The current `remotes` option is a string option containing nullmailer remote
definitions. However, those definitions may contain secret credentials and
should therefore not be put world-readable in the nix store.
I added a `remotesFile` option, which allows to specify a path to the remotes
definition file instead. This way, the definitions can be kept outside of the
nix store with more secure file permissions.
(cherry picked from commit e741cc4881)
Apparently gwrap will not compile with guile-2.2 [1], even though the
news for version 1.9.15 says it "allows" Guile 2.2 [2]:
> it will _not_ compile using 2.2
Furthermore, it seems like it isn't being developed anymore either [1]:
> Also note that g-wrap itself is not being further developed anymore,
> it is recommended for new projects to use Guile's dynamic FFI.
Also, guile-gnome-2.16.5 is apparently compatible with guile-2.2 [3],
but I'm not sure how they built it with guile-2.2 because gwrap 1.9.15
(latest release) apparently doesn't build with guile-2.2. (And certainly
when I try to build gwrap 1.9.15 with guile-2.2 it doesn't work. Maybe
it can be made to work with certain compile flags, but I haven't pursued
that further due to [1] anyway.) This is why guile-gnome is still on
2.16.4 here. Because, although 2.16.5 can still (apparently) build with
guile-2.0.14, guile_2_0 is only at guile-2.0.13.
So to update guile-gnome to 2.16.5, guile_2_0 would first have to be
updated to 2.0.14.
[1]: http://lists.nongnu.org/archive/html/g-wrap-dev/2016-08/msg00001.html
[2]: http://www.nongnu.org/g-wrap/news.html
[3]: https://www.gnu.org/software/guile-gnome/news.html
(cherry picked from commit f1b7d0a54f)
This also upgrades the hsevm package from v0.6.4 to v0.8.5.
The project `dapp` which depends on hsevm was also updated to use the
new name, so I have also upgraded that package from version v0.5.3 to
v0.5.7.
I also added a `dontCheck` to a Hackage dependency because its test
suite depends on Git and runs a bunch of Git repository manipulations.
(cherry picked from commit 74edd2c5db)
building
Extracting Bazel installation...
Loading:
Analyzing: target //source/exe:envoy-static
ERROR: java.io.IOException: Could not read the crosstool configuration file 'CROSSTOOL file /tmp/nix-build-envoy-1.3.0.drv-0/envoy-v1.3.0-src/.home/.cache/bazel/_bazel_nixbld1/cbe181aaebf3d7253cbcf6057028e514/external/local_config_cc/CROSSTOOL', because of a parser error (945:1: Expected identifier. Found '%')
INFO: Elapsed time: 3.065s
FAILED: Build did NOT complete successfully
builder for ‘/nix/store/09wh9hd81529pgr3ddwfw68higfzkfgr-envoy-1.3.0.drv’ failed with exit code 2
error: build of ‘/nix/store/09wh9hd81529pgr3ddwfw68higfzkfgr-envoy-1.3.0.drv’ failed
(cherry picked from commit 49a060ea1f)
Still does not succeed but advances further
(cherry picked from commit 30d09f717aa94a78105bff22da548b904887b394)
(cherry picked from commit d05b0b6b70)
The build provides as text a summary of the build, including the
absolute path of the compiler used for compilation. Unfortunately, this
pulls in stdenv.cc as a transitive closure.
So this change just calls remove-references-to as a postInstall step for
the one stdenv.cc dependency.
See #29889 for details.
(cherry picked from commit 405c7f9e437a89bbebc3e2663e8fcc74e69783d6)
Consul is a service you typically want to have running all the time;
it's not supposed to quit by itself.
(cherry picked from commit f4c53f1940)
Closes#29861.
We now wait for dhcpcd to acquire a lease but dhcpcd is restarted on
system activation. As wpa_supplicant is stopped while dhcpcd is
restarting a significant delay is introduced on systems with wireless
network connections only. This changes the wpa_supplicant service to
also be restarted together with dhcpcd in case both services were
changed.
(cherry picked from commit 725dee203a)
This reverts commit 0c81594a29.
It's no longer needed since systemd-vconsole-setup enumerates all ttys
until it finds a suitable one since systemd v234.
(cherry picked from commit 4a2442032e)
The current version is broken:
- there's no `openFirewall` attribute directly in the `cfg` set
- the `port` option is an attribute of the `confOptions` set
I used the proper attribute for the firewall port and moved the `openFirewall`
option directly up to the `services.znc` set, as it's rather a general option
for the whole service than a znc-specific option (which are located inside the
`confOptions` set).
Unfortunately wlc 0.0.10 seems to be the cause for segfaults on sway,
way-cooler and orbment.
This will also build wlc with all optional packages (i.e. zlib,
valgrind and doxygen).
(cherry picked from commit 2d640b9d6e)
* Grants enough privileges to the configured user so that it can run
mysqldump.
* Adds a nixos test.
* Use systemd timers instead of a cronjob (by @fadenb).
* Creates a new user for backups by default, instead of using mysql
user.
* Ensures that backup user has write permissions on backup location.
* Write backup to a temporary file before renaming so that a failed
backup won't overwrite the previous backup, and so that the backup
location will never contain a partial backup.
Breaking changes:
* Renamed period to calendar to reflect the change in how to
configure the backup time.
* A failed backup will no longer result in cron sending an e-mail --
users' monitoring systems must be updated.
Resolves#24728
(cherry picked from commit 56eba66f77)
tinc can figure this out based on DeviceType.
I also got `/dev/net/tun FD in bad state` after a particular upgrade.
(cherry picked from commit ad8cb0917f)
While it's annoying to pollute the user database with a lot of nixbld*
users, 10 users is really too low for many modern systems.
(cherry picked from commit 79d547b4bb)
* openjdk 8: code cleanup
as recommended by 0xABAB in #27194
* openjdk 9: init at ea build 176
this starts with copy of 8.nix and just updates hashes and replaces 8
with 9. it also tweaks the version handling because we aren't dealing
with an update version yet.
* openjdk 9: adapt patches from openjdk 8
fix-java-home: surrounding code changed slightly
swing-use-gtk-jdk9: location of the file being patched changed due to
modularization
read-truststore-from-env: the code that handles the trustStore was
refactored out into a helper class in upstream commit
http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/904861872c0e
adlc_updater: this isn't present anymore
* openjdk 9: make two more warnings-as-errors non-fatal
this requires that we switch to configureFlagsArray to deal with
whitespace
the errors being suppressed are show below:
* For target support_native_java.desktop_libawt_xawt_awt_Robot.o:
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/jdk/src/java.desktop/unix/native/libawt_xawt/awt/awt_Robot.c: In function 'isXCompositeDisplay':
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/jdk/src/java.desktop/unix/native/libawt_xawt/awt/awt_Robot.c:152:50: error: embedded '\0' in format
[-Werror=format-contains-nul]
snprintf(NET_WM_CM_Sn, sizeof(NET_WM_CM_Sn), "_NET_WM_CM_S%d\0", screenNumber);
^
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/jdk/src/java.desktop/unix/native/libawt_xawt/awt/awt_Robot.c:152:50: error: embedded '\0' in format
[-Werror=format-contains-nul]
cc1: all warnings being treated as errors
* For target support_native_jdk.hotspot.agent_libsa_ps_core.o:
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/hotspot/src/jdk.hotspot.agent/linux/native/libsaproc/ps_core.c: In function 'read_exec_segments':
/tmp/nix-build-openjdk-9ea-b176.drv-0/jdk9-jdk-9+176/hotspot/src/jdk.hotspot.agent/linux/native/libsaproc/ps_core.c:834:7: error: ignoring return value of 'pread', declared
with attribute warn_unused_result [-Werror=unused-result]
pread(ph->core->exec_fd, interp_name, exec_php->p_filesz, exec_php->p_offset);
^
cc1: all warnings being treated as errors
* openjdk 9: ea+176 -> ea+180
* openjdk 9: TODO disable infinality patches, at least to start
the code being patched here seems to have changed substantially or
perhaps even disappeared altogether. need to investigate whether
these patches are still relevant.
