From 9fc01af1cc8f9ffe40bf87b96cbafd1810856ea7 Mon Sep 17 00:00:00 2001 From: Federico Beffa Date: Sun, 10 Apr 2022 21:06:19 +0200 Subject: [PATCH 01/19] nixos/users-group: Add 'homeMode' option. --- nixos/modules/config/update-users-groups.pl | 2 +- nixos/modules/config/users-groups.nix | 9 ++++++- nixos/tests/all-tests.nix | 1 + nixos/tests/user-home-mode.nix | 27 +++++++++++++++++++++ 4 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 nixos/tests/user-home-mode.nix diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index 26ce561013b6..6ceb668a595e 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -226,7 +226,7 @@ foreach my $u (@{$spec->{users}}) { if ($u->{createHome}) { make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry; chown $u->{uid}, $u->{gid}, $u->{home}; - chmod 0700, $u->{home}; + chmod oct($u->{homeMode}), $u->{home}; } if (defined $u->{passwordFile}) { diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index b0f96c754fa5..e9ce9d5e4118 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -139,6 +139,12 @@ let description = "The user's home directory."; }; + homeMode = mkOption { + type = types.strMatching "[0-7]{1,5}"; + default = "700"; + description = "The user's home directory mode in numeric format. See chmod(1)."; + }; + cryptHomeLuks = mkOption { type = with types; nullOr str; default = null; @@ -319,6 +325,7 @@ let group = mkDefault "users"; createHome = mkDefault true; home = mkDefault "/home/${config.name}"; + homeMode = mkDefault "700"; useDefaultShell = mkDefault true; isSystemUser = mkDefault false; }) @@ -430,7 +437,7 @@ let inherit (cfg) mutableUsers; users = mapAttrsToList (_: u: { inherit (u) - name uid group description home createHome isSystemUser + name uid group description home homeMode createHome isSystemUser password passwordFile hashedPassword autoSubUidGidRange subUidRanges subGidRanges initialPassword initialHashedPassword; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index ffccb6b44660..9e206bfcc640 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -556,6 +556,7 @@ in upnp = handleTest ./upnp.nix {}; usbguard = handleTest ./usbguard.nix {}; user-activation-scripts = handleTest ./user-activation-scripts.nix {}; + user-home-mode = handleTest ./user-home-mode.nix {}; uwsgi = handleTest ./uwsgi.nix {}; v2ray = handleTest ./v2ray.nix {}; vault = handleTest ./vault.nix {}; diff --git a/nixos/tests/user-home-mode.nix b/nixos/tests/user-home-mode.nix new file mode 100644 index 000000000000..1366d102a99b --- /dev/null +++ b/nixos/tests/user-home-mode.nix @@ -0,0 +1,27 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "user-home-mode"; + meta = with lib.maintainers; { maintainers = [ fbeffa ]; }; + + nodes.machine = { + users.users.alice = { + initialPassword = "pass1"; + isNormalUser = true; + }; + users.users.bob = { + initialPassword = "pass2"; + isNormalUser = true; + homeMode = "750"; + }; + }; + + testScript = '' + machine.wait_for_unit("multi-user.target") + machine.wait_for_unit("getty@tty1.service") + machine.wait_until_tty_matches(1, "login: ") + machine.send_chars("alice\n") + machine.wait_until_tty_matches(1, "Password: ") + machine.send_chars("pass1\n") + machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]') + machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]') + ''; +}) From 311aa6d05d57fe1e94d16509b8eff43dbd6dbc7d Mon Sep 17 00:00:00 2001 From: Federico Beffa Date: Sat, 14 May 2022 11:47:48 +0200 Subject: [PATCH 02/19] nixos/users-group: Update description of 'homeMode' option. --- nixos/modules/config/users-groups.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index e9ce9d5e4118..16e387a44c0a 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -142,7 +142,7 @@ let homeMode = mkOption { type = types.strMatching "[0-7]{1,5}"; default = "700"; - description = "The user's home directory mode in numeric format. See chmod(1)."; + description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if is true."; }; cryptHomeLuks = mkOption { From 2145dbc4fcd3c512bb7ec6e0826fa3d2d2e80c4c Mon Sep 17 00:00:00 2001 From: pennae Date: Sat, 14 May 2022 07:54:19 +0200 Subject: [PATCH 03/19] nixos/mosquitto: add missing listener option bind_interface we expose it under settings instead of at the listener toplevel because mosquitto seems to pick the addresses it will listen on nondeterministically from the set of addresses configured on the interface being bound to. encouraging its use by putting it into the toplevel options for a listener seems inadvisable. --- .../modules/services/networking/mosquitto.nix | 4 ++- nixos/tests/mosquitto.nix | 28 +++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index b41a2fd27be2..1b61a3ee5991 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -199,6 +199,7 @@ let allow_anonymous = 1; allow_zero_length_clientid = 1; auto_id_prefix = 1; + bind_interface = 1; cafile = 1; capath = 1; certfile = 1; @@ -629,9 +630,10 @@ in ])); RemoveIPC = true; RestrictAddressFamilies = [ - "AF_UNIX" # for sd_notify() call + "AF_UNIX" "AF_INET" "AF_INET6" + "AF_NETLINK" ]; RestrictNamespaces = true; RestrictRealtime = true; diff --git a/nixos/tests/mosquitto.nix b/nixos/tests/mosquitto.nix