000000000 --- a/pkgs/test/mkOption/keep.ref +++ /dev/null @@ -1,57 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/pkgs/test/mkOption/merge.nix b/pkgs/test/mkOption/merge.nix deleted file mode 100644 index bbf68218aa0..00000000000 --- a/pkgs/test/mkOption/merge.nix +++ /dev/null @@ -1,15 +0,0 @@ -let - pkgs = import ../../.. {}; - config = import ./declare.nix; - - # Define the handler of unbound options. - noOption = name: values: - builtins.trace "Attribute named '${name}' does not match any option declaration." values; -in - with (pkgs.lib); - - finalReferenceOptionSets - (mergeOptionSets noOption) - pkgs - # List of main configurations. - [ config.configB config.configC ] diff --git a/pkgs/test/mkOption/merge.ref b/pkgs/test/mkOption/merge.ref deleted file mode 100644 index 6956f65dbbc..00000000000 --- a/pkgs/test/mkOption/merge.ref +++ /dev/null @@ -1,20 +0,0 @@ -trace: Str("Attribute named 'optionD' does not match any option declaration.",[]) - - - - - - - - - - - - - - - - - - - diff --git a/pkgs/test/mkOption/test.sh b/pkgs/test/mkOption/test.sh deleted file mode 100755 index 5478846d563..00000000000 --- a/pkgs/test/mkOption/test.sh +++ /dev/null @@ -1,9 +0,0 @@ -#! /bin/sh -e - -echo 1>&2 "Test: Merge of option bindings." -nix-instantiate merge.nix --eval-only --strict --xml >& merge.out -diff merge.ref merge.out - -echo 1>&2 "Test: Filter of option declarations." -nix-instantiate keep.nix --eval-only --strict --xml >& keep.out -diff keep.ref keep.out From c1bc8de9e3f174853df69acdc2fa594d34d5417c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 8 Jan 2022 21:12:11 +1100 Subject: [PATCH 13/38] nixos-rebuild: Reexec when using flakes --- .../linux/nixos-rebuild/nixos-rebuild.sh | 55 ++++++++++++------- 1 file changed, 34 insertions(+), 21 deletions(-) diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index e7c6bd01604..8d7396b9abe 100755 --- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -343,16 +343,6 @@ if [[ -z $flake && -e /etc/nixos/flake.nix ]]; then flake="$(dirname "$(readlink -f /etc/nixos/flake.nix)")" fi -# Re-execute nixos-rebuild from the Nixpkgs tree. -# FIXME: get nixos-rebuild from $flake. -if [[ -z $_NIXOS_REBUILD_REEXEC && -n $canRun && -z $fast && -z $flake ]]; then - if p=$(runCmd nix-build --no-out-link --expr 'with import {}; config.system.build.nixos-rebuild' "${extraBuildFlags[@]}"); then - export _NIXOS_REBUILD_REEXEC=1 - runCmd exec "$p/bin/nixos-rebuild" "${origArgs[@]}" - exit 1 - fi -fi - # For convenience, use the hostname as the default configuration to # build from the flake. if [[ -n $flake ]]; then @@ -371,6 +361,40 @@ if [[ -n $flake ]]; then fi fi + +tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX) + +cleanup() { + for ctrl in "$tmpDir"/ssh-*; do + ssh -o ControlPath="$ctrl" -O exit dummyhost 2>/dev/null || true + done + rm -rf "$tmpDir" +} +trap cleanup EXIT + + +# Re-execute nixos-rebuild from the Nixpkgs tree. +if [[ -z $_NIXOS_REBUILD_REEXEC && -n $canRun && -z $fast ]]; then + if [[ -z $flake ]]; then + if p=$(runCmd nix-build --no-out-link --expr 'with import {}; config.system.build.nixos-rebuild' "${extraBuildFlags[@]}"); then + SHOULD_REEXEC=1 + fi + else + runCmd nix "${flakeFlags[@]}" build --out-link "${tmpDir}/nixos-rebuild" "$flake#$flakeAttr.config.system.build.nixos-rebuild" "${extraBuildFlags[@]}" "${lockFlags[@]}" + if p=$(readlink -e "${tmpDir}/nixos-rebuild"); then + SHOULD_REEXEC=1 + fi + fi + + if [[ -n $SHOULD_REEXEC ]]; then + export _NIXOS_REBUILD_REEXEC=1 + # Manually call cleanup as the EXIT trap is not triggered when using exec + cleanup + runCmd exec "$p/bin/nixos-rebuild" "${origArgs[@]}" + exit 1 + fi +fi + # Find configuration.nix and open editor instead of building. if [ "$action" = edit ]; then if [[ -z $flake ]]; then @@ -385,19 +409,8 @@ if [ "$action" = edit ]; then exit 1 fi - -tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX) SSHOPTS="$NIX_SSHOPTS -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-%n -o ControlPersist=60" -cleanup() { - for ctrl in "$tmpDir"/ssh-*; do - ssh -o ControlPath="$ctrl" -O exit dummyhost 2>/dev/null || true - done - rm -rf "$tmpDir" -} -trap cleanup EXIT - - # First build Nix, since NixOS may require a newer version than the # current one. if [[ -n "$rollback" || "$action" = dry-build ]]; then From 467c3cc4cd9ddf546945deb7d6b515f42293adfe Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Mon, 21 Mar 2022 19:40:26 -0400 Subject: [PATCH 14/38] keycloak-discord: fix installPhase --- pkgs/servers/keycloak/keycloak-discord/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/servers/keycloak/keycloak-discord/default.nix b/pkgs/servers/keycloak/keycloak-discord/default.nix index 710e66eb747..047bc67fbc5 100644 --- a/pkgs/servers/keycloak/keycloak-discord/default.nix +++ b/pkgs/servers/keycloak/keycloak-discord/default.nix @@ -16,6 +16,7 @@ stdenv.mkDerivation rec { dontBuild = true; installPhase = '' + mkdir -p "$out" install "$src" "$out/${pname}-ear-${version}.ear" ''; From 6bf2168e2b9be5731e49037bcbbfc7944934e720 Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Mon, 21 Mar 2022 19:40:50 -0400 Subject: [PATCH 15/38] scim-for-keycloak: fix mvnHash --- pkgs/servers/keycloak/scim-for-keycloak/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/servers/keycloak/scim-for-keycloak/default.nix b/pkgs/servers/keycloak/scim-for-keycloak/default.nix index b2fa2accdec..1ef06061326 100644 --- a/pkgs/servers/keycloak/scim-for-keycloak/default.nix +++ b/pkgs/servers/keycloak/scim-for-keycloak/default.nix @@ -16,7 +16,7 @@ javaPackages.mavenfod rec { sha256 = "K34c7xISjEETI3jFkRLdZ0C8pZHTWtPtrrIzwC76Tv0="; }; - mvnHash = "sha256-L1i9Fn9l6Xun6usvqiDLtMkMscQMEcqgaWXV3OUKrwQ="; + mvnHash = "sha256-kDYhXTEOAWH/dcRJalKtbwBpoxcD1aX9eqcRKs6ewbE="; nativeBuildInputs = [ maven From d6f50a5c8ec3ed386531011027a56908829f7124 Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Tue, 22 Mar 2022 12:36:14 -0400 Subject: [PATCH 16/38] keycloak: fix a missing newline when using plugins --- nixos/modules/services/web-apps/keycloak.