* openjdk 9: update installPhase for modularization
* separate jdk and jre images are now present under build/*/images
* samples have been removed (JEP 298)
-- TODO that JEP says demos will be gone too, but it seems some are still present?
* bina directory is no longer present
* openjdk 9: TODO handle *.pf files or purge this code completely
* openjdk 9: update minimal jre components
in particular, the name of the config option for headless has changed,
per https://bugs.openjdk.java.net/browse/JDK-8163102
* TODO about echo -n vs printWords, #27427
(cherry picked from commit 02fe1207ab)
Spamassassin expects its system-wide configuration at /etc/spamassassin, and
some user tools (like sa-learn) need to read those configuration files.
Therefore, we provide a symlink from /etc/spamassassin to the appropriate Nix
store path to make sure those tools work without the user having to pass an
elaborate --siteconfig path that, potentially, changes every time the system
updates.
Fixes https://github.com/NixOS/nixpkgs/issues/29414.
(cherry picked from commit bfab392e6e)
Storing the build configuration caused Firefox to retain a dependency
on gcc, glibc.dev and icu4c.dev.
This reduces the size of the firefox closure from 587 to 415 MiB.
(cherry picked from commit c03326445b)
This reduces the closure size of Emacs from 575 to 279 MiB. Dumping
Emacs had a chance of leaking parts of the environment (such as $PATH)
into the dumped executable. This hopefully fixes it. (It's a bit hard
to tell since the effect is not deterministic.)
(cherry picked from commit cf599d3f99)
In particular, this moves share/kf5 to the "out" output. This prevents
kdelibs4support from pulling kdoctools.dev into its closure (via
share/kf5/kdoctools/customization/dtd/kdex.dtd, which references
${kdoctools}/share/kf5).
This reduces the closure size of kdelibs4support by 156 MiB.
(cherry picked from commit b790a31204)
While the last wlc upgrade (05d79c03ec)
makes it possible to build sway 0.14.0 it also breaks the current build
of sway 0.13.0.
Unfortunately sway 0.14.0 segfaults on launch and I couldn't fix it yet
(there are multiple upstream issues as well). I'll overwrite the wlc
version for sway in order to have a usable version in nixpkgs for the
meantime.
(cherry picked from commit 676f5cb02c)
The code was a bit messy (unused parameters, etc.) and caused some
warnings/errors which could potentially cause some problems.
(cherry picked from commit 4b85b23534)
Oracle JDK 9 does not seems to contain jre directory, so oraclejre9
package now uses a dedicated archive file.
There is no 32-bit version nor arm version (yet). If Oracle releases
them, I will update the package.
(cherry picked from commit 692fcd9f53)
oslo-service:
needs to disable tests due to network errors when importing eventlet
for tests ( socket.getprotobyname('tcp') -> no such protocol )
eventlet: 0.17.4 -> 0.20.0
cannot update to 0.21.0 due to version pinning ( < 0.21.0 ) of oslo-service
monotonic: 0.4 -> 1.3
oslo-serialization: 1.10.0 -> 2.20.0
oslo-utils: 2.6.0 -> 3.29.0
oslo-concurrency: 2.7.0 -> 3.22.0
oslo-log: 1.12.1 -> 3.31.0
oslo-context: 0.7.0 -> 2.18.1
routes: 1.12.3 -> 2.4.1
webob: 1.4.1 -> 1.7.3
when updating i rewrote the package to use fetchPypi for making future
updating easier
(cherry picked from commit 78621e384c)
also updated the following dependencies:
keystoneauth1: 3.1.0 -> 3.2.0
disabled tests which require oslo-config, oslo-test or requests-kerberos
oslo-i18n: 2.7.0 -> 3.18.0
oslotest: 1.12.0 -> 2.18.0
os-client-config: 1.8.1 -> 1.28.0
needed to disable testing due to circular dependency with oslotest
mox3: 0.11.0 -> 0.23.0
disable tests for py36 due to upstream bug
debtcollector: 0.9.0 -> 1.17.0
tests enabled
extra packages:
requestsexceptions: init at 1.3.0
(cherry picked from commit 7251699081)
Add testssl.sh which is a nice utility for testing TLS/SSL
capabilities of servers without having to use any kind of
web-service. It's very useful for testing setups of services before
deployment and such.
(cherry picked from commit 02d9d40d99)
Currently, the contents closure is copied to the layer but there is no
nix database initialization. If pkgs.nix is added in the contents,
nix-store doesn't work because there is no nix database.
From the contents of the layer, this commit generates and loads the
database in the nix store of the container. This only works if there
is no parent layer that already have a nix store (to support several
nix layers, we would have to merge nix databases of parent layers).
We also add an example to play with the nix store inside the
container. Note it seems `more` is a missing dependency of the nix
package!
(cherry picked from commit df589a438e)
The openldap dependency is only used for the audisp z/OS plugin.
This is not useful on Linux, so always disable this.
(cherry picked from commit 49fc06ed0a)
Multiprocess tabs always crash, as first reported by the issue mentioned
below. It is now consistently reproducible both on NixOS and non-NixOS
for me, so I've decided to add a toggle to conveniently disable
multiprocess support as a work-around.
Closes https://github.com/NixOS/nixpkgs/issues/27759 but does
not really fix the underlying problem ...
(cherry picked from commit 69e3817eb6)
Systemd is complaining that it can't delay the startup of device units.
We have a before dependency on the respective device unit for every
netdev service, which doesn't make any sense because we create the
actual interface in this service.
(cherry picked from commit 13a110e696)
Previously, depending on the environment and the type of interface that
was created, the configured IPs of an interface wouldn't be applied on a
nixos-rebuild switch. It works after a reboot.
This patch ensures that the network-addresses service is started
either via the network-link service or if the networking target is
activated (i.e. on system activation).
Fixes#28474#16230.
(cherry picked from commit 3a670daa98)
The program `qemu-img` is needed during creation of virtual machines
with qcow2 images. Otherwise creation of such VMs (e.g. with
virt-manager) are failing.