index 36cc8e3e3d9b..d516d3373d9f 100644 --- a/nixos/tests/mosquitto.nix +++ b/nixos/tests/mosquitto.nix @@ -4,6 +4,7 @@ let port = 1888; tlsPort = 1889; anonPort = 1890; + bindTestPort = 1891; password = "VERY_secret"; hashedPassword = "$7$101$/WJc4Mp+I+uYE9sR$o7z9rD1EYXHPwEP5GqQj6A7k4W1yVbePlb8TqNcuOLV9WNCiDgwHOB0JHC1WCtdkssqTBduBNUnUGd6kmZvDSw=="; topic = "test/foo"; @@ -125,6 +126,10 @@ in { }; }; } + { + settings.bind_interface = "eth0"; + port = bindTestPort; + } ]; }; }; @@ -134,6 +139,8 @@ in { }; testScript = '' + import json + def mosquitto_cmd(binary, user, topic, port): return ( "mosquitto_{} " @@ -162,6 +169,27 @@ in { start_all() server.wait_for_unit("mosquitto.service") + with subtest("bind_interface"): + addrs = dict() + for iface in json.loads(server.succeed("ip -json address show")): + for addr in iface['addr_info']: + # don't want to deal with multihoming here + assert addr['local'] not in addrs + addrs[addr['local']] = (iface['ifname'], addr['family']) + + # mosquitto grabs *one* random address per type for bind_interface + (has4, has6) = (False, False) + for line in server.succeed("ss -HlptnO sport = ${toString bindTestPort}").splitlines(): + items = line.split() + if "mosquitto" not in items[5]: continue + listener = items[3].rsplit(':', maxsplit=1)[0].strip('[]') + assert listener in addrs + assert addrs[listener][0] == "eth0" + has4 |= addrs[listener][1] == 'inet' + has6 |= addrs[listener][1] == 'inet6' + assert has4 + assert has6 + with subtest("check passwords"): client1.succeed(publish("-m test", "password_store")) client1.succeed(publish("-m test", "password_file")) From c1115d37ffd4f947dd110c1bfc8f1593eaa07928 Mon Sep 17 00:00:00 2001 From: pennae Date: Sat, 14 May 2022 08:01:30 +0200 Subject: [PATCH 04/19] nixos/mosquitto: fix attribute path display in assertions --- nixos/modules/services/networking/mosquitto.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 1b61a3ee5991..256d9457d396 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -296,7 +296,7 @@ let }; listenerAsserts = prefix: listener: - assertKeysValid prefix freeformListenerKeys listener.settings + assertKeysValid "${prefix}.settings" freeformListenerKeys listener.settings ++ userAsserts prefix listener.users ++ imap0 (i: v: authAsserts "${prefix}.authPlugins.${toString i}" v) @@ -398,7 +398,7 @@ let }; bridgeAsserts = prefix: bridge: - assertKeysValid prefix freeformBridgeKeys bridge.settings + assertKeysValid "${prefix}.settings" freeformBridgeKeys bridge.settings ++ [ { assertion = length bridge.addresses > 0; message = "Bridge ${prefix} needs remote broker addresses"; @@ -527,7 +527,7 @@ let globalAsserts = prefix: cfg: flatten [ - (assertKeysValid prefix freeformGlobalKeys cfg.settings) + (assertKeysValid "${prefix}.settings" freeformGlobalKeys cfg.settings) (imap0 (n: l: listenerAsserts "${prefix}.listener.${toString n}" l) cfg.listeners) (mapAttrsToList (n: b: bridgeAsserts "${prefix}.bridge.${n}" b) cfg.bridges) ]; From cbcc746f8f521849687d225c4a3f85b2beb24168 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Tue, 10 May 2022 19:01:48 +0200 Subject: [PATCH 05/19] nixos/systemd: Package only built component units Account for all `with*` options causing their respective unit files to not be built, just like the current code `withCryptsetup` already does. This fixes build errors like the following: ``` missing /nix/store/5fafsfms64fn3ywv274ky7arhm9yq2if-systemd-250.4/example/systemd/system/systemd-importd.service error: builder for '/nix/store/67rdli5q5akzwmqgf8q0a1yp76jgr0px-system-units.drv' failed with exit code 1 ``` Found by using a customised systemd package as follows: ``` systemd.package = pkgs.systemd-small; nixpkgs.config.packageOverrides = pkgs: { "systemd-small" = pkgs.systemd.override { withImportd = false; withMachined = false; ... }; }; ``` --- nixos/modules/system/boot/systemd.nix | 17 ++++++++++++----- nixos/modules/system/boot/systemd/logind.nix | 3 +++ pkgs/os-specific/linux/systemd/default.nix | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 2c9ee9fc319f..679c5210a6b3 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -35,11 +35,11 @@ let "nss-lookup.target" "nss-user-lookup.target" "time-sync.target" - ] ++ (optionals cfg.package.withCryptsetup [ + ] ++ optionals cfg.package.withCryptsetup [ "cryptsetup.target" "cryptsetup-pre.target" "remote-cryptsetup.target" - ]) ++ [ + ] ++ [ "sigpwr.target" "timers.target" "paths.target" @@ -133,20 +133,27 @@ let # Slices / containers. "slices.target" + ] ++ optionals cfg.package.withImportd [ + "systemd-importd.service" + ] ++ optionals cfg.package.withMachined [ "machine.slice" "machines.target" - "systemd-importd.service" "systemd-machined.service" + ] ++ [ "systemd-nspawn@.service" # Misc. "systemd-sysctl.service" + ] ++ optionals cfg.package.withTimedated [ "dbus-org.freedesktop.timedate1.service" - "dbus-org.freedesktop.locale1.service" - "dbus-org.freedesktop.hostname1.service" "systemd-timedated.service" + ] ++ optionals cfg.package.withLocaled [ + "dbus-org.freedesktop.locale1.service" "systemd-localed.service" + ] ++ optionals cfg.package.withHostnamed [ + "dbus-org.freedesktop.hostname1.service" "systemd-hostnamed.service" + ] ++ [ "systemd-exit.service" "systemd-update-done.service" ] ++ cfg.additionalUpstreamSystemUnits; diff --git a/nixos/modules/system/boot/systemd/logind.nix b/nixos/modules/system/boot/systemd/logind.nix index c1e6cfe61d04..97ac588bce17 100644 --- a/nixos/modules/system/boot/systemd/logind.nix +++ b/nixos/modules/system/boot/systemd/logind.nix @@ -81,8 +81,11 @@ in "systemd-logind.service" "autovt@.service" "systemd-user-sessions.service" + ] ++ optionals config.systemd.package.withImportd [ "dbus-org.freedesktop.import1.service" + ] ++ optionals config.systemd.package.withMachined [ "dbus-org.freedesktop.machine1.service" + ] ++ [ "dbus-org.freedesktop.login1.service" "user@.service" "user-runtime-dir@.service" diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 9e914132ef22..7b0fd3b3509e 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -687,7 +687,7 @@ stdenv.mkDerivation { # runtime; otherwise we can't and we need to reboot. interfaceVersion = 2; - inherit withCryptsetup util-linux kmod kbd; + inherit withCryptsetup withHostnamed withImportd withLocaled withMachined withTimedated util-linux kmod kbd; tests = { inherit (nixosTests) switchTest; From 11eb2d295de1121432b35f8d2d9ede458ccdd677 Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Thu, 19 May 2022 11:10:47 +0300 Subject: [PATCH 06/19] =?UTF-8?q?yandex-disk:=200.1.6.1074=20=E2=86=92=200?= =?UTF-8?q?.1.6.1080?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/tools/filesystems/yandex-disk/default.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/filesystems/yandex-disk/default.nix b/pkgs/tools/filesystems/yandex-disk/default.nix index e837350abd6f..4b8de7402a62 100644 --- a/pkgs/tools/filesystems/yandex-disk/default.nix +++ b/pkgs/tools/filesystems/yandex-disk/default.nix @@ -4,21 +4,26 @@ let p = if stdenv.is64bit then { arch = "x86_64"; gcclib = "${stdenv.cc.cc.lib}/lib64"; - sha256 = "e4f579963199f05476657f0066beaa32d1261aef2203382f3919e1ed4bc4594e"; + sha256 = "sha256-HH/pLZmDr6m/B3e6MHafDGnNWR83oR2y1ijVMR/LOF0="; + webarchive = "20220519080155"; } else { arch = "i386"; gcclib = "${stdenv.cc.cc.lib}/lib"; - sha256 = "69113bf33ba0c57a363305b76361f2866c3b8394b173eed0f49db1f50bfe0373"; + sha256 = "sha256-28dmdnJf+qh9r3F0quwlYXB/UqcOzcHzuzFq8vt2bf0="; + webarchive = "20220519080430"; }; in stdenv.mkDerivation rec { pname = "yandex-disk"; - version = "0.1.6.1074"; + version = "0.1.6.1080"; src = fetchurl { - url = "https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm"; + urls = [ + "https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm" + "https://web.archive.org/web/${p.webarchive}/https://repo.yandex.ru/yandex-disk/rpm/stable/${p.arch}/${pname}-${version}-1.fedora.${p.arch}.rpm" + ]; sha256 = p.sha256; }; From b4c69d74eb4bde1def09f7e4da314b864962ed53 Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Sun, 6 Mar 2022 22:04:47 +0100 Subject: [PATCH 07/19] python3Packages.pulumi: init at 3.25.1 --- .../python-modules/pulumi/default.nix | 102 ++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 104 insertions(+) create mode 100644 pkgs/development/python-modules/pulumi/default.nix diff --git a/pkgs/development/python-modules/pulumi/default.nix b/pkgs/development/python-modules/pulumi/default.nix new file mode 100644 index 000000000000..3f1d5205f2c0 --- /dev/null +++ b/pkgs/development/python-modules/pulumi/default.nix @@ -0,0 +1,102 @@ +{ lib +, buildPythonPackage +, fetchpatch +, fetchFromGitHub +, protobuf +, dill +, grpcio +, pulumi-bin +, isPy27 +, semver +, pyyaml +, six + +# for tests +, tox +, go +, pulumictl +, bash +, pylint +, pytest +, pytest-timeout +, coverage +, black +, wheel +, pytest-asyncio + +, mypy +}: + +buildPythonPackage rec { + pname = "pulumi"; + version = pulumi.version; + disabled = isPy27; + + src = pulumi.src; + + patches = [ + # remove in next release + (fetchpatch { + url = "https://github.com/pulumi/pulumi/commit/d4b9d61d70972d22a344419fafc30aace58607f5.patch"; + sha256 = "HEF7VWunFO+NCG18fZA7lbE2l8pc6Z3jcD+rSZ1Jsqg="; + }) ]; + + # src = fetchFromGitHub { + # owner = "pulumi"; + # repo = "pulumi"; + # rev = "073e94a0b8b4ef0b1b856c63670a8dd88f6b6d02"; + # sha256 = "sha256-oyjQW/Z1NvsHpUwikX+bl1npfF4LESOua/o1qjqAgUs="; + # }; + + propagatedBuildInputs = [ + semver + protobuf + dill + grpcio + pyyaml + six + ]; + + checkInputs = [ + pulumi-bin + pulumictl + mypy + bash + go + tox + # pylint + pytest + pytest-timeout + coverage + pytest-asyncio + wheel + black + ]; + + pythonImportsCheck = ["pulumi"]; + + postPatch = '' + cp README.md sdk/python/lib + patchShebangs . + cd sdk/python/lib + substituteInPlace ../Makefile \ + --replace '$(shell cd ../../ && pulumictl get version)' '${pulumi-bin.version}' \ + --replace '$(shell cd ../../ && pulumictl get version --language python)' '${version}' + + substituteInPlace ../requirements.txt \ + --replace 'pylint==2.10.2' 'pylint>=2.10.2' + + substituteInPlace setup.py \ + --replace "{VERSION}" "${version}" + ''; + + # disabled because tests try to fetch go packages from the net + doCheck = false; + + meta = with lib; { + description = "Modern Infrastructure as Code. Any cloud, any language"; + homepage = "https://github.com/pulumi/pulumi"; + license = licenses.asl20; + maintainers = with maintainers; [ teto ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 0ed03be8d5e1..39083d2a46e9 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1103,6 +1103,8 @@ in { babelgladeextractor = callPackage ../development/python-modules/babelgladeextractor { }; + pulumi = callPackage ../development/python-modules/pulumi { }; + backcall = callPackage ../development/python-modules/backcall { }; backoff = callPackage ../development/python-modules/backoff { }; From 3510fba9b0b754525dad2be0c1c2e586d5326c71 Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Sun, 6 Mar 2022 22:05:17 +0100 Subject: [PATCH 08/19] python3Packages.pulumi-aws: init at 4.38.0 --- .../python-modules/pulumi-aws/default.nix | 44 +++++++++++++++++++ .../python-modules/pulumi/default.nix | 35 +++++---------- pkgs/top-level/python-packages.nix | 2 + 3 files changed, 57 insertions(+), 24 deletions(-) create mode 100644 pkgs/development/python-modules/pulumi-aws/default.nix diff --git a/pkgs/development/python-modules/pulumi-aws/default.nix b/pkgs/development/python-modules/pulumi-aws/default.nix new file mode 100644 index 000000000000..1b6eed0d31a6 --- /dev/null +++ b/pkgs/development/python-modules/pulumi-aws/default.nix @@ -0,0 +1,44 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, fetchpatch +, pulumi +, parver +, semver +, isPy27 +}: + +buildPythonPackage rec { + pname = "pulumi-aws"; + # version is independant of pulumi's. + version = "5.3.0"; + disabled = isPy27; + + src = fetchFromGitHub { + owner = "pulumi"; + repo = "pulumi-aws"; + rev = "v${version}"; + sha256 = "sha256-LrWiNYJeQQvXJDOxklRO86VSiaadvkOepQVPhh2BBkk="; + }; + + propagatedBuildInputs = [ + pulumi + parver + semver + ]; + + postPatch = '' + cd sdk/python + ''; + + # checks require cloud resources + doCheck = false; + pythonImportsCheck = ["pulumi_aws"]; + + meta = with lib; { + description = "Pulumi python amazon web services provider"; + homepage = "https://github.com/pulumi/pulumi-aws"; + license = licenses.asl20; + maintainers = with maintainers; [ costrouc ]; + }; +} diff --git a/pkgs/development/python-modules/pulumi/default.nix b/pkgs/development/python-modules/pulumi/default.nix index 3f1d5205f2c0..e38157c69071 100644 --- a/pkgs/development/python-modules/pulumi/default.nix +++ b/pkgs/development/python-modules/pulumi/default.nix @@ -11,6 +11,7 @@ , pyyaml , six + # for tests , tox , go @@ -26,27 +27,20 @@ , mypy }: - +let + data = import ./data.nix {}; +in buildPythonPackage rec { pname = "pulumi"; - version = pulumi.version; + version = pulumi-bin.version; disabled = isPy27; - src = pulumi.src; - - patches = [ - # remove in next release - (fetchpatch { - url = "https://github.com/pulumi/pulumi/commit/d4b9d61d70972d22a344419fafc30aace58607f5.patch"; - sha256 = "HEF7VWunFO+NCG18fZA7lbE2l8pc6Z3jcD+rSZ1Jsqg="; - }) ]; - - # src = fetchFromGitHub { - # owner = "pulumi"; - # repo = "pulumi"; - # rev = "073e94a0b8b4ef0b1b856c63670a8dd88f6b6d02"; - # sha256 = "sha256-oyjQW/Z1NvsHpUwikX+bl1npfF4LESOua/o1qjqAgUs="; - # }; + src = fetchFromGitHub { + owner = "pulumi"; + repo = "pulumi"; + rev = "v${pulumi-bin.version}"; + sha256 = "sha256-vqEZEHTpJV65a3leWwYhyi3dzAsN67BXOvk5hnTPeuI="; + }; propagatedBuildInputs = [ semver @@ -64,7 +58,6 @@ buildPythonPackage rec { bash go tox - # pylint pytest pytest-timeout coverage @@ -79,12 +72,6 @@ buildPythonPackage rec { cp README.md sdk/python/lib patchShebangs . cd sdk/python/lib - substituteInPlace ../Makefile \ - --replace '$(shell cd ../../ && pulumictl get version)' '${pulumi-bin.version}' \ - --replace '$(shell cd ../../ && pulumictl get version --language python)' '${version}' - - substituteInPlace ../requirements.txt \ - --replace 'pylint==2.10.2' 'pylint>=2.10.2' substituteInPlace setup.py \ --replace "{VERSION}" "${version}" diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 39083d2a46e9..8099eb468cd8 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -1105,6 +1105,8 @@ in { pulumi = callPackage ../development/python-modules/pulumi { }; + pulumi-aws = callPackage ../development/python-modules/pulumi-aws { }; + backcall = callPackage ../development/python-modules/backcall { }; backoff = callPackage ../development/python-modules/backoff { }; From 4c5591606cf09d33ef8420d16f9b45f6aa572c6a Mon Sep 17 00:00:00 2001 From: Emmanuel Rosa Date: Thu, 7 Apr 2022 11:07:34 -0400 Subject: [PATCH 09/19] sparrow: init at 1.6.4 --- .../blockchains/sparrow/default.nix | 232 ++++++++++++++++++ .../blockchains/sparrow/openimajgrabber.nix | 40 +++ pkgs/top-level/all-packages.nix | 4 + 3 files changed, 276 insertions(+) create mode 100644 pkgs/applications/blockchains/sparrow/default.nix create mode 100644 pkgs/applications/blockchains/sparrow/openimajgrabber.nix diff --git a/pkgs/applications/blockchains/sparrow/default.nix b/pkgs/applications/blockchains/sparrow/default.nix new file mode 100644 index 000000000000..662164a9f6f3 --- /dev/null +++ b/pkgs/applications/blockchains/sparrow/default.nix @@ -0,0 +1,232 @@ +{ stdenv +, lib +, makeWrapper +, fetchurl +, makeDesktopItem +, copyDesktopItems +, autoPatchelfHook +, openjdk17 +, gtk3 +, gsettings-desktop-schemas +, writeScript +, bash +, gnugrep +, tor +, zlib +, openimajgrabber +, hwi +, imagemagick +}: + +let + pname = "sparrow"; + version = "1.6.4"; + + src = fetchurl { + url = "https://github.com/sparrowwallet/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; + sha256 = "1wdibpbhv3g6qk42ddfc5vyqkkwprczy45w5wi115qg3g1rf1in7"; + }; + + launcher = writeScript "sparrow" '' + #! ${bash}/bin/bash + params=( + --module-path @out@/lib:@jdkModules@/modules + --add-opens javafx.graphics/com.sun.javafx.css=org.controlsfx.controls + --add-opens javafx.graphics/javafx.scene=org.controlsfx.controls + --add-opens javafx.controls/com.sun.javafx.scene.control.behavior=org.controlsfx.controls + --add-opens javafx.controls/com.sun.javafx.scene.control.inputmap=org.controlsfx.controls + --add-opens javafx.graphics/com.sun.javafx.scene.traversal=org.controlsfx.controls + --add-opens javafx.base/com.sun.javafx.event=org.controlsfx.controls + --add-opens javafx.controls/javafx.scene.control.cell=com.sparrowwallet.sparrow + --add-opens org.controlsfx.controls/impl.org.controlsfx.skin=com.sparrowwallet.sparrow + --add-opens org.controlsfx.controls/impl.org.controlsfx.skin=javafx.fxml + --add-opens javafx.graphics/com.sun.javafx.tk=centerdevice.nsmenufx + --add-opens javafx.graphics/com.sun.javafx.tk.quantum=centerdevice.nsmenufx + --add-opens javafx.graphics/com.sun.glass.ui=centerdevice.nsmenufx + --add-opens javafx.controls/com.sun.javafx.scene.control=centerdevice.nsmenufx + --add-opens javafx.graphics/com.sun.javafx.menu=centerdevice.nsmenufx + --add-opens javafx.graphics/com.sun.glass.ui=com.sparrowwallet.sparrow + --add-opens javafx.graphics/com.sun.javafx.application=com.sparrowwallet.sparrow + --add-opens java.base/java.net=com.sparrowwallet.sparrow + --add-opens java.base/java.io=com.google.gson + --add-reads com.sparrowwallet.merged.module=java.desktop + --add-reads com.sparrowwallet.merged.module=java.sql + --add-reads com.sparrowwallet.merged.module=com.sparrowwallet.sparrow + --add-reads com.sparrowwallet.merged.module=logback.classic + --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.databind + --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.annotation + --add-reads com.sparrowwallet.merged.module=com.fasterxml.jackson.core + --add-reads com.sparrowwallet.merged.module=co.nstant.in.cbor + -m com.sparrowwallet.sparrow + ) + + XDG_DATA_DIRS=${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}:${gtk3}/share/gsettings-schemas/${gtk3.name}:$XDG_DATA_DIRS ${openjdk17}/bin/java ''${params[@]} $@ + ''; + + torWrapper = writeScript "tor-wrapper" '' + #! ${bash}/bin/bash + + exec ${tor}/bin/tor "$@" + ''; + + jdk-modules = stdenv.mkDerivation { + name = "jdk-modules"; + nativeBuildInputs = [ openjdk17 ]; + dontUnpack = true; + + buildPhase = '' + # Extract the JDK's JIMAGE and generate a list of modules. + mkdir modules + pushd modules + jimage extract ${openjdk17}/lib/openjdk/lib/modules + ls | xargs -d " " -- echo > ../manifest.txt + popd + ''; + + installPhase = '' + mkdir -p $out + cp manifest.txt $out/ + cp -r modules/ $out/ + ''; + }; + + sparrow-modules = stdenv.mkDerivation { + pname = "sparrow-modules"; + inherit version src; + nativeBuildInputs = [ makeWrapper gnugrep openjdk17 autoPatchelfHook stdenv.cc.cc.lib zlib ]; + + buildPhase = '' + # Extract Sparrow's JIMAGE and generate a list of them. + mkdir modules + pushd modules + jimage extract ../lib/runtime/lib/modules + + # Delete JDK modules + cat ${jdk-modules}/manifest.txt | xargs -I {} -- rm -fR {} + + # Delete unneeded native libs. + + rm -fR com.sparrowwallet.merged.module/com/sun/jna/freebsd-x86-64 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/freebsd-x86 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-aarch64 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-arm + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-armel + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-mips64el + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-ppc + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-ppc64le + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-s390x + rm -fR com.sparrowwallet.merged.module/com/sun/jna/linux-x86 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/openbsd-x86-64 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/openbsd-x86 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-sparc + rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-sparcv9 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-x86-64 + rm -fR com.sparrowwallet.merged.module/com/sun/jna/sunos-x86 + rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_armel + rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_armhf + rm -fR com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x86 + rm com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x64/OpenIMAJGrabber.so + rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_arm32_armel + rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_armel + rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_armhf + rm -fR com.nativelibs4java.bridj/org/bridj/lib/linux_x86 + rm -fR com.nativelibs4java.bridj/org/bridj/lib/sunos_x64 + rm -fR