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index 88cba0febfc..c4a2127663a 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -811,7 +811,7 @@ in export JAVA_OPTS=-Djboss.server.config.user.dir=/run/keycloak/configuration add-user-keycloak.sh -u admin -p '${cfg.initialAdminPassword}' '' - + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + + lib.optionalString (cfg.plugins != []) (lib.concatStringsSep "\n" (map (pl: "install_plugin ${lib.escapeShellArg pl}") cfg.plugins)) + "\n" + optionalString (cfg.sslCertificate != null && cfg.sslCertificateKey != null) '' pushd /run/keycloak/ssl/ cat "$CREDENTIALS_DIRECTORY/ssl_cert" <(echo) \ From a12b2ce73c8cd2c2e1d7b469b205d5b93ec0949f Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Tue, 22 Mar 2022 15:03:47 -0400 Subject: [PATCH 17/38] keycloak: wrap all the shell scripts Most of these just need JAVA_HOME, but a few assume that java is in PATH --- pkgs/servers/keycloak/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/keycloak/default.nix b/pkgs/servers/keycloak/default.nix index 5913da77771..d9797de6d17 100644 --- a/pkgs/servers/keycloak/default.nix +++ b/pkgs/servers/keycloak/default.nix @@ -51,9 +51,11 @@ stdenv.mkDerivation rec { ln -s ${mkModuleXml "com.mysql" "mysql-connector-java.jar"} $module_path/com/mysql/main/module.xml ''} - wrapProgram $out/bin/standalone.sh --set JAVA_HOME ${jre} - wrapProgram $out/bin/add-user-keycloak.sh --set JAVA_HOME ${jre} - wrapProgram $out/bin/jboss-cli.sh --set JAVA_HOME ${jre} + for script in add-user-keycloak.sh add-user.sh domain.sh elytron-tool.sh jboss-cli.sh jconsole.sh jdr.sh standalone.sh wsconsume.sh wsprovide.sh; do + wrapProgram $out/bin/$script --set JAVA_HOME ${jre} + done + wrapProgram $out/bin/kcadm.sh --prefix PATH : ${jre}/bin + wrapProgram $out/bin/kcreg.sh --prefix PATH : ${jre}/bin ''; passthru = { From 6f5636223cf615d2c304c8335ee072726d775191 Mon Sep 17 00:00:00 2001 From: Benjamin Staffin Date: Tue, 22 Mar 2022 19:57:11 -0400 Subject: [PATCH 18/38] keycloak-metrics-spi: init at 2.5.3 --- nixos/tests/keycloak.nix | 16 +++++++++++- pkgs/servers/keycloak/all-plugins.nix | 1 + .../keycloak/keycloak-metrics-spi/default.nix | 26 +++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 pkgs/servers/keycloak/keycloak-metrics-spi/default.nix diff --git a/nixos/tests/keycloak.nix b/nixos/tests/keycloak.nix index a4beea40279..fce8df2b7e3 100644 --- a/nixos/tests/keycloak.nix +++ b/nixos/tests/keycloak.nix @@ -37,6 +37,7 @@ let }; plugins = with config.services.keycloak.package.plugins; [ keycloak-discord + keycloak-metrics-spi ]; }; @@ -104,8 +105,21 @@ let ### Realm Setup ### # Get an admin interface access token + keycloak.succeed(""" + curl -sSf -d 'client_id=admin-cli' \ + -d 'username=admin' \ + -d 'password=${initialAdminPassword}' \ + -d 'grant_type=password' \ + '${frontendUrl}/realms/master/protocol/openid-connect/token' \ + | jq -r '"Authorization: bearer " + .access_token' >admin_auth_header + """) + + # Register the metrics SPI keycloak.succeed( - "curl -sSf -d 'client_id=admin-cli' -d 'username=admin' -d 'password=${initialAdminPassword}' -d 'grant_type=password' '${frontendUrl}/realms/master/protocol/openid-connect/token' | jq -r '\"Authorization: bearer \" + .access_token' >admin_auth_header" + "${pkgs.jre}/bin/keytool -import -alias snakeoil -file ${certs.ca.cert} -storepass aaaaaa -keystore cacert.jks -noprompt", + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh config credentials --server '${frontendUrl}' --realm master --user admin --password '${initialAdminPassword}'", + "KC_OPTS='-Djavax.net.ssl.trustStore=cacert.jks -Djavax.net.ssl.trustStorePassword=aaaaaa' ${pkgs.keycloak}/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'", + "curl -sSf '${frontendUrl}/realms/master/metrics' | grep '^keycloak_admin_event_UPDATE'" ) # Publish the realm, including a test OIDC client and user diff --git a/pkgs/servers/keycloak/all-plugins.nix b/pkgs/servers/keycloak/all-plugins.nix index 84de940d077..4dbd2487263 100644 --- a/pkgs/servers/keycloak/all-plugins.nix +++ b/pkgs/servers/keycloak/all-plugins.nix @@ -3,4 +3,5 @@ { scim-for-keycloak = callPackage ./scim-for-keycloak {}; keycloak-discord = callPackage ./keycloak-discord {}; + keycloak-metrics-spi = callPackage ./keycloak-metrics-spi {}; } diff --git a/pkgs/servers/keycloak/keycloak-metrics-spi/default.nix b/pkgs/servers/keycloak/keycloak-metrics-spi/default.nix new file mode 100644 index 00000000000..b5e23d0fe22 --- /dev/null +++ b/pkgs/servers/keycloak/keycloak-metrics-spi/default.nix @@ -0,0 +1,26 @@ +{ stdenv, lib, fetchurl }: + +stdenv.mkDerivation rec { + pname = "keycloak-metrics-spi"; + version = "2.5.3"; + + src = fetchurl { + url = "https://github.com/aerogear/keycloak-metrics-spi/releases/download/${version}/keycloak-metrics-spi-${version}.jar"; + sha256 = "15lsy8wjw6nlfdfhllc45z9l5474p0lsghrwzzsssvd68bw54gwv"; + }; + + dontUnpack = true; + dontBuild = true; + + installPhase = '' + mkdir -p $out + install "$src" "$out" + ''; + + meta = with lib; { + homepage = "https://github.com/aerogear/keycloak-metrics-spi"; + description = "Keycloak Service Provider that adds a metrics endpoint"; + license = licenses.apsl20; + maintainers = with maintainers; [ benley ]; + }; +} From 1f161a57c248fe64bd6bc52193ab14e08465e7ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Mar 2022 23:26:58 +0000 Subject: [PATCH 19/38] build(deps): bump peter-evans/commit-comment from 1 to 2 Bumps [peter-evans/commit-comment](https://github.com/peter-evans/commit-comment) from 1 to 2. - [Release notes](https://github.com/peter-evans/commit-comment/releases) - [Commits](https://github.com/peter-evans/commit-comment/compare/v1...v2) --- updated-dependencies: - dependency-name: peter-evans/commit-comment dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/direct-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/direct-push.yml b/.github/workflows/direct-push.yml index 459475c3c6b..082a4806e61 100644 --- a/.github/workflows/direct-push.yml +++ b/.github/workflows/direct-push.yml @@ -22,7 +22,7 @@ jobs: if: steps.ismerge.outputs.ismerge != 'true' - name: Warn if the commit was a direct push if: steps.ismerge.outputs.ismerge != 'true' - uses: peter-evans/commit-comment@v1 + uses: peter-evans/commit-comment@v2 with: body: | @${{ github.actor }}, you pushed a commit directly to master/release branch From 4a2da4208aecd7275c59d916f96aab095178c53e Mon Sep 17 00:00:00 2001 From: 06kellyjac Date: Wed, 23 Mar 2022 08:39:34 +0000 Subject: [PATCH 20/38] libpwquality: 1.4.2 -> 1.4.4 - corrected the license: https://github.com/libpwquality/libpwquality/blob/libpwquality-1.4.4/COPYING - added long description - added myself as a maintainer - removed unnecessary patch - split outputs - added pam for building the pam module --- .../libraries/libpwquality/default.nix | 57 +++++++++++++------ .../libpwquality/python-binding-prefix.patch | 13 +++++ pkgs/top-level/all-packages.nix | 4 +- pkgs/top-level/python-packages.nix | 7 +++ 4 files changed, 62 insertions(+), 19 deletions(-) create mode 100644 pkgs/development/libraries/libpwquality/python-binding-prefix.patch diff --git a/pkgs/development/libraries/libpwquality/default.nix b/pkgs/development/libraries/libpwquality/default.nix index 5d83b137b8e..abc65130fc3 100644 --- a/pkgs/development/libraries/libpwquality/default.nix +++ b/pkgs/development/libraries/libpwquality/default.nix @@ -1,36 +1,57 @@ -{ stdenv, lib, fetchFromGitHub, autoreconfHook, perl, cracklib, python3, fetchpatch }: +{ stdenv +, lib +, fetchFromGitHub +, autoreconfHook +, perl +, cracklib +, enablePAM ? stdenv.hostPlatform.isLinux +, pam +, enablePython ? false +, python +}: + +# python binding generates a shared library which are unavailable with musl build +assert enablePython -> !stdenv.hostPlatform.isStatic; stdenv.mkDerivation rec { pname = "libpwquality"; - version = "1.4.2"; + version = "1.4.4"; + + outputs = [ "out" "dev" "lib" "man" ] ++ lib.optionals enablePython [ "py" ]; src = fetchFromGitHub { owner = "libpwquality"; repo = "libpwquality"; rev = "${pname}-${version}"; - sha256 = "0n4pjhm7wfivk0wizggaxq4y4mcxic876wcarjabkp5z9k14y36h"; + sha256 = "sha256-7gAzrx5VP1fEBwAt6E5zGM8GyuPRR+JxYifYfirY+U8="; }; - nativeBuildInputs = [ autoreconfHook perl python3 ]; - buildInputs = [ cracklib ]; - - patches = lib.optional stdenv.hostPlatform.isStatic [ - (fetchpatch { - name = "static-build.patch"; - url = "https://github.com/libpwquality/libpwquality/pull/40.patch"; - sha256 = "1ypccq437wxwgddd98cvd330jfm7jscdlzlyxgy05g6yzrr68xyk"; - }) + patches = [ + # ensure python site-packages goes in $py output + ./python-binding-prefix.patch ]; - configureFlags = lib.optional stdenv.hostPlatform.isStatic [ - # Python binding generates a shared library which are unavailable with musl build - "--disable-python-bindings" - ]; + nativeBuildInputs = [ autoreconfHook perl ] ++ lib.optionals enablePython [ python ]; + buildInputs = [ cracklib ] ++ lib.optionals enablePAM [ pam ]; + + configureFlags = lib.optionals (!enablePython) [ "--disable-python-bindings" ]; meta = with lib; { - description = "Password quality checking and random password generation library"; homepage = "https://github.com/libpwquality/libpwquality"; - license = licenses.bsd3; + description = "Password quality checking and random password generation library"; + longDescription = '' + The libpwquality library purpose is to provide common functions for + password quality checking and also scoring them based on their apparent + randomness. The library also provides a function for generating random + passwords with good pronounceability. The library supports reading and + parsing of a configuration file. + + In the package there are also very simple utilities that use the library + function and PAM module that can be used instead of pam_cracklib. The + module supports all the options of pam_cracklib. + ''; + license = with licenses; [ bsd3 /* or */ gpl2Plus ]; + maintainers = with maintainers; [ jk ]; platforms = platforms.unix; }; } diff --git a/pkgs/development/libraries/libpwquality/python-binding-prefix.patch b/pkgs/development/libraries/libpwquality/python-binding-prefix.patch new file mode 100644 index 00000000000..a8f77142e1d --- /dev/null +++ b/pkgs/development/libraries/libpwquality/python-binding-prefix.patch @@ -0,0 +1,13 @@ +diff --git a/python/Makefile.am b/python/Makefile.am +index 1d00c0c..0987690 100644 +--- a/python/Makefile.am ++++ b/python/Makefile.am +@@ -14,7 +14,7 @@ all-local: + CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py build --build-base py$(PYTHONREV) + + install-exec-local: +- CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py build --build-base py$(PYTHONREV) install --prefix=${DESTDIR}${prefix} ++ CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py build --build-base py$(PYTHONREV) install --prefix=${DESTDIR}${py} + + clean-local: + rm -rf py$(PYTHONREV) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4a294c4020d..27302cf0678 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18714,7 +18714,9 @@ with pkgs; libpulsar = callPackage ../development/libraries/libpulsar { }; - libpwquality = callPackage ../development/libraries/libpwquality { }; + libpwquality = callPackage ../development/libraries/libpwquality { + python = python3; + }; libqalculate = callPackage ../development/libraries/libqalculate { readline = readline81; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 0f4a3a9fba5..1e9bff3dbfe 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4665,6 +4665,13 @@ in { libpyvivotek = callPackage ../development/python-modules/libpyvivotek { }; + libpwquality = pipe pkgs.libpwquality [ + toPythonModule + (p: p.overrideAttrs (super: { meta = super.meta // { outputsToInstall = [ "py" ]; }; })) + (p: p.override { enablePython = true; inherit python; }) + (p: p.py) + ]; + libredwg = toPythonModule (pkgs.libredwg.override { enablePython = true; inherit (self) python libxml2; From da2a5558ab0416ba1c2ddb1c454cdcfc3c05af60 Mon Sep 17 00:00:00 2001 From: Rien Maertens Date: Tue, 22 Mar 2022 11:20:58 +0100 Subject: [PATCH 21/38] alot: fix ModuleNotFoundError of '_notmuch_config' --- pkgs/applications/networking/mailreaders/alot/notmuch.nix | 6 ++++++ .../networking/mailreaders/notmuch/default.nix | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/mailreaders/alot/notmuch.nix b/pkgs/applications/networking/mailreaders/alot/notmuch.nix index bd195b52d44..5d74270a58c 100644 --- a/pkgs/applications/networking/mailreaders/alot/notmuch.nix +++ b/pkgs/applications/networking/mailreaders/alot/notmuch.nix @@ -14,6 +14,12 @@ buildPythonPackage { buildInputs = [ python notmuch cffi ]; + # since notmuch 0.35, this package expects _notmuch_config.py that is + # generated by notmuch's configure script + postPatch = '' + cp ${notmuch.bindingconfig}/_notmuch_config.py . + ''; + # no tests doCheck = false; pythonImportsCheck = [ "notmuch2" ]; diff --git a/pkgs/applications/networking/mailreaders/notmuch/default.nix b/pkgs/applications/networking/mailreaders/notmuch/default.nix index 184804a8788..e89216802e5 100644 --- a/pkgs/applications/networking/mailreaders/notmuch/default.nix +++ b/pkgs/applications/networking/mailreaders/notmuch/default.nix @@ -62,7 +62,12 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; makeFlags = [ "V=1" ]; - outputs = [ "out" "man" "info" ] + postConfigure = '' + mkdir ${placeholder "bindingconfig"} + cp bindings/python-cffi/_notmuch_config.py ${placeholder "bindingconfig"}/ + ''; + + outputs = [ "out" "man" "info" "bindingconfig" ] ++ lib.optional withEmacs "emacs" ++ lib.optional withRuby "ruby"; From 3d635629bece87df5088b3dc698b5dc6fe494cf0 Mon Sep 17 00:00:00 2001 From: Rien Maertens Date: Wed, 23 Mar 2022 11:04:27 +0100 Subject: [PATCH 22/38] python3Packages.notmuch2: init at 0.35 --- pkgs/applications/networking/mailreaders/alot/default.nix | 8 +------- .../python-modules/notmuch2/default.nix} | 0 pkgs/top-level/python-packages.nix | 4 ++++ 3 files changed, 5 insertions(+), 7 deletions(-) rename pkgs/{applications/networking/mailreaders/alot/notmuch.nix => development/python-modules/notmuch2/default.nix} (100%) diff --git a/pkgs/applications/networking/mailreaders/alot/default.nix b/pkgs/applications/networking/mailreaders/alot/default.nix index 3d09711fb3c..cb49829dce0 100644 --- a/pkgs/applications/networking/mailreaders/alot/default.nix +++ b/pkgs/applications/networking/mailreaders/alot/default.nix @@ -9,13 +9,7 @@ , withManpage ? false }: -with python3.pkgs; -let - notmuch2 = callPackage ./notmuch.nix { - inherit notmuch; - }; -in -buildPythonApplication rec { +with python3.pkgs; buildPythonApplication rec { pname = "alot"; version = "0.10"; diff --git a/pkgs/applications/networking/mailreaders/alot/notmuch.nix b/pkgs/development/python-modules/notmuch2/default.nix similarity index 100% rename from pkgs/applications/networking/mailreaders/alot/notmuch.nix rename to pkgs/development/python-modules/notmuch2/default.nix diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index a5d436ccd52..f688567d415 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -5606,6 +5606,10 @@ in { inherit (pkgs) notmuch; }; + notmuch2 = callPackage ../development/python-modules/notmuch2 { + inherit (pkgs) notmuch; + }; + nototools = callPackage ../data/fonts/noto-fonts/tools.nix { }; notus-scanner = callPackage ../development/python-modules/notus-scanner { }; From cc8456effe723a6489b6f89fdafa7e877245742d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Wed, 23 Mar 2022 15:42:41 -0600 Subject: [PATCH 23/38] linux: common-config condition power-management to required platform --- pkgs/os-specific/linux/kernel/common-config.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index ce6123a10f7..2b065151f4a 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -60,16 +60,16 @@ let }; power-management = { - PM_ADVANCED_DEBUG = yes; - X86_INTEL_LPSS = yes; - X86_INTEL_PSTATE = yes; - INTEL_IDLE = yes; CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes; CPU_FREQ_GOV_SCHEDUTIL = yes; + PM_ADVANCED_DEBUG = yes; PM_WAKELOCKS = yes; - # Power-capping framework and support for INTEL RAPL POWERCAP = yes; + } // optionalAttrs (stdenv.hostPlatform.isx86) { + INTEL_IDLE = yes; INTEL_RAPL = whenAtLeast "5.3" module; + X86_INTEL_LPSS = yes; + X86_INTEL_PSTATE = yes; }; external-firmware = { From 11e697c3d7f8da7f11165ff85a8db633c8724c1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Wed, 23 Mar 2022 16:11:09 -0600 Subject: [PATCH 24/38] linux: common-config cleanup older options --- pkgs/os-specific/linux/kernel/common-config.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 2b065151f4a..3856a223e2c 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -269,8 +269,6 @@ let DRM_GMA600 = whenOlder "5.13" yes; DRM_GMA3600 = whenOlder "5.12" yes; DRM_VMWGFX_FBCON = yes; - # necessary for amdgpu polaris support - DRM_AMD_POWERPLAY = whenBetween "4.5" "4.9" yes; # (experimental) amdgpu support for verde and newer chipsets DRM_AMDGPU_SI = yes; # (stable) amdgpu support for bonaire and newer chipsets @@ -383,7 +381,7 @@ let EXT4_FS_POSIX_ACL = yes; EXT4_FS_SECURITY = yes; - EXT4_ENCRYPTION = { optional = true; tristate = if (versionOlder version "4.8") then "m" else "y"; }; + EXT4_ENCRYPTION = option yes; REISERFS_FS_XATTR = option yes; REISERFS_FS_POSIX_ACL = option yes; @@ -461,7 +459,7 @@ let # https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html DEBUG_LIST = yes; # Detect writes to read-only module pages - DEBUG_SET_MODULE_RONX = { optional = true; tristate = whenOlder "4.11" "y"; }; + DEBUG_SET_MODULE_RONX = whenOlder "4.11" (option yes); RANDOMIZE_BASE = option yes; STRICT_DEVMEM = mkDefault yes; # Filter access to /dev/mem IO_STRICT_DEVMEM = mkDefault yes; @@ -560,8 +558,8 @@ let PARAVIRT_SPINLOCKS = option yes; KVM_ASYNC_PF = yes; - KVM_COMPAT = { optional = true; tristate = whenBetween "4.0" "4.12" "y"; }; - KVM_DEVICE_ASSIGNMENT = { optional = true; tristate = whenBetween "3.10" "4.12" "y"; }; + KVM_COMPAT = whenOlder "4.12" (option yes); + KVM_DEVICE_ASSIGNMENT = whenOlder "4.12" (option yes); KVM_GENERIC_DIRTYLOG_READ_PROTECT = yes; KVM_GUEST = yes; KVM_MMIO = yes; @@ -769,7 +767,6 @@ let AIC79XX_DEBUG_ENABLE = no; AIC7XXX_DEBUG_ENABLE = no; AIC94XX_DEBUG = no; - B43_PCMCIA = { optional=true; tristate = whenOlder "4.4" "y";}; BLK_DEV_INTEGRITY = yes; From 1b0e116b1474b594eca801bedb231b201996359b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Wed, 23 Mar 2022 16:45:14 -0600 Subject: [PATCH 25/38] linux: condition CLEANCACHE to before 5.17 when it was removed --- pkgs/os-specific/linux/kernel/common-config.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 3856a223e2c..92fc77128d2 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -787,7 +787,9 @@ let BT_RFCOMM_TTY = option yes; # RFCOMM TTY support BT_QCA = module; # enables QCA6390 bluetooth - CLEANCACHE = option yes; + # Removed on 5.17 as it was unused + # upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a4ee518185e902758191d968600399f3bc2be31 + CLEANCACHE = whenOlder "5.17" (option yes); CRASH_DUMP = option no; DVB_DYNAMIC_MINORS = option yes; # we use udev From b41351d4501bf5459b501bb7c037772c59b02000 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 24 Mar 2022 10:30:38 +0000 Subject: [PATCH 26/38] python310Packages.vertica-python: 1.0.3 -> 1.0.4 --- pkgs/development/python-modules/vertica-python/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/vertica-python/default.nix b/pkgs/development/python-modules/vertica-python/default.nix index a456c5232d8..2339073f514 100644 --- a/pkgs/development/python-modules/vertica-python/default.nix +++ b/pkgs/development/python-modules/vertica-python/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "vertica-python"; - version = "1.0.3"; + version = "1.0.4"; src = fetchPypi { inherit pname version; - sha256 = "cfe1794c5ba9fdfbd470a55d82f60c2e08e129828367753bf64199a58a539bc2"; + sha256 = "sha256-IpdrR9mDG+8cNnXgSXkmXahSEP4EGnEBJqZk5SNu9pA="; }; propagatedBuildInputs = [ future python-dateutil six ]; From 1479126ac1af2751cbcefea3e13ee989ea8ed022 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 24 Mar 2022 19:14:05 +0100 Subject: [PATCH 27/38] python3Packages.vertica-python: switch to pytestCheckHook --- .../python-modules/vertica-python/default.nix | 43 +++++++++++++++---- 1 file changed, 34 insertions(+), 9 deletions(-) diff --git a/pkgs/development/python-modules/vertica-python/default.nix b/pkgs/development/python-modules/vertica-python/default.nix index 2339073f514..cd6186e574f 100644 --- a/pkgs/development/python-modules/vertica-python/default.nix +++ b/pkgs/development/python-modules/vertica-python/default.nix @@ -1,27 +1,52 @@ -{ lib, buildPythonPackage, fetchPypi, future, python-dateutil, six, pytest, mock, parameterized }: +{ lib +, buildPythonPackage +, fetchPypi +, future +, mock +, parameterized +, pytestCheckHook +, python-dateutil +, pythonOlder +, six +}: buildPythonPackage rec { pname = "vertica-python"; version = "1.0.4"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "sha256-IpdrR9mDG+8cNnXgSXkmXahSEP4EGnEBJqZk5SNu9pA="; + hash = "sha256-IpdrR9mDG+8cNnXgSXkmXahSEP4EGnEBJqZk5SNu9pA="; }; - propagatedBuildInputs = [ future python-dateutil six ]; + propagatedBuildInputs = [ + future + python-dateutil + six + ]; - checkInputs = [ pytest mock parameterized ]; + checkInputs = [ + mock + parameterized + pytestCheckHook + ]; - # Integration tests require an accessible Vertica db - checkPhase = '' - pytest --ignore vertica_python/tests/integration_tests - ''; + disabledTestPaths = [ + # Integration tests require an accessible Vertica db + "vertica_python/tests/integration_tests" + ]; + + pythonImportsCheck = [ + "vertica_python" + ]; meta = with lib; { description = "Native Python client for Vertica database"; homepage = "https://github.com/vertica/vertica-python"; license = licenses.asl20; - maintainers = [ maintainers.arnoldfarkas ]; + maintainers = with maintainers; [ arnoldfarkas ]; }; } From c764d3138eb4ab374b34c7477cc1c33a2d55636f Mon Sep 17 00:00:00 2001 From: Sean Buckley Date: Thu, 24 Mar 2022 16:46:04 -0400 Subject: [PATCH 28/38] ciscoPacketTracer8: 8.0.1 -> 8.1.1 --- pkgs/applications/networking/cisco-packet-tracer/8.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/cisco-packet-tracer/8.nix b/pkgs/applications/networking/cisco-packet-tracer/8.nix index 1267a061429..9bc89001745 100644 --- a/pkgs/applications/networking/cisco-packet-tracer/8.nix +++ b/pkgs/applications/networking/cisco-packet-tracer/8.nix @@ -27,7 +27,7 @@ }: let - version = "8.0.1"; + version = "8.1.1"; ptFiles = stdenv.mkDerivation { name = "PacketTracer8Drv"; @@ -36,7 +36,7 @@ let dontUnpack = true; src = requireFile { name = "CiscoPacketTracer_${builtins.replaceStrings ["."] [""] version}_Ubuntu_64bit.deb"; - sha256 = "77a25351b016faed7c78959819c16c7013caa89c6b1872cb888cd96edd259140"; + sha256 = "08c53171aa0257a64ae7de1540f242214033cfa4f879fbc9fed5cc0d32232abf"; url = "https://www.netacad.com"; }; @@ -72,6 +72,7 @@ let libXrandr libXrender libXScrnSaver + libXtst xcbutilimage xcbutilkeysyms xcbutilrenderutil From 53c1fe6b2e78eca736370ea8900f465393317b9b Mon Sep 17 00:00:00 2001 From: Gregor Kleen <20089782+gkleen@users.noreply.github.com> Date: Thu, 24 Mar 2022 21:59:56 +0100 Subject: [PATCH 29/38] zfs: 2.1.3 -> 2.1.4 --- pkgs/os-specific/linux/zfs/default.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index b5260d47caa..6747d511694 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -16,7 +16,7 @@ , enablePython ? true # for determining the latest compatible linuxPackages -, linuxPackages_5_16 ? pkgs.linuxKernel.packages.linux_5_16 +, linuxPackages_5_17 ? pkgs.linuxKernel.packages.linux_5_17 }: let @@ -216,28 +216,28 @@ in { # to be adapted zfsStable = common { # check the release notes for compatible kernels - kernelCompatible = kernel.kernelAtLeast "3.10" && kernel.kernelOlder "5.17"; - latestCompatibleLinuxPackages = linuxPackages_5_16; + kernelCompatible = kernel.kernelAtLeast "3.10" && kernel.kernelOlder "5.18"; + latestCompatibleLinuxPackages = linuxPackages_5_17; # this package should point to the latest release. - version = "2.1.3"; + version = "2.1.4"; - sha256 = "10p9s835wj5msspqwnqbfbnh8jmcazzd2v0gj4hn7vvni4p48gfl"; + sha256 = "sha256-pHz1N2j+d9p1xleEBwwrmK9mN5gEyM69Suy0dsrkZT4="; }; zfsUnstable = common { # check the release notes for compatible kernels - kernelCompatible = kernel.kernelAtLeast "3.10" && kernel.kernelOlder "5.17"; - latestCompatibleLinuxPackages = linuxPackages_5_16; + kernelCompatible = kernel.kernelAtLeast "3.10" && kernel.kernelOlder "5.18"; + latestCompatibleLinuxPackages = linuxPackages_5_17; # this package should point to a version / git revision compatible with the latest kernel release # IMPORTANT: Always use a tagged release candidate or commits from the # zfs--staging branch, because this is tested by the OpenZFS # maintainers. - version = "2.1.3"; + version = "2.1.4"; # rev = "0000000000000000000000000000000000000000"; - sha256 = "10p9s835wj5msspqwnqbfbnh8jmcazzd2v0gj4hn7vvni4p48gfl"; + sha256 = "sha256-pHz1N2j+d9p1xleEBwwrmK9mN5gEyM69Suy0dsrkZT4="; isUnstable = true; }; From 377f1c73b40b14fed7c6d6576b4e00411371aa9d Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Thu, 24 Mar 2022 15:39:37 -0700 Subject: [PATCH 30/38] linuxPackages.nvidia_x11: 510.54 -> 510.60.02 --- pkgs/os-specific/linux/nvidia-x11/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index 14526501785..246295eb734 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -19,10 +19,10 @@ rec { # Policy: use the highest stable version as the default (on our master). stable = if stdenv.hostPlatform.system == "x86_64-linux" then generic { - version = "510.54"; - sha256_64bit = "TCDezK4/40et/Q5piaMG+QJP2t+DGtwejmCFVnUzUWE="; - settingsSha256 = "ZWz5UN6Pa69NlmerKu30G+X8WfGlAwnVerDrO7TRO6w="; - persistencedSha256 = "MgWrBjKXJeRqF+ouT72tTiLPtn+lsS/Cp3oS61AWV8Q="; + version = "510.60.02"; + sha256_64bit = "sha256-qADfwFSQeP2Mbo5ngO+47uh4cuYFXH9fOGpHaM4H4AM="; + settingsSha256 = "sha256-Voa1JZ2qqJ1t+bfwKh/mssEi/hjzLTPwef2XG/gAC+0="; + persistencedSha256 = "sha256-THgK2GpRcttqSN2WxcuJu5My++Q+Y34jG8hm7daxhAQ="; } else