(cherry picked from commit 32e4e2c47b)
kbfs was not working with the lastest keybase update
(ef3cb5cc47).
We should enforce update of keybase/keybase-ui and kbfs (like done here:
f74a1e6bcb)
all together to avoid API problems.
(cherry picked from commit b50ae94ed3)
* gnome3: only maintain single GNOME 3 package set
GNOME 3 was split into 3.10 and 3.12 in #2694. Unfortunately, we barely have the resources
to update a single version of GNOME. Maintaining multiple versions just does not make sense.
Additionally, it makes viewing history using most Git tools bothersome.
This commit renames `pkgs/desktops/gnome-3/3.24` to `pkgs/desktops/gnome-3`, removes
the config variable for choosing packageset (`environment.gnome3.packageSet`), updates
the hint in maintainer script, and removes the `gnome3_24` derivation from `all-packages.nix`.
Closes: #29329
* maintainers/scripts/gnome: Use fixed GNOME 3 directory
Since we now allow only a single GNOME 3 package set, specifying
the working directory is not necessary.
This commit sets the directory to `pkgs/desktops/gnome-3`.
(cherry picked from commit 69698ec11c)
- add flannel support
- remove deprecated authorizationRBACSuperAdmin option
- rename from deprecated poratalNet to serviceClusterIpRange
- add nodeIp option for kubelet
- kubelet, add br_netfilter to kernelModules
- enable firewall by default
- enable dns by default on node and on master
- disable iptables for docker by default on nodes
- dns, restart on failure
- update tests
and other minor changes
(cherry picked from commit 7dfeac88ac)
The libcrypto patch didn't work well with `salt-ssh` (that code failed on
remote machines), so let's make Nix-based library lookup as fallback.
https://github.com/saltstack/salt/issues/43350
(cherry picked from commit a5b8c0c2de)
reading the code, it's hard to see how this test was *ever* supposed to
pass. interestingly, peeking across the fence, guix have disabled this test
too for the same reason.
note that tests don't actually run *at all* on py27 but that's a problem
for another day
(cherry picked from commit 9ca4f39b97)
Error is:
ERROR: In procedure %resolve-variable:
ERROR: Unbound variable: use-syntax
FAIL: sxml.ssax.scm
Also add pkg-config so that configure script can find libguile.
Relevant to #28643
(cherry picked from commit 913e770fa8)
1. The chmod 400 with the preset cookie prevented restarts, as
on the second boot it would fail to write to the cookie. Oops.
2. As far as I can tell, sasl logs were disabled because of the
following error:
{error,{cannot_log_to_tty,sasl_report_tty_h,not_installed}}
Not because we actually wanted to disable them. This meant the
management plugin wasn't usable due to a bug set to be fixed in
3.7.0.
(cherry picked from commit f3b9ac73e2)
Add another option for debugging instead. Lots of users have been
complaining about this default behaviour.
This patch also cleans up the EFI bootloader entries in the ISO.
(cherry picked from commit 3d040f9305)
TeXLive version is effectively identical anyway, and it caused an
unneccessary file name collision.
Fixes: #29671
(cherry picked from commit 8d001911db)
This has been broken nearly all the time due to the patches needed to
iproute2 not being compatible with the newer versions we have been
shipping. As long as Ubuntu does not manage to upstream these changes
so they are maintained with iproute2 and we don't have a maintainer
updating these patches to new iproute2 versions it is not feasible to
have this available.
(cherry picked from commit 08b09fdc5c)
This reverts commit 670b4e29ad. The change
added in this commit was controversial when it was originally suggested
in https://github.com/NixOS/nixpkgs/pull/29205. Then that PR was closed
and a new one opened, https://github.com/NixOS/nixpkgs/pull/29503,
effectively circumventing the review process. I don't agree with this
modification. Adding an option 'resolveLocalQueries' to tell the locally
running name server that it should resolve local DNS queries feels
outright nuts. I agree that the current state is unsatisfactory and that
it should be improved, but this is not the right way.
This option got introduced in 7904499542
and it didn't check whether mailUser and mailGroup are null, which they
are by default.
Now we're only creating the user if createMailUser is set in conjunction
with mailUser and the group if mailGroup is set as well.
I've added a NixOS VM test so that we can verify whether dovecot works
without any additional options set, so it serves as a regression test
for issue #29466 and other issues that might come up with future changes
to the Dovecot service.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #29466
Cc: @qknight, @abbradar, @ixmatus, @siddharthist, @peti
(cherry picked from commit 3ba2095a42)
We were using 'Combined Image JSON + Filesystem Changeset Format' [1] to
unpack and pack image and this patch switches to the format used by the registry.
We used the 'repository' file which is not generated by Skopeo when it
pulls an image. Moreover, all information of this file are also in the
manifest.json file.
We then use the manifest.json file instead of 'repository' file. Note
also the manifest.json file is required to push an image with Skopeo.
Fix#29636
[1] 749d90e10f/image/spec/v1.1.md (combined-image-json--filesystem-changeset-format)
(cherry picked from commit 35f205a4b6)
Ensure that modules required by all declared fileSystems are explicitly
loaded. A little ugly but fixes the deferred mount test.
See also https://github.com/NixOS/nixpkgs/issues/29019
(cherry picked from commit 1df6cf5d1d)
Add the `extraGitoliteRc` option to customize the `.gitolite.rc`
configuration file declaratively.
Resolves#29249.
(cherry picked from commit c73a3813fa)
* indentation, retab
* url handling for alternative version names
* handling for alt. download url format
* made unknown channel error non-fatal
(cherry picked from commit 14f2e0cd36)
Boot fails when a keyfile is configured for all encrypted filesystems
and no other luks devices are configured. This is because luks support is only
enabled in the initrd, when boot.initrd.luks.devices has entries. When a
fileystem has a keyfile configured though, it is setup by a custom
command, not by boot.initrd.luks.
This commit adds an internal config flag to enable luks support in the
initrd file, even if there are no luks devices configured.
(cherry picked from commit 2000fba561)
Currently the `rpc-gssd.service` has a `ConditionPathExists` clause that can
never be met, because it's looking for stateful data inside `/nix/store`.
`auth-rpcgss-module.service` also only starts if this file exists.
FixesNixOS/nixpkgs#29509.
(cherry picked from commit 98a2316166)
This includes fuse-common (fusePackages.fuse_3.common) as recommended by
upstream. But while fuse(2) and fuse3 would normally depend on
fuse-common we can't do that in nixpkgs while fuse-common is just
another output from the fuse3 multiple-output derivation (i.e. this
would result in a circular dependency). To avoid building fuse3 twice I
decided it would be best to copy the shared files (i.e. the ones
provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and
avoid collision warnings by defining priorities. Now it should be
possible to install an arbitrary combination of "fuse", "fuse3", and
"fuse-common" without getting any collision warnings. The end result
should be the same and all changes should be backwards compatible
(assuming that mount.fuse from fuse3 is backwards compatible as stated
by upstream [0] - if not this might break some /etc/fstab definitions
but that should be very unlikely).
My tests with sshfs (version 2 and 3) didn't show any problems.
See #28409 for some additional information.