com.nativelibs4java.bridj/org/bridj/lib/sunos_x86 + rm -fR com.sparrowwallet.merged.module/linux-aarch64 + rm -fR com.sparrowwallet.merged.module/linux-arm + rm -fR com.sparrowwallet.merged.module/linux-x86 + rm com.sparrowwallet.sparrow/native/linux/x64/hwi + + ls | xargs -d " " -- echo > ../manifest.txt + find . | grep "\.so$" | xargs -- chmod ugo+x + popd + + # Replace the embedded Tor binary (which is in a Tar archive) + # with one from Nixpkgs. + cp ${torWrapper} ./tor + tar -cJf tor.tar.xz tor + cp tor.tar.xz modules/netlayer.jpms/native/linux/x64/tor.tar.xz + ''; + + installPhase = '' + mkdir -p $out + cp manifest.txt $out/ + cp -r modules/ $out/ + ln -s ${openimajgrabber}/lib/OpenIMAJGrabber.so $out/modules/com.github.sarxos.webcam.capture/com/github/sarxos/webcam/ds/buildin/lib/linux_x64/OpenIMAJGrabber.so + ln -s ${hwi}/bin/hwi $out/modules/com.sparrowwallet.sparrow/native/linux/x64/hwi + ''; + }; + + # To use the udev rules for connected hardware wallets, + # add "pkgs.sparrow" to "services.udev.packages" and add user accounts to the user group "plugdev". + udev-rules = stdenv.mkDerivation { + name = "sparrow-udev"; + + src = let version = "2.0.2"; in + fetchurl { + url = "https://github.com/bitcoin-core/HWI/releases/download/${version}/hwi-${version}.tar.gz"; + sha256 = "sha256-di1fRsMbwpHcBFNTCVivfxpwhUoUKLA3YTnJxKq/jHM="; + }; + + installPhase = '' + mkdir -p $out/etc/udev/rules.d + cp -a hwilib/udev/* $out/etc/udev/rules.d + rm $out/etc/udev/rules.d/README.md + ''; + }; +in +stdenv.mkDerivation rec { + inherit pname version src; + nativeBuildInputs = [ makeWrapper copyDesktopItems ]; + + desktopItems = [ + (makeDesktopItem { + name = "Sparrow"; + exec = pname; + icon = pname; + desktopName = "Sparrow Bitcoin Wallet"; + genericName = "Bitcoin Wallet"; + categories = [ "Finance" ]; + }) + ]; + + sparrow-icons = stdenv.mkDerivation { + inherit version src; + pname = "sparrow-icons"; + nativeBuildInputs = [ imagemagick ]; + + installPhase = '' + for n in 16 24 32 48 64 96 128 256; do + size=$n"x"$n + mkdir -p $out/hicolor/$size/apps + convert lib/Sparrow.png -resize $size $out/hicolor/$size/apps/sparrow.png + done; + ''; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin $out + ln -s ${sparrow-modules}/modules $out/lib + install -D -m 777 ${launcher} $out/bin/sparrow + substituteAllInPlace $out/bin/sparrow + substituteInPlace $out/bin/sparrow --subst-var-by jdkModules ${jdk-modules} + + mkdir -p $out/share/icons + ln -s ${sparrow-icons}/hicolor $out/share/icons + + mkdir -p $out/etc/udev + ln -s ${udev-rules}/etc/udev/rules.d $out/etc/udev/rules.d + + runHook postInstall + ''; + + meta = with lib; { + description = "A modern desktop Bitcoin wallet application supporting most hardware wallets and built on common standards such as PSBT, with an emphasis on transparency and usability."; + homepage = "https://sparrowwallet.com"; + license = licenses.asl20; + maintainers = with maintainers; [ emmanuelrosa _1000101 ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/applications/blockchains/sparrow/openimajgrabber.nix b/pkgs/applications/blockchains/sparrow/openimajgrabber.nix new file mode 100644 index 000000000000..0bf642d49d1c --- /dev/null +++ b/pkgs/applications/blockchains/sparrow/openimajgrabber.nix @@ -0,0 +1,40 @@ +{ stdenv +, lib +, fetchFromGitHub +, libv4l +}: +stdenv.mkDerivation rec { + pname = "openimajgrabber"; + version = "1.3.10"; + + src = fetchFromGitHub { + owner = "openimaj"; + repo = "openimaj"; + rev = "openimaj-${version}"; + sha256 = "sha256-Y8707ovE7f6Fk3cJ+PtwvzNpopgH5vlF55m2Xm4hjYM="; + }; + + buildInputs = [ libv4l ]; + + # These build instructions come from build.sh + buildPhase = '' + pushd hardware/core-video-capture/src-native/linux + g++ -fPIC -g -c OpenIMAJGrabber.cpp + g++ -fPIC -g -c capture.cpp + g++ -shared -Wl,-soname,OpenIMAJGrabber.so -o OpenIMAJGrabber.so OpenIMAJGrabber.o capture.o -lv4l2 -lrt -lv4lconvert + popd + ''; + + installPhase = '' + mkdir -p $out/lib + cp hardware/core-video-capture/src-native/linux/OpenIMAJGrabber.so $out/lib + ''; + + meta = with lib; { + description = "A collection of libraries and tools for multimedia (images, text, video, audio, etc.) content analysis and content generation. This package only builds the OpenIMAJGrabber for Linux."; + homepage = "http://www.openimaj.org"; + license = licenses.bsd0; + maintainers = with maintainers; [ emmanuelrosa _1000101 ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9d0f42e685fa..cd94274fd12a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10454,6 +10454,10 @@ with pkgs; sozu = callPackage ../servers/sozu { }; + sparrow = callPackage ../applications/blockchains/sparrow { + openimajgrabber = callPackage ../applications/blockchains/sparrow/openimajgrabber.nix {}; + }; + sparsehash = callPackage ../development/libraries/sparsehash { }; spectre-meltdown-checker = callPackage ../tools/security/spectre-meltdown-checker { }; From 125b803e446851520a1a866cb6a657b493973673 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Sun, 22 May 2022 01:40:27 +0100 Subject: [PATCH 10/19] gecode_6: add patch fixing clang build --- pkgs/development/libraries/gecode/default.nix | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/gecode/default.nix b/pkgs/development/libraries/gecode/default.nix index fc9835d85db5..fe13c893480c 100644 --- a/pkgs/development/libraries/gecode/default.nix +++ b/pkgs/development/libraries/gecode/default.nix @@ -1,4 +1,15 @@ -{ lib, stdenv, fetchFromGitHub, bison, flex, perl, gmp, mpfr, enableGist ? true, qtbase }: +{ lib +, stdenv +, fetchFromGitHub +, fetchpatch +, bison +, flex +, perl +, gmp +, mpfr +, qtbase +, enableGist ? true +}: stdenv.mkDerivation rec { pname = "gecode"; @@ -11,6 +22,15 @@ stdenv.mkDerivation rec { sha256 = "0b1cq0c810j1xr2x9y9996p894571sdxng5h74py17c6nr8c6dmk"; }; + patches = [ + # https://github.com/Gecode/gecode/pull/74 + (fetchpatch { + name = "fix-const-weights-clang.patch"; + url = "https://github.com/Gecode/gecode/commit/c810c96b1ce5d3692e93439f76c4fa7d3daf9fbb.patch"; + sha256 = "0270msm22q5g5sqbdh8kmrihlxnnxqrxszk9a49hdxd72736p4fc"; + }) + ]; + enableParallelBuilding = true; dontWrapQtApps = true; nativeBuildInputs = [ bison flex ]; From 6e17b6945c7224b73f21ec0f390120ba3432978d Mon Sep 17 00:00:00 2001 From: Guillaume Girol Date: Sun, 22 May 2022 12:00:00 +0000 Subject: [PATCH 11/19] scantailor-advanced: fix build with qt5.15 by switching to a maintained fork https://github.com/4lex4/scantailor-advanced/issues/170#issuecomment-1030857156 --- pkgs/applications/graphics/scantailor/advanced.nix | 10 +++++----- pkgs/top-level/all-packages.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/graphics/scantailor/advanced.nix b/pkgs/applications/graphics/scantailor/advanced.nix index 048b8b56fc08..11ddc7c7db3f 100644 --- a/pkgs/applications/graphics/scantailor/advanced.nix +++ b/pkgs/applications/graphics/scantailor/advanced.nix @@ -4,21 +4,21 @@ mkDerivation rec { pname = "scantailor-advanced"; - version = "1.0.16"; + version = "1.0.18"; src = fetchFromGitHub { - owner = "4lex4"; + owner = "vigri"; repo = "scantailor-advanced"; rev = "v${version}"; - sha256 = "0lc9lzbpiy5hgimyhl4s4q67pb9gacpy985gl6iy8pl79zxhmcyp"; + sha256 = "sha256-4/QSjgHvRgIduS/AXbT7osRTdOdgR7On3CbjRnGbwHU="; }; nativeBuildInputs = [ cmake qttools ]; buildInputs = [ libjpeg libpng libtiff boost qtbase ]; meta = with lib; { - homepage = "https://github.com/4lex4/scantailor-advanced"; - description = "Interactive post-processing tool for scanned pages"; + homepage = "https://github.com/vigri/scantailor-advanced"; + description = "Interactive post-processing tool for scanned pages (vigri's fork)"; license = licenses.gpl3Plus; maintainers = with maintainers; [ jfrankenau ]; platforms = with platforms; gnu ++ linux ++ darwin; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f1f8a9d98780..f495954af480 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29408,7 +29408,7 @@ with pkgs; scantailor = callPackage ../applications/graphics/scantailor { }; - scantailor-advanced = libsForQt514.callPackage ../applications/graphics/scantailor/advanced.nix { }; + scantailor-advanced = libsForQt515.callPackage ../applications/graphics/scantailor/advanced.nix { }; sc-im = callPackage ../applications/misc/sc-im { }; From e381b64026110f81fd0777bba61619feeb2a0508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 22 May 2022 20:33:25 +0000 Subject: [PATCH 12/19] python3Packages.pytile: does not depend on pylint --- pkgs/development/python-modules/pytile/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/development/python-modules/pytile/default.nix b/pkgs/development/python-modules/pytile/default.nix index a94201b037d4..b64418226d06 100644 --- a/pkgs/development/python-modules/pytile/default.nix +++ b/pkgs/development/python-modules/pytile/default.nix @@ -4,7 +4,6 @@ , buildPythonPackage , fetchFromGitHub , poetry-core -, pylint , pytest-aiohttp , pytest-asyncio , pytestCheckHook @@ -31,7 +30,6 @@ buildPythonPackage rec { propagatedBuildInputs = [ aiohttp - pylint ]; checkInputs = [ From efd3568e0269a2d816c81dbca79170b8a4b694ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 22 May 2022 20:37:36 +0000 Subject: [PATCH 13/19] python3Packages.lektor: does not depend on pytest-pylint --- pkgs/development/python-modules/lektor/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/development/python-modules/lektor/default.nix b/pkgs/development/python-modules/lektor/default.nix index 4688b7394cc3..0c0c5c108a46 100644 --- a/pkgs/development/python-modules/lektor/default.nix +++ b/pkgs/development/python-modules/lektor/default.nix @@ -62,7 +62,6 @@ buildPythonPackage rec { checkInputs = [ pytest-click pytest-mock - pytest-pylint pytestCheckHook ]; From b048539afb23542dd33768604c5935a60a7926ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 22 May 2022 20:47:13 +0000 Subject: [PATCH 14/19] python3Packages.pamqp: run tests --- .../python-modules/pamqp/default.nix | 42 +++++++++++++------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/pkgs/development/python-modules/pamqp/default.nix b/pkgs/development/python-modules/pamqp/default.nix index 1785a8593102..a367a180807d 100644 --- a/pkgs/development/python-modules/pamqp/default.nix +++ b/pkgs/development/python-modules/pamqp/default.nix @@ -1,28 +1,46 @@ { lib , buildPythonPackage -, fetchPypi -, mock -, nose -, pep8 -, pylint -, mccabe +, pythonOlder +, fetchFromGitHub +, pytestCheckHook }: buildPythonPackage rec { version = "3.1.0"; pname = "pamqp"; - src = fetchPypi { - inherit pname version; - sha256 = "e4f0886d72c6166637a5513626148bf5a7e818073a558980e9aaed8b4ccf30da"; + disabled = pythonOlder "3.7"; + + format = "setuptools"; + + src = fetchFromGitHub { + owner = "gmr"; + repo = "pamqp"; + rev = version; + hash = "sha256-qiYfQsyYvG6pyRFDt3pyYKNNWNP88maj+VAeGD68OmY="; }; - buildInputs = [ mock nose pep8 pylint mccabe ]; + checkInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "pamqp.base" + "pamqp.body" + "pamqp.commands" + "pamqp.common" + "pamqp.decode" + "pamqp.encode" + "pamqp.exceptions" + "pamqp.frame" + "pamqp.header" + "pamqp.heartbeat" + ]; meta = with lib; { description = "RabbitMQ Focused AMQP low-level library"; - homepage = "https://pypi.python.org/pypi/pamqp"; + homepage = "https://github.com/gmr/pamqp"; license = licenses.bsd3; + maintainers = with maintainers; [ dotlambda ]; }; - } From 1b815c86c1fd62732c342d5901c9a7b2c0c99579 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Sun, 22 May 2022 20:58:11 +0000 Subject: [PATCH 15/19] home-assistant: don't run pylint tests --- pkgs/servers/home-assistant/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index ff5c69b04fb8..b23b9bc32520 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -282,9 +282,6 @@ in python.pkgs.buildPythonApplication rec { respx stdlib-list tqdm - # required by tests/pylint - astroid - pylint # required by tests/auth/mfa_modules pyotp ] ++ lib.concatMap (component: getPackages component python.pkgs) [ @@ -308,6 +305,8 @@ in python.pkgs.buildPythonApplication rec { ]; disabledTestPaths = [ + # we don't care about code quality + "tests/pylint" # don't bulk test all components "tests/components" # pyotp since v2.4.0 complains about the short mock keys, hass pins v2.3.0 From 93fe6c89c87ceb1aed4454d5dbd227f13bf5e281 Mon Sep 17 00:00:00 2001 From: Brian Leung Date: Sun, 22 May 2022 20:10:10 -0700 Subject: [PATCH 16/19] isync: set mainProgram --- pkgs/tools/networking/isync/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/tools/networking/isync/default.nix b/pkgs/tools/networking/isync/default.nix index e26526dc68d5..8e21ccee1084 100644 --- a/pkgs/tools/networking/isync/default.nix +++ b/pkgs/tools/networking/isync/default.nix @@ -29,5 +29,6 @@ stdenv.mkDerivation rec { license = licenses.gpl2Plus; platforms = platforms.unix; maintainers = with maintainers; [ primeos lheckemann ]; + mainProgram = "mbsync"; }; } From 5463b86d03d456c1d2496a09c6e9f82c9bd66c87 Mon Sep 17 00:00:00 2001 From: Jared Baur <45740526+jmbaur@users.noreply.github.com> Date: Sun, 22 May 2022 22:13:39 -0700 Subject: [PATCH 17/19] nixos/users: Fix typo --- nixos/modules/config/users-groups.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index b0f96c754fa5..9b0b4935b988 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -48,7 +48,7 @@ let services such as SSH, or indirectly via su or sudo). This should only be used for e.g. bootable live systems. Note: this is different from setting an empty password, - which ca be achieved using . + which can be achieved using . If set to null (default) this user will not be able to log in using a password (i.e. via login From 572ff94f55b8dc9ee230212df72c2d40beefc73e Mon Sep 17 00:00:00 2001 From: Federico Beffa Date: Sat, 21 May 2022 14:18:10 +0200 Subject: [PATCH 18/19] nixos/users-group: make homeMode respect is_dry and create home directly with right permissions --- nixos/modules/config/update-users-groups.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index 6ceb668a595e..5a21cb45d52b 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -223,8 +223,8 @@ foreach my $u (@{$spec->{users}}) { } # Ensure home directory incl. ownership and permissions. - if ($u->{createHome}) { - make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry; + if ($u->{createHome} and !$is_dry) { + make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home}; chmod oct($u->{homeMode}), $u->{home}; } From fa2393f03111219bf855ca325ac486ad971103bc Mon Sep 17 00:00:00 2001 From: Matthieu Coudron Date: Wed, 20 Apr 2022 00:44:41 +0200 Subject: [PATCH 19/19] pulumi: update updater so that it can work even with an empty NIX_PATH --- pkgs/tools/admin/pulumi/update-pulumi-shell.nix | 8 ++++++++ pkgs/tools/admin/pulumi/update.sh | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 pkgs/tools/admin/pulumi/update-pulumi-shell.nix diff --git a/pkgs/tools/admin/pulumi/update-pulumi-shell.nix b/pkgs/tools/admin/pulumi/update-pulumi-shell.nix new file mode 100644 index 000000000000..cf69e640550d --- /dev/null +++ b/pkgs/tools/admin/pulumi/update-pulumi-shell.nix @@ -0,0 +1,8 @@ +{ nixpkgs ? import ../../../.. { } }: +with nixpkgs; +mkShell { + packages = [ + pkgs.gh + ]; +} + diff --git a/pkgs/tools/admin/pulumi/update.sh b/pkgs/tools/admin/pulumi/update.sh index fadc64cf1dfe..1097759c3bd6 100755 --- a/pkgs/tools/admin/pulumi/update.sh +++ b/pkgs/tools/admin/pulumi/update.sh @@ -1,5 +1,5 @@ #!/usr/bin/env nix-shell -#!nix-shell -i bash -p gh +#!nix-shell update-pulumi-shell.nix -i bash # shellcheck shell=bash # Bash 3 compatible for Darwin