legacy_390; From bf7d13dc4f54561bb2d8b026e25bda70362b789e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Tue, 22 Mar 2022 19:53:22 +0100 Subject: [PATCH 31/38] fetchpatch: add `relative` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allows restricting patches to a specific subdirectory, à la `git diff --relative=subdir`. This cannot be done (cleanly) currently because the `includes` logic happens *after* `stripLen` is applied, so we can't match on `subdir/*`. This change adds a `relative` argument that makes this possible by filtering files before doing any processing, and setting `stripLen` and `extraPrefix` accordingly. --- .../coding-conventions.chapter.md | 5 ++- pkgs/build-support/fetchpatch/default.nix | 45 ++++++++++++------- pkgs/build-support/fetchpatch/tests.nix | 16 +++++++ 3 files changed, 49 insertions(+), 17 deletions(-) diff --git a/doc/contributing/coding-conventions.chapter.md b/doc/contributing/coding-conventions.chapter.md index cfe8582e514..dac6d828ac0 100644 --- a/doc/contributing/coding-conventions.chapter.md +++ b/doc/contributing/coding-conventions.chapter.md @@ -540,10 +540,11 @@ If you do need to do create this sort of patch file, one way to do so is with gi If a patch is available online but does not cleanly apply, it can be modified in some fixed ways by using additional optional arguments for `fetchpatch`: +- `relative`: Similar to using `git-diff`'s `--relative` flag, only keep changes inside the specified directory, making paths relative to it. - `stripLen`: Remove the first `stripLen` components of pathnames in the patch. - `extraPrefix`: Prefix pathnames by this string. -- `excludes`: Exclude files matching this pattern. -- `includes`: Include only files matching this pattern. +- `excludes`: Exclude files matching these patterns (applies after the above arguments). +- `includes`: Include only files matching these patterns (applies after the above arguments). - `revert`: Revert the patch. Note that because the checksum is computed after applying these effects, using or modifying these arguments will have no effect unless the `sha256` argument is changed as well. diff --git a/pkgs/build-support/fetchpatch/default.nix b/pkgs/build-support/fetchpatch/default.nix index 6e25b2d6ecc..d46162c97ff 100644 --- a/pkgs/build-support/fetchpatch/default.nix +++ b/pkgs/build-support/fetchpatch/default.nix @@ -9,7 +9,8 @@ let # 0.3.4 would change hashes: https://github.com/NixOS/nixpkgs/issues/25154 patchutils = buildPackages.patchutils_0_3_3; in -{ stripLen ? 0 +{ relative ? null +, stripLen ? 0 , extraPrefix ? null , excludes ? [] , includes ? [] @@ -17,7 +18,18 @@ in , postFetch ? "" , ... }@args: - +let + args' = if relative != null then { + stripLen = 1 + lib.length (lib.splitString "/" relative) + stripLen; + extraPrefix = if extraPrefix != null then extraPrefix else ""; + } else { + inherit stripLen extraPrefix; + }; +in let + inherit (args') stripLen extraPrefix; +in +lib.throwIfNot (excludes == [] || includes == []) + "fetchpatch: cannot use excludes and includes simultaneously" fetchurl ({ postFetch = '' tmpfile="$TMPDIR/patch" @@ -27,17 +39,19 @@ fetchurl ({ exit 1 fi - "${patchutils}/bin/lsdiff" "$out" \ - | sort -u | sed -e 's/[*?]/\\&/g' \ - | xargs -I{} \ - "${patchutils}/bin/filterdiff" \ - --include={} \ - --strip=${toString stripLen} \ - ${lib.optionalString (extraPrefix != null) '' - --addoldprefix=a/${extraPrefix} \ - --addnewprefix=b/${extraPrefix} \ - ''} \ - --clean "$out" > "$tmpfile" + "${patchutils}/bin/lsdiff" \ + ${lib.optionalString (relative != null) "-p1 -i ${lib.escapeShellArg relative}/'*'"} \ + "$out" \ + | sort -u | sed -e 's/[*?]/\\&/g' \ + | xargs -I{} \ + "${patchutils}/bin/filterdiff" \ + --include={} \ + --strip=${toString stripLen} \ + ${lib.optionalString (extraPrefix != null) '' + --addoldprefix=a/${lib.escapeShellArg extraPrefix} \ + --addnewprefix=b/${lib.escapeShellArg extraPrefix} \ + ''} \ + --clean "$out" > "$tmpfile" if [ ! -s "$tmpfile" ]; then echo "error: Normalized patch '$tmpfile' is empty (while the fetched file was not)!" 1>&2 @@ -64,5 +78,6 @@ fetchurl ({ ${patchutils}/bin/interdiff "$out" /dev/null > "$tmpfile" mv "$tmpfile" "$out" '' + postFetch; - meta.broken = excludes != [] && includes != []; -} // builtins.removeAttrs args ["stripLen" "extraPrefix" "excludes" "includes" "revert" "postFetch"]) +} // builtins.removeAttrs args [ + "relative" "stripLen" "extraPrefix" "excludes" "includes" "revert" "postFetch" +]) diff --git a/pkgs/build-support/fetchpatch/tests.nix b/pkgs/build-support/fetchpatch/tests.nix index 4240b325d65..ff2b81bf3a1 100644 --- a/pkgs/build-support/fetchpatch/tests.nix +++ b/pkgs/build-support/fetchpatch/tests.nix @@ -5,4 +5,20 @@ url = "https://github.com/facebook/zstd/pull/2724/commits/e1f85dbca3a0ed5ef06c8396912a0914db8dea6a.patch"; sha256 = "sha256-PuYAqnJWAE+L9bsroOnnBGJhERW8LHrGSLtIEkKU9vg="; }; + + relative = invalidateFetcherByDrvHash fetchpatch { + url = "https://github.com/boostorg/math/commit/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b.patch"; + relative = "include"; + sha256 = "sha256-KlmIbixcds6GyKYt1fx5BxDIrU7msrgDdYo9Va/KJR4="; + }; + + full = invalidateFetcherByDrvHash fetchpatch { + url = "https://github.com/boostorg/math/commit/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b.patch"; + relative = "test"; + stripLen = 1; + extraPrefix = "foo/bar/"; + excludes = [ "foo/bar/bernoulli_no_atomic_mp.cpp" ]; + revert = true; + sha256 = "sha256-+UKmEbr2rIAweCav/hR/7d4ZrYV84ht/domTrHtm8sM="; + }; } From 37e093f5f18d90cf21f1453df73917c253cfeb77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Tue, 22 Mar 2022 20:44:27 +0100 Subject: [PATCH 32/38] haskellPackages.hledger-lib: use fetchpatch's `relative` argument We can drop `includes` since there's only one file in that directory. --- pkgs/development/haskell-modules/configuration-common.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index b95f53758fd..59e3b34a4e0 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -859,9 +859,8 @@ self: super: { (pkgs.fetchpatch { name = "hledger-properly-escape-quotes-csv.patch"; url = "https://github.com/simonmichael/hledger/commit/c9a72e1615e2ddc2824f2e248456e1042eb31e1d.patch"; - sha256 = "10knvrd5bl9nrmi27i0pm82sfr64jy04xgbjp228qywyijpr3pqv"; - includes = [ "Hledger/Read/CsvReader.hs" ]; - stripLen = 1; + relative = "hledger-lib"; + sha256 = "sha256-gjYYo0eq1gWNAAFF3dKt9QDq0VpLnN5/648r/NXEPVE="; }) super.hledger-lib; From 92cb4fc15b05502e5228a09f47dafac5bbb819d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Tue, 22 Mar 2022 20:47:46 +0100 Subject: [PATCH 33/38] haskellPackages.yi-language: use fetchpatch's `relative` argument We can drop `includes` since there's only one file in that directory. --- pkgs/development/haskell-modules/configuration-common.