[0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
(cherry picked from commit 351f5fc585)
This pervents the user from accidently commiting the key to the nix store.
If providing a path instead of a string.
(cherry picked from commit 8ed758696c)
The license of CompCert is not a generic "INRIA" license. It is "INRIA Non-Commercial
Agreement for the CompCert verified compiler". As unfortunate as it may seem, this
is a non-free license (clearly mentioned as such in its preamble). See also #20256.
(cherry picked from commit 8fde5790b4)
* First attempt at making elvish compile on darwin
* Fixed cyclic dependency on darwin
This fixes the "cycle detected in the references of" error when building
on darwin. The fix is based on the solution in issue #18131.
* Use version 0.10 and not 0.10.1, which is not officially released yet
(cherry picked from commit 8b8a2fd542)
It actually requires flake8-future-import but manages to download it
from the Internet when run outside the sandbox.
(cherry picked from commit 2c2cd34b54)
We cannot rely on wrapPythonPrograms to wrap the installed executables because
they are symlinks (which it ignores). Instead, we have to emulate it to make
the wrappers ourselves.
(cherry picked from commit 1e2ebee42a)
- Fix finding SDL (would previously fail unless gcc was in environment)
- Use ghostscript rather than xpdf for rendering as it has a slightly
smaller closure
- Fix broken link for reasoning behind name change
- Add self to maintainers
- Add reference to DejaVu fonts so it can always find the OSD fonts
- Install manpage into correct location
(cherry picked from commit 05101d32c0)
The getty@.service unit already has an ExecStart so we cannot simply set a new
one in order to override it or we will get this error:
systemd[1]: getty@tty1.service: Service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.
Instead "reset" ExecStart by setting it to empty which is the systemd way of
doing it.
(cherry picked from commit 6558f81bc9)
This depends ultimately on texlive which is a big build and depends on
lots of libraries which often get security updates. This triggers
mass rebuilds because systemd depends on gnutls which depends on
p11_kit.
This was introduced with 93d80f1951.
(cherry picked from commit 0a2c39e205)
properly also in case dhcpcd being used.
Without network-online.target, coturn will fail to listen on addresses that
come up with dhcpcd.
(cherry picked from commit a9f60224f8)
Previously services depending on network-online.target would wait until
dhcpcd times out if it was enabled and a static network address
configuration was used. Setting the default gateway statically is enough
for the networking to be considered online.
This also adjusts the relevant networking tests to wait for
network-online.target instead of just network.target.
(cherry picked from commit b179908414)
By default, awesome will use "devel" as a version name
(or `git describe`). This has led to awesome always
showing "devel" for its version.
Some extensions depend on version information to figure
out what features they can use.
This change overrides the version for the build from the
derivations' `version` attribute.
(cherry picked from commit 824b30a715)
If neither database.password or database.passwordFile were provided,
it would try and fail to coerce null to a string.
This fixes the situation where there is no password for the database.
Resolves#27950
(cherry picked from commit 6460e459de)
This does break the API of being able to import any lib file and get
its libs, however I'm not sure people did this.
I made this while exploring being able to swap out docFn with a stub
in #2305, to avoid functor performance problems. I don't know if that
is going to move forward (or if it is a problem or not,) but after
doing all this work figured I'd put it up anyway :)
Two notable advantages to this approach:
1. when a lib inherits another lib's functions, it doesn't
automatically get put in to the scope of lib
2. when a lib implements a new obscure functions, it doesn't
automatically get put in to the scope of lib
Using the test script (later in this commit) I got the following diff
on the API:
+ diff master fixed-lib
11764a11765,11766
> .types.defaultFunctor
> .types.defaultTypeMerge
11774a11777,11778
> .types.isOptionType
> .types.isType
11781a11786
> .types.mkOptionType
11788a11794
> .types.setType
11795a11802
> .types.types
This means that this commit _adds_ to the API, however I can't find a
way to fix these last remaining discrepancies. At least none are
_removed_.
Test script (run with nix-repl in the PATH):
#!/bin/sh
set -eux
repl() {
suff=${1:-}
echo "(import ./lib)$suff" \
| nix-repl 2>&1
}
attrs_to_check() {
repl "${1:-}" \
| tr ';' $'\n' \
| grep "\.\.\." \
| cut -d' ' -f2 \
| sed -e "s/^/${1:-}./" \
| sort
}
summ() {
repl "${1:-}" \
| tr ' ' $'\n' \
| sort \
| uniq
}
deep_summ() {
suff="${1:-}"
depth="${2:-4}"
depth=$((depth - 1))
summ "$suff"
for attr in $(attrs_to_check "$suff" | grep -v "types.types"); do
if [ $depth -eq 0 ]; then
summ "$attr" | sed -e "s/^/$attr./"
else
deep_summ "$attr" "$depth" | sed -e "s/^/$attr./"
fi
done
}
(
cd nixpkgs
#git add .
#git commit -m "Auto-commit, sorry" || true
git checkout fixed-lib
deep_summ > ../fixed-lib
git checkout master
deep_summ > ../master
)
if diff master fixed-lib; then
echo "SHALLOW MATCH!"
fi
(
cd nixpkgs
git checkout fixed-lib
repl .types
)
(cherry picked from commit 152c63c9ff)
This partially undoes the change from 8788bfe762.
The 'doBenchmark' name is more consistent with the naming scheme used for
other phases, like 'doCheck', 'doHaddock', etc.
(cherry picked from commit 33e34aa95b)
In the maintenance release bump in
90059701a8 a certain change to /test/ was
backported from Python 3:
- bpo-30207: To simplify backports from Python 3, the test.test_support
module was converted into a package and renamed to test.support. The
test.script_helper module was moved into the test.support package.
Names test.test_support and test.script_helper are left as aliases to
test.support and test.support.script_helper.
(cherry picked from commit 96d15eaddb)
The bzero-patch was merged upstream in
git-svn-id: svn://svn.valgrind.org/valgrind/trunk@16103, so it does no
longer apply.
Additionally - to make the build succeed on darwin systems more recent
than our nixpkgs.darwin.xnu kernel version - we need to teach the build
the version of the xnu headers we provide, instead of letting the build
figure out the actual system version using `uname -r`.
(cherry picked from commit c71fd76822)
(cherry picked from commit cab5d25d3081a6d13773264000a308a7e07938b8)
When the user specifies the networking.nameservers setting in the
configuration file, it must take precedence over automatically
derived settings.
The culprit was services.bind that made the resolver set to
127.0.0.1 and ignore the nameserver setting.
This patch adds a flag to services.bind to override the nameserver
to localhost. It defaults to true. Setting this to false prevents the
service.bind and dnsmasq.resolveLocalQueries settings from
overriding the users' settings.
Also, when the user specifies a domain to search, it must be set in
the resolver configuration, even if the user does not specify any
nameservers.
This will get propagated down to other libraries loaded because
everything in nixpkgs references CF based on an rpath entry.
(cherry picked from commit cc1bfbd9a7)
New features since version 3.2.0:
* G'MIC Plugin
* Touch Painting
* Smart Patch Tool
* New Brush Presets
The full release notes can be found at:
https://krita.org/en/release-notes-for-krita-3-2/
Version 3.2.1 contains these fixes:
* Crash on startup if only OpenGL 2.1 is found: if you had to disable
opengl for 3.2.0, you can try to enable it again
* A crash when changing layer types in the gmic-qt plugin
* A bug where gmic-qt could crash on odd-sized images
* A regression where using the text tool would break the brush tool
* The option to use the native platform's file dialogs was restored
* A bug where selecting the line tool would disable the flow slider
* Some issues with the LUT docker were fixed
Upstream release notes for 3.2.1:
https://krita.org/en/item/krita-3-2-1-released/
I've dropped the patch, because it was already from the upstream
development version and thus is also included in this release.
Built and tested using a few images and just playing around with a few
new features.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar, @Mic92, @kragniz
(cherry picked from commit 8180085733)
the systemd.unit(5) discussion of wantedBy and requiredBy is in the
[Install] section, and thus focused on stateful 'systemctl enable'.
so, clarify that in NixOS, wantedBy & requiredBy are still what most
users want, and not to be confused with enabled.
(cherry picked from commit cfbac1beb4)
remove sqlite-amalgamation and put it internal to the zandronum folder,
as it is only used by zandronum. Patches needed to avoid build impurities
and to get the correct protocol version to connect to public servers.
remove zandronum_bin as it is no longer needed
(cherry picked from commit 990ea8789d)
Remove an obsolete patch
Add lassulus to maintainers
Supply the build with the correct version number and changelog
(cherry picked from commit f4dfa30d24)
This avoids running out of space in space-constrained environments,
e.g. VMs with relatively small amounts of memory and tmp on tmpfs
(cherry picked from commit 77ce02201e)
- Update to version 3.24-2, released on 2017 Aug 3
- Remove versions for GNOME 3.22 and 3.20. The version for 3.24 should
work with them as well.
(cherry picked from commit 6319210b8a)
Update physlock to a more current version which supports PAM and
systemd-logind. Amongst others, this should work now with the slim
login manager without any additional configuration, because it does
not rely on the utmp mechanism anymore.
(cherry picked from commit ae87a30a83)
* prometheus-collectd-exporter service: init module
Supports JSON and binary (optional) protocol
of collectd.
* nixos/prometheus-collectd-exporter: submodule is not needed for collectdBinary
(cherry picked from commit 334e23d244)
There are currently two ways to build Openstack image. This just picks
best of both, to keep only one!
- Image is resizable
- Cloudinit is enable
- Password authentication is disable by default
- Use the same layer than other image builders (ec2, gce...)
(cherry picked from commit 3a377e26b2)
The section was strange to read, as the initial example already used
`listOf' which is mentioned in the very first paragraph. Then you read
in a subsection about `listOf' and the exact same example is given
once again.
(cherry picked from commit 4d101993bf)
tinc prior to 1.1 doesn't have the `tinc` executable,
and `tincd` isn't of any use while the daemon already runs.
(cherry picked from commit 8cea87c1eb)
In c0cf19608f the function
`aspellWithDicts` was introduced, that allows to build a derivation
consisting of aspell and specified dictionaries. In
96457d26dd a fix was included to properly
find the dictionaries.
Issue #29429 describes that, while the current method works for the
aspell binary, it does not in case of the API.
This commit rewrites the wrapper into a single derivation, create a
single tree of symbolic references to both the binary and the
dictionaries so that its possible to find the dictionaries with the API.
Furthermore, the binary is wrapped so it can still find the dictionaries
as well.
(cherry picked from commit 91f7042aa0)
Before this patch, a VM was used to spawn docker that pulled the
VM. Now, the tool Skopeo does this job well so we can simplify our
dockerTools since we doesn't need Docker anymore:)
This also fixe the regression described in
https://github.com/NixOS/nixpkgs/issues/29271 : cntlm proxy doesn't
work in 17.09 while it worked in 17.03.
Note Skopeo doesn't produce the same output than docker pull so, we
have to update sha.
(cherry picked from commit 01174c5f4d)
Signed-off-by: Domen Kožar <domen@dev.si>
The patch was removed during chromium update.
It won't build, but the error seems the same as before chromium update...
(cherry picked from commit 9a55f74e43)
For various reasons, big Nix attrsets look ugly in the generated manual
page[1]. Use literalExample to fix it.
[1] Quotes around attribute names are lost, newlines inside multi-line
strings are shown as '\n' and attrs written on multiple lines are joined
into one.
(cherry picked from commit 6b7a9376f1)
The command `oc cluster up` mainly runs code though Docker containers.
However, in pkg/bootstrap/docker/host/host.go, nsenter is used to run
some commands on the host. For this to work on NixOS, we need to provide
the absolute path to the required programs.
(cherry picked from commit a3dde7776b)
- Updated from 1.5.0 to 3.6.0 (this is just the next version, but Red
Hat did quite the version bump there)
- Added 'v' to the version; it is used by `oc cluster up` to determine
which image should be downloaded.
- Added myself as a maintainer.
(cherry picked from commit f8a72662cf)
`qtkeyring` can use `gnome-keyring`, but it needs some help to find it.
I have not enabled this by default because not everyone who uses this will want
to pull in GNOME dependencies.
(cherry picked from commit e828dcb5cd)
This is used to platform specific library and exectuable extensions. In
the next commit I'll replace a bunch of ad-hoc logic with it.
(cherry picked from commit 741839a687)
Commit 8537cf0f81
("CONTRIBUTING.md: suggest "nixos/<module>" prefix for NixOS changes")
only changed CONTRIBUTING.md file and forgot about the Nixpkgs manual.
(I didn't know this information was stored in two places.)
(cherry picked from commit 56a047c7a1)
To wait for the docker deamon, curl requests are sent. However, if a
http proxy is set, it will respond instead of the docker daemon.
To avoid this, we send docker ps command instead of curl command.
(cherry picked from commit 132e790735)
ftfy package was added for spaCy and is only used by spaCy.
This change downgrades its version to meet the bounds specified by
spaCy (>=4.4.2,<5.0.0).
Relevant to #28643.
(cherry picked from commit 566f5e9e8d)
It's broken on all versions of Python (I've tried 2.7, 3.4, 3.5, 3.6)
I think the root cause is that PyBrain is not working with numpy >= 1.12.0 as I reported here:
https://github.com/pybrain/pybrain/issues/217
(The relevant release notes may be found here):
https://docs.scipy.org/doc/numpy-1.12.0/release.html#compatibility-notes
The PyBrain github repo does not seem very active (last commit 18 months ago, last release 3 years),
so I have some doubts as to whether this will be fixed any time soon.
I suppose an alternative solution could be to reintroduce the explicit dependency to numpy 1.11. But,
this is not entirely trivial: in c9b4a2f319, the versions 1.10, 1.11, 1.12 were folded into a single version.
Also, the numpy dependency is not a direct one, but is implied via scipy
(cherry picked from commit 50d36558a4)
Continuation of #28053
gnome-disk-image-mounter from gnome-disk-utility was not wrapped, resulting in an
error due to the inability to find gsettings schemas.