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 59e3b34a4e0..25b80f8c25d 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -1818,10 +1818,8 @@ self: super: { # Presumably to be removed at the next release yi-language = appendPatch (pkgs.fetchpatch { url = "https://github.com/yi-editor/yi/commit/0d3bcb5ba4c237d57ce33a3dc39b63c56d890765.patch"; - sha256 = "0r4mzngs0x1akqpajzx7ssa9rax977fvj5ra8d3grfbpx6z0nm01"; - includes = [ "yi-language.cabal" ]; - stripLen = 2; - extraPrefix = ""; + relative = "yi-language"; + sha256 = "sha256-AVQLvul3ufxGQyoXud05qauclNanf6kunip0oJ/9lWQ="; }) super.yi-language; # https://github.com/ghcjs/jsaddle/issues/123 From 9e7ec276c6822847cd25a515bff2e1bae6b6a286 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Tue, 22 Mar 2022 20:56:40 +0100 Subject: [PATCH 34/38] cgal_4: use fetchpatch's `relative` argument The `gcc-12-prereq.patch` patch now includes the entire `CGAL_Core` subdirectory, but the patch only fixes warnings so this is fine. --- pkgs/development/libraries/CGAL/4.nix | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/pkgs/development/libraries/CGAL/4.nix b/pkgs/development/libraries/CGAL/4.nix index 7380a85248f..9c0305ec077 100644 --- a/pkgs/development/libraries/CGAL/4.nix +++ b/pkgs/development/libraries/CGAL/4.nix @@ -18,18 +18,14 @@ stdenv.mkDerivation rec { (fetchpatch { name = "gcc-12-prereq.patch"; url = "https://github.com/CGAL/cgal/commit/4581f1b7a8e97d1a136830e64b77cdae3546c4bf.patch"; - sha256 = "1gzrvbrwxylv80v0m3j2s1znlysmr69lp3ggagnh38lp6423i6pq"; - # Upstream slightly reordered directory structure since. - stripLen = 1; - # Fill patch does not apply: touches too many parts of the source. - includes = [ "include/CGAL/CORE/BigFloatRep.h" ]; + relative = "CGAL_Core"; # Upstream slightly reordered directory structure since. + sha256 = "sha256-4+7mzGSBwAv5RHBQPAecPPKNN/LQBgvYq5mq+fHAteo="; }) (fetchpatch { name = "gcc-12.patch"; url = "https://github.com/CGAL/cgal/commit/6680a6e6f994b2c5b9f068eb3014d12ee1134d53.patch"; - sha256 = "1c0h1lh8zng60yx78qc8wx714b517mil8mac87v6xr21q0b11wk7"; - # Upstream slightly reordered directory structure since. - stripLen = 1; + relative = "CGAL_Core"; # Upstream slightly reordered directory structure since. + sha256 = "sha256-8kxJDT47jXI9kQNFI/ARWl9JBNS4AfU57/D0tYlgW0M="; }) ]; From a6bc988f00aab57694d8db53284617a34a7f8d61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Tue, 22 Mar 2022 21:01:00 +0100 Subject: [PATCH 35/38] boost177: use fetchpatch's `relative` argument We can drop `includes` since there's only one file in that directory. --- pkgs/development/libraries/boost/generic.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkgs/development/libraries/boost/generic.nix b/pkgs/development/libraries/boost/generic.nix index bad87fba8c6..d729602b9d5 100644 --- a/pkgs/development/libraries/boost/generic.nix +++ b/pkgs/development/libraries/boost/generic.nix @@ -130,10 +130,8 @@ stdenv.mkDerivation { ++ optional (versionAtLeast version "1.73") ./cmake-paths-173.patch ++ optional (version == "1.77.0") (fetchpatch { url = "https://github.com/boostorg/math/commit/7d482f6ebc356e6ec455ccb5f51a23971bf6ce5b.patch"; + relative = "include"; sha256 = "sha256-KlmIbixcds6GyKYt1fx5BxDIrU7msrgDdYo9Va/KJR4="; - stripLen = 2; - extraPrefix = ""; - includes = [ "boost/math/special_functions/detail/bernoulli_details.hpp" ]; }); meta = { From ad15abe7ffbc68ba8a41fdb9270c31b75e2e7fd8 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Thu, 3 Mar 2022 11:14:03 -0600 Subject: [PATCH 36/38] squid: 4.17 -> 5.4.1 * enable HTCP * enable systemd support * add NixOS option "services.squid.package" --- nixos/modules/services/networking/squid.nix | 17 ++++++++++++++--- pkgs/servers/squid/default.nix | 14 ++++++++------ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/nixos/modules/services/networking/squid.nix b/nixos/modules/services/networking/squid.nix index 4f3881af8bb..db4f0d26b6f 100644 --- a/nixos/modules/services/networking/squid.nix +++ b/nixos/modules/services/networking/squid.nix @@ -111,6 +111,13 @@ in description = "Whether to run squid web proxy."; }; + package = mkOption { + default = pkgs.squid; + defaultText = literalExpression "pkgs.squid"; + type = types.package; + description = "Squid package to use."; + }; + proxyAddress = mkOption { type = types.nullOr types.str; default = null; @@ -157,17 +164,21 @@ in users.groups.squid = {}; systemd.services.squid = { - description = "Squid caching web proxy"; + description = "Squid caching proxy"; + documentation = [ "man:squid(8)" ]; after = [ "network.target" "nss-lookup.target" ]; wantedBy = [ "multi-user.target"]; preStart = '' mkdir -p "/var/log/squid" chown squid:squid "/var/log/squid" + ${cfg.package}/bin/squid --foreground -z -f ${squidConfig} ''; serviceConfig = { - Type="forking"; PIDFile="/run/squid.pid"; - ExecStart = "${pkgs.squid}/bin/squid -YCs -f ${squidConfig}"; + ExecStart = "${cfg.package}/bin/squid --foreground -YCs -f ${squidConfig}"; + ExecReload="kill -HUP $MAINPID"; + KillMode="mixed"; + NotifyAccess="all"; }; }; diff --git a/pkgs/servers/squid/default.nix b/pkgs/servers/squid/default.nix index dae9d21c7f5..70b9c869f11 100644 --- a/pkgs/servers/squid/default.nix +++ b/pkgs/servers/squid/default.nix @@ -1,20 +1,20 @@ { lib, stdenv, fetchurl, perl, openldap, pam, db, cyrus_sasl, libcap -, expat, libxml2, openssl, pkg-config +, expat, libxml2, openssl, pkg-config, systemd }: stdenv.mkDerivation rec { pname = "squid"; - version = "4.17"; + version = "5.4.1"; src = fetchurl { - url = "http://www.squid-cache.org/Versions/v4/${pname}-${version}.tar.xz"; - sha256 = "sha256-y5KKwIx8hrFRscj4J6vhqE2DGBoqhuDVEihhY+HjFBg="; + url = "http://www.squid-cache.org/Versions/v5/${pname}-${version}.tar.xz"; + sha256 = "sha256-300xCpFmOuWcKbD4GD8iYjxeb3MYaa95OAWYerlMpBw="; }; nativeBuildInputs = [ pkg-config ]; buildInputs = [ perl openldap db cyrus_sasl expat libxml2 openssl - ] ++ lib.optionals stdenv.isLinux [ libcap pam ]; + ] ++ lib.optionals stdenv.isLinux [ libcap pam systemd ]; configureFlags = [ "--enable-ipv6" @@ -26,7 +26,9 @@ stdenv.mkDerivation rec { "--enable-removal-policies=lru,heap" "--enable-delay-pools" "--enable-x-accelerator-vary" - ] ++ lib.optional (stdenv.isLinux && !stdenv.hostPlatform.isMusl) "--enable-linux-netfilter"; + "--enable-htcp" + ] ++ lib.optional (stdenv.isLinux && !stdenv.hostPlatform.isMusl) + "--enable-linux-netfilter"; meta = with lib; { description = "A caching proxy for the Web supporting HTTP, HTTPS, FTP, and more"; From 4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Sat, 26 Feb 2022 10:53:26 -0600 Subject: [PATCH 37/38] nixos: init programs/nncp module The NNCP utilities read a configuration at "/etc/nncp.hjson" by default. Add a NixOS module for generating this configuration. --- .../from_md/release-notes/rl-2205.section.xml | 6 ++ .../manual/release-notes/rl-2205.