This commit replaces the manual wrapping of gnome-disks binary with wrapGAppsHook
so that all binaries are wrapped correctly.
(cherry picked from commit b64f149ea9)
https://lists.gnu.org/archive/html/emacs-devel/2017-09/msg00211.html
> This is an emergency release to fix a security vulnerability in Emacs.
>
> Enriched Text mode has its support for decoding 'x-display' disabled.
> This feature allows saving 'display' properties as part of text.
> Emacs 'display' properties support evaluation of arbitrary Lisp forms
> as part of instantiating the property, so decoding 'x-display' is
> vulnerable to executing arbitrary malicious Lisp code included in the
> text (e.g., sent as part of an email message).
(cherry picked from commit 78f457c76c)
The backslash wasn't properly escaped, and "\." is apparently equal to
".". So it's accidentally filtering out these valid file names (in
Nixpkgs):
trace: excluding clfswm
trace: excluding larswm
trace: excluding mkpasswd
While at it, turn the file filter stricter to what it was before
e2589b3ca2. That is, the file name must
start with a dot: '.swp', '.foo.swo' are filtered but 'bar.swf' is not.
(cherry picked from commit 9275c3387e)
Google publishes prebuilt tensorflow whl for python 3.4, 3.5, 3.6,
but nix expression for tensorflow only supported 3.5.
This change adds support for python-3.6.
- avr-gcc 5.3.0 -> 5.4.0
closes#28220
Since the packages do not share a common prefix anymore, you need
to define the current store paths in your project's Makefile.
Example for an atmega644 build:
CFLAGS += -I /nix/store/9rffxzds5crcpm76g3nr03jx0aa657cf-avr-libc-2.0.0/avr/include
CFLAGS += -B /nix/store/9rffxzds5crcpm76g3nr03jx0aa657cf-avr-libc-2.0.0/avr/lib/avr5
CFLAGS += -L /nix/store/9rffxzds5crcpm76g3nr03jx0aa657cf-avr-libc-2.0.0/avr/lib/avr5
CFLAGS += -L /nix/store/8409dj9js4i5901i63275wxdm783l0p6-avr-gcc-5.4.0/lib/gcc/avr/5.4.0/avr5
(cherry picked from commit 6a458c169b)
It doesn't look good when the initial admin user is named
"<hash>-gitolite-admin" and the key stored as
"<hash>-gitolite-admin.pub". Instead, make it simply "gitolite-admin"
and "gitolite-admin.pub".
(cherry picked from commit 6b9ee30672)
This updates namecoin from a legacy version from about 3 years ago
(https://github.com/namecoin/namecoin-legacy) to
the new namecoin-core.
(cherry picked from commit 8bd3664f373cb78a0526dc8a86e750f55b96420a)
(cherry picked from commit 31f349dbb4)
Use consistent no-space style. (All documentation I've seen use no
space, and the generated section headings from the NixOS module also use
no space.)
(cherry picked from commit fc02a0265a)
This is the latest release from Cadsoft, before they were bought by
Autocad. Autocad has released 8.x, but
- it requires reworking the Nix expression (different packaging)
- the paid license version requires a monthly subscription fee, you never
"own" the software (AFAICT).
Due to the licensing change in 8.x, I think keeping Eagle 7.x around is
a good idea.
(cherry picked from commit 28f780b320)
https://hydra.nixos.org/build/59943791
This package is a library and has no reverse dependencies. (It was once
used by diffoscope, but it changed to use a different library).
(cherry picked from commit 373b2231be)
This is set in the hardened linux config as well but sysctl is more
flexible & works with any boot.kernelPackages
(cherry picked from commit 2bce0b13e7)
These changes reduce file accesses outside TBB_HOME or the Nix store, as
determined by running under strace -e access,open,stat.
(cherry picked from commit f84125c3b1)
Aften is an audio encoder which generates compressed audio streams based on
ATSC A/52 specification. This type of audio is also known as AC-3 or Dolby®
Digital and is one of the audio codecs used in DVD-Video content.
Homepage: http://aften.sourceforge.net/
(cherry picked from commit 6e009edc41)
* tigervnc: correct default ssh client path
The -via command sets up an ssh tunnel, but is hardcoded to /usr/bin/ssh
upstream. This patches it to use the nixpkgs openssh client.
* tigervnc: patch ssh path correctly
(cherry picked from commit e9183fd2d4)
This fixes:
Traceback (most recent call last):
File "/nix/store/7f9arl3f9xyj8sm05mkanh2mlp217192-glusterfs-3.10.2/libexec/glusterfs/glusterfind/changelog.py", line 22, in <module>
import libgfchangelog
File "/nix/store/7f9arl3f9xyj8sm05mkanh2mlp217192-glusterfs-3.10.2/libexec/glusterfs/glusterfind/libgfchangelog.py", line 21, in <module>
libgfc = CDLL("libgfchangelog.so", use_errno=True, mode=RTLD_GLOBAL)
File "/nix/store/nlyr5ankhi7yvva8zndi718zj37js270-python-2.7.13-env/lib/python2.7/ctypes/__init__.py", line 362, in __init__
self._handle = _dlopen(self._name, mode)
OSError: libgfchangelog.so: cannot open shared object file: No such file or directory
Connection to 10.0.0.2 closed.
when running `glusterfind pre`.
Done by setting PYTHONPATH/LD_LIBRARY_PATH as for the other
Python scripts.
(cherry picked from commit abc96aae47)
Fixes error
File "/nix/store/lxpsl84km87xpk59nai6a33ihgpfs7qr-glusterfs-3.10.2/libexec/glusterfs/glusterfind/changelog.py", line 105, in populate_pgfid_and_inodegfid
file_xattrs = xattr.list(p)
AttributeError: 'module' object has no attribute 'list'
when using `glusterfind pre`.
(cherry picked from commit 8e329da496)
It seems that the recaptcha-client package is no longer maintained.
* The latest released version (1.0.6) is from the year 2011;
* The project page does not mention which Python versions are supported
* The project is hosted on google code, which is discontinued
I was able to succesfully build with Python versions 3.3, 3.4, but not
3.5, 3.6.
This is probably a fallout from #28557 merge and revert.
I can't see why exactly this happened, but it seems a safe fix.
(cherry picked from commit c86eb1da5f)
Fixes a number of CVEs:
- a DNS request hijacking vulnerability. (CVE-2017-0902)
- an ANSI escape sequence vulnerability. (CVE-2017-0899)
- a DoS vulnerability in the query command. (CVE-2017-0900)
- a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
(cherry picked from commit 9f51b3c105)
Otherwise if you try to listing all available packages, you will get a
hard error on platforms not supported by this package. Consequently the
tarball job was broken.
(cherry picked from commit f9ea527a02)
Add pkgconfig as buildinput, so that the install path is correctly set
with cmake. PkgConfig is an optional dependency for rtags, but they
say it's necessary if you want to replace the prefix with
CMAKE_INSTALL_PREFIX. See:
caad9ac494/cmake/BashCompletion.cmake (L13)
Furthermore, I let the configurePhase of the rtags emacs package be a
noop.
(cherry picked from commit 311a1ee33a)
The build was failing with gcc 6.4.0; using the samee gcc6 patch Arch
Linux uses fixed the build.
This commit also refactors out the builder.sh possibly fixing the
NOGUI make flag option.
(cherry picked from commit 8b0de80e55)
Set LD=$CC to fix this build error:
...
ExtUtils::Mkbootstrap::Mkbootstrap('blib/arch/auto/Boost/Geometry/Utils/Utils.bs')
ld -shared -O2 -L/nix/store/sgjc1147vi5hd57ck9xgck5xjkydg5lz-glibc-2.25/lib -fstack-protector-strong -o blib/arch/auto/Boost/Geometry/Utils/Utils.so buildtmp/Utils.o -lstdc++
buildtmp/Utils.o: In function `_GLOBAL__sub_I_Utils.c':
Utils.c:(.text.startup+0x1a): undefined reference to `__dso_handle'
/nix/store/yf4p5w2v4h4i8rja9zw1akp007av624j-binutils-2.28.1/bin/ld: buildtmp/Utils.o: relocation R_X86_64_PC32 against undefined hidden symbol `__dso_handle' can not be used when making a shared object
/nix/store/yf4p5w2v4h4i8rja9zw1akp007av624j-binutils-2.28.1/bin/ld: final link failed: Bad value
error building blib/arch/auto/Boost/Geometry/Utils/Utils.so from buildtmp/Utils.o at /nix/store/7q2hps69zkj501lsmvnd2ry95mmdbh80-perl-5.24.2/lib/perl5/5.24.2/ExtUtils/CBuilder/Base.pm line 321.
builder for ‘/nix/store/bdwqvgxlgcqsmlqfh0d74jkpw96p78kh-perl-Boost-Geometry-Utils-0.15.drv’ failed with exit code 2
error: build of ‘/nix/store/bdwqvgxlgcqsmlqfh0d74jkpw96p78kh-perl-Boost-Geometry-Utils-0.15.drv’ failed
(cherry picked from commit c24820db93)
I realize that advanced users like to configure services with Nix
attrsets, but I don't think we should remove the option to use the
(configuration) language provided by upstream.
(cherry picked from commit eed14baec3)
This is a security release theoretically under emgargo, but leaked by
Mageia and Fedora.
We have permission to deliver this prior to public release.
(cherry picked from commit 993a83d395)
This reverts commit 0a944b345e, reversing
changes made to 61733ed6cc.
I dislike these massive stdenv changes with unclear motivation,
especially when they involve gratuitous mass renames like NIX_CC ->
NIX_BINUTILS. The previous such rename (NIX_GCC -> NIX_CC) caused
months of pain, so let's not do that again.
(cherry picked from commit ec8d41f08c)
cctool's as needs to be told use to use gnu as, or else we'd need a
dependency cycle between cctools and clang for this case.
In general, this is not a problem because clang uses its own integrated
assembler where possible, and gnu as otherwise.
(cherry picked from commit eb326c9cb7)
When keys get refreshed a folder with the permissions of the root user
get created in the home directory of the user dnscrypt-wrapper. This
prevents the service from restarting.
In addition to that the parameters of dnscrypt-wrapper have
changed in upstream and in the newly packaged software.
(cherry picked from commit ca54a86162)
@dezgeg caught my error--the issue isn't building help2man, but running
it on cross-compiled binaries.
This effectively reverts 0825f30fd2 as
far as behavior is concerned, but keeps the removal of `crossAttrs`.
(cherry picked from commit 28e4975bd1)
One of the goals of 74f5fe5 was to allow passing in a custom stdenv,
which would be used for genericBuilder's `mkDerivation` call. That does
work, but if packages takes `stdenv` as an parameter for any reason,
they'll get the default one instead. This change remedies it.
(cherry picked from commit 19de1f537e)
Add openssh as dependency for sftp-server. When connecting, x2goclient
crashes if it can't find that executable.
(cherry picked from commit a8aef188c8)
There is no maintainer for this package, probably not many users.
It requires effort to fix all third-party modules for this old kernel
versions. It might contain unpatched security holes.
For Pixel chromebooks, we have the samus-kernel.
Apart from that https://github.com/GalliumOS/linux might be a good choice.
(cherry picked from commit 44f93731d6)
This change statically links the `dhall-*` family of executables so that
they start up more quickly on NixOS. This also updates the `dhallToNix`
utility to use the statically linked `dhall-to-nix` executable
(cherry picked from commit fd2c8d0a00)
The main thing is that I'm convinced the license can't be free when it
restricts redistribution to certain platforms. That probably holds with
the usual definitions like from Debian, FSF or OSI.
(cherry picked from commit 8414d8386b)
Upstream bug fixes:
* pen and touchscreen input handling bugfixes
* fix a minor bug with save file paths in Windows (D. German)
* use GDK macros (not WIN32) to disable X11-specific code (T.
Schoonjans)
* export to PDF and printing: fix resolution loss on some pdf
backgrounds
* disable xinput during modal dialog boxes
* avoid data corruption when exporting to overwrite a PDF
* fix path search order for toolbar bitmaps
* text and image tools activate on button release instead of button
press to avoid subsequent confusion between clicks in toolbar and
drawing area
* fix "pen disable touch" when touchscreen sends prox events (A.
Kittenberger)
* fix crash when pasting text or images via xclip
* updated Italian translation (Marco Ciampa)
New upstream features:
* add space and shift-space bindings to page down/up (D. German)
* add A5 paper (D. German)
* config option to export successive layers to separate PDF pages
* config option to create new file when trying to open non-existent
.xoj
The full change log along with bug numbers can be found at:
https://sourceforge.net/p/xournal/code/ci/Release-0_4_8_2016/tree/ChangeLog
I've dropped gdk-quartz-backend.patch, because I believe it has been
fixed upstream.
Here are the upstream changes relevant for the patch (shortened, because
SourceForge has really long URLs):
http://bit.ly/2vXW8n0 -> src/Makefile.am
http://bit.ly/2gDnjl7 -> src/xo-file.c
http://bit.ly/2xJ5K7A -> src/xo-misc.c
Tested building and using the application.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @7c6f434c, @dguibert
Cc: @johbo who has introduced the patch in #21842
(cherry picked from commit 8436e9bfcd)
In Nix 1.12 sandboxed builds are performed in /build/ directory which conflicts
with the regex in docs/CMakeLists.txt, and generated documentation ends up in
wrong directory -> https://hydra.nixos.org/build/53914969/nixlog/1 -> CTRL-F
abi.txt
(cherry picked from commit e22a77217d)
See PR #28960 for details about the problem. There is some
non-determinism surrounding copies of the Speedy/Speedy11 font, so
deleting one makes it deterministic again without losing anything.
(cherry picked from commit 7d231c5435)
Did this when spliting off binutils-wrapper from cc-wrapper in
40e9b2a7e6: I deleted the file instead of
moving it.