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/programs/nncp.nix | 101 ++++++++++++++++++ 4 files changed, 110 insertions(+) create mode 100644 nixos/modules/programs/nncp.nix diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 0b01c4e0884..abb17619613 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -1660,6 +1660,12 @@ + + + The programs.nncp options were added for + generating host-global NNCP configuration. + + diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 5b93b644eea..909b6cd8b7b 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -587,4 +587,6 @@ In addition to numerous new and upgraded packages, this release has the followin - Testing has been enabled for `aarch64-linux` in addition to `x86_64-linux`. - The `spark3` package is now usable on `aarch64-darwin` as a result of [#158613](https://github.com/NixOS/nixpkgs/pull/158613) and [#158992](https://github.com/NixOS/nixpkgs/pull/158992). +- The `programs.nncp` options were added for generating host-global NNCP configuration. + diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 93172aa0824..a4c389e6937 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -184,6 +184,7 @@ ./programs/nix-ld.nix ./programs/neovim.nix ./programs/nm-applet.nix + ./programs/nncp.nix ./programs/npm.nix ./programs/noisetorch.nix ./programs/oblogout.nix diff --git a/nixos/modules/programs/nncp.nix b/nixos/modules/programs/nncp.nix new file mode 100644 index 00000000000..29a703eadf1 --- /dev/null +++ b/nixos/modules/programs/nncp.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + nncpCfgFile = "/run/nncp.hjson"; + programCfg = config.programs.nncp; + settingsFormat = pkgs.formats.json { }; + jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings; + pkg = programCfg.package; +in { + options.programs.nncp = { + + enable = + mkEnableOption "NNCP (Node to Node copy) utilities and configuration"; + + group = mkOption { + type = types.str; + default = "uucp"; + description = '' + The group under which NNCP files shall be owned. + Any member of this group may access the secret keys + of this NNCP node. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.nncp; + defaultText = literalExpression "pkgs.nncp"; + description = "The NNCP package to use system-wide."; + }; + + secrets = mkOption { + type = with types; listOf str; + example = [ "/run/keys/nncp.hjson" ]; + description = '' + A list of paths to NNCP configuration files that should not be + in the Nix store. These files are layered on top of the values at + . + ''; + }; + + settings = mkOption { + type = settingsFormat.type; + description = '' + NNCP configuration, see + . + At runtime these settings will be overlayed by the contents of + into the file + ${nncpCfgFile}. Node keypairs go in + secrets, do not specify them in + settings as they will be leaked into + /nix/store! + ''; + default = { }; + }; + + }; + + config = mkIf programCfg.enable { + + environment = { + systemPackages = [ pkg ]; + etc."nncp.hjson".source = nncpCfgFile; + }; + + programs.nncp.settings = { + spool = mkDefault "/var/spool/nncp"; + log = mkDefault "/var/spool/nncp/log"; + }; + + systemd.tmpfiles.rules = [ + "d ${programCfg.settings.spool} 0770 root ${programCfg.group}" + "f ${programCfg.settings.log} 0770 root ${programCfg.group}" + ]; + + systemd.services.nncp-config = { + path = [ pkg ]; + description = "Generate NNCP configuration"; + wantedBy = [ "basic.target" ]; + serviceConfig.Type = "oneshot"; + script = '' + umask u=rw + nncpCfgDir=$(mktemp --directory nncp.XXX) + for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do + tmpdir=$(mktemp --directory nncp.XXX) + nncp-cfgdir -cfg $f -dump $tmpdir + find $tmpdir -size 1c -delete + cp -a $tmpdir/* $nncpCfgDir/ + rm -rf $tmpdir + done + nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile} + rm -rf $nncpCfgDir + chgrp ${programCfg.group} ${nncpCfgFile} + chmod g+r ${nncpCfgFile} + ''; + }; + }; + + meta.maintainers = with lib.maintainers; [ ehmry ]; +} From de23459252f7708643c62fd2822157f28898c2a5 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Wed, 9 Mar 2022 08:27:52 -0600 Subject: [PATCH 38/38] littlefs-fuse: init at 2.4.1 --- .../filesystems/littlefs-fuse/default.nix | 26 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 pkgs/tools/filesystems/littlefs-fuse/default.nix diff --git a/pkgs/tools/filesystems/littlefs-fuse/default.nix b/pkgs/tools/filesystems/littlefs-fuse/default.nix new file mode 100644 index 00000000000..daec12b5041 --- /dev/null +++ b/pkgs/tools/filesystems/littlefs-fuse/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchFromGitHub, fuse }: + +stdenv.mkDerivation rec { + pname = "littlefs-fuse"; + version = "2.4.1"; + src = fetchFromGitHub { + owner = "littlefs-project"; + repo = pname; + rev = "v${version}"; + hash = "sha256-+EUZluBtgZiziTEIfXIhkRIBu/Pe78qmL18TQHkfHO4="; + }; + buildInputs = [ fuse ]; + installPhase = '' + runHook preInstall + install -D lfs $out/bin/${pname} + ln -s $out/bin/${pname} $out/bin/mount.littlefs + ln -s $out/bin $out/sbin + runHook postInstall + ''; + meta = src.meta // { + description = "A FUSE wrapper that puts the littlefs in user-space"; + license = lib.licenses.bsd3; + maintainers = with lib.maintainers; [ ehmry ]; + inherit (fuse.meta) platforms; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a48a923d76d..d69ddef73cc 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7233,6 +7233,8 @@ with pkgs; lfs = callPackage ../tools/filesystems/lfs { }; + littlefs-fuse = callPackage ../tools/filesystems/littlefs-fuse { }; + lksctp-tools = callPackage ../os-specific/linux/lksctp-tools { }; lldpd = callPackage ../tools/networking/lldpd { };