(cherry picked from commit 3601a97e3c)
Factor a binutils wrapper out of cc-wrapper. While only LD is wrapped,
the setup hook defines environment variables on behalf of other
utilites.
(cherry picked from commit 40e9b2a7e6)
Environment variable filter in substituteAll was not precise and produced
undefined and invalid variable names. Vladimír Čunát tried to fix that in [1],
but `env -0` did not work during Darwin bootstrap, so [2] reverted this change
and replaced an error due to invalid variables with a warning. Recently in #28057
John Ericson added `set -u` to `setup.sh` and undefined variables made the setup
fail during e.g. `nix-build -A gnat` with `setup: line 519: !varName: unbound
variable`.
[1] 62fc8859c1
[2] 81df035429
(cherry picked from commit a09d9e7cd4)
This becomes necessary if more wrappers besides cc-wrapper start
supporting hardening flags. Also good to make the warning into an
error.
Also ensure interface is being used right: Not as a string, not just in
bash.
(cherry picked from commit 97a48835b7)
GCC just passes `-z ...` flags to ld unaltered, and they are already
passed to LD anyways. On the other hand, `-pie` affects gcc behavior
too.
(cherry picked from commit 822a8d0148)
I missed this in 799435b7ca.
This time I used "git grep -F pythonPackages.deluge" just to be sure :-)
Thanks a lot to @roconnor for spotting this.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: @roconnor
(cherry picked from commit 880a0409e8)
These have been throwing exceptions since grsec was deprecated, so
potential users should have had due to time to migrate their configs.
(cherry picked from commit 5125e209a9)
Potential disadvantage: ghostscript will become visible to user,
so there may e.g. be (new) collisions in nix-env due to this.
Fixes#28411.
(cherry picked from commit 828bc3812c)
It's now the default. /cc #19456
This makes a real build simplification, because in our current
bootstrapping+aliases, `gcc6` attribute is not the default compiler
but a derivation *built by* the default compiler.
nix-exec didn't build before this commit already
(cherry picked from commit 53998f5036)
Grub configs include the NixOS version and date they were built, now
systemd can have fun too:
version Generation 99 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
version Generation 100 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-30
version Generation 101 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-08-31
version Generation 102 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-01
version Generation 103 NixOS 17.03.1700.51a83266d1, Linux Kernel 4.9.43, Built on 2017-09-02
version Generation 104 NixOS 17.09beta41.1b8c7786ee, Linux Kernel 4.9.46, Built on 2017-09-02
version Generation 105 NixOS 17.09.git.1b8c778, Linux Kernel 4.9.46, Built on 2017-09-02
(cherry picked from commit 62652be111)
pyrtlsdr needs pandoc at build time. Fixes the build since commit
f6eb190e70
("python.pkgs.pyrtlsdr: disable tests to fix build"). (That commit
bumped the package to a new version.)
(cherry picked from commit 2cf1b94b82)
Z3 has supported optimization features since the 4.4.x release, so this can be
removed.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
(cherry picked from commit 54ae0aa1b0)
Upstream changes:
* Tesseract 4.00.00alpha:
* Version parsing: Ignore suffix (so '4.00.00alpha' == (4, 0, 0))
* Libtesseract: Load libtesseract.so.4 instead of libtesseract.so.3
if available
* Support for Tesseract 3.05.00:
* Builders: Split field 'tess_conf' into 'tess_flags' and 'tess_conf'
* Libtesseract: If available, use
TessBaseAPIDetectOrientationScript() instead of
TessBaseAPIDetectOS
* Libtesseract:
* Workaround: Prevents possible segfault in image_to_string() when
the target language is not available
Full upstream change log can be found at:
https://github.com/openpaperwork/pyocr/blob/b006123d1d002711b9/ChangeLog
The tesseract.patch for supporting Tesseract version 3.05.00 has been
applied upstream and we can safely drop it.
We now use substituteInPlace in conjunction with a patch to insert the
relevant store paths instead of sed, so it's less fragile whenever we
have upstream changes in handling of these paths.
I've tested this by reverting 48a941e29f and applying a build
fix patch of Cuneiform 1.1.0 from Arch Linux, because right now
Cuneiform is an experimental version that can't be fixed on behalf of
pyocr (the reason is that pyocr needs to get a list of languages, which
doesn't work in that version anymore).
In addition to that I've successfully built paperwork-backend which by
now is the one package which depends on pyocr. However, I didn't do
runtime tests of Paperwork.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @7c6f434c
(cherry picked from commit ca1ea69972)
We already have a patch feeling lonely inside the python-modules
directory and to have everything at one place let's actually move pyocr
into its own dedicated directory so it's easier to patch it up (which
we're going to).
Right now, the package fails to build because of a few test failures, so
I haven't tested this apart from evaluating.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit 3086fc7f83)
In order to run the tests for the external plugins of beets, we need to
have beets itself as a dependency. So in order to do that, we now pass
beets without plugins and tests to the nativeBuildInputs of the plugins
so that we can run them.
As soon as the plugins are built they become part of the final beets,
which also has tests enabled, so disabling the tests for beets
derivation that is used for external plugin tests is a non-issue here
because they're going to be executed anyway.
Enabling tests for the alternatives plugin is pretty straightforward,
but in order to run tests for the copyartifacts plugin, we need to bump
the source code to the latest Git master.
The reason for this is that the version that was in use until now
required to have the beets source directory alongside of the
copyartifacts source code, but we already have beets available as a
normal dependency.
Updating copyartifacts to latest master largely consists of unit test
changes and a few Python 3 compatibility changes. However, one change
has the biggest stat, which is
sbarakat/beets-copyartifacts@1a0c281da0.
Fortunately, the last change is just moving the implementation to a
newer API from upstream beets and by the looks of the implementation it
seems to break support for moving files. However, reverting this commit
also reveals that moving files was already broken before, so it wouldn't
matter much whether we have this version bump or not.
Tested with the following command:
nix-build -E '(import ./. {}).beets.override {
enableAlternatives = true;
enableCopyArtifacts = true;
}'
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @domenkozar, @pjones, @Profpatsch, @michalrus
(cherry picked from commit 40b76c8809)
Regression introduced by 94351197cd.
Running the tests results in the following traceback:
...
File ".../unittest/loader.py", line 91, in loadTestsFromName
module = __import__('.'.join(parts_copy))
File ".../test/regrtest.py", line 184, in <module>
for module in sys.modules.itervalues():
RuntimeError: dictionary changed size during iteration
The reason for this is that the test directory itself is called "test"
and the package including regrtest.py is also called "test", so the
loader tries to load tests from its own implementation.
We could fix this by changing PYTHONPATH and/or making the test
directory a proper package, but we'd still have failing tests because
beets itself is required to run the tests.
However for now I'm just removing the unit_tests kwarg in setup.py so
that we have the same behaviour as before the initially mentioned
commit.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
(cherry picked from commit bd2aeb4883)
- Update to version 2.0.10
- Use wrapGAppsHook to wrap binaries
- Use gstreamer-1.0
- Add dependence on libappindicator
(cherry picked from commit 1f48ad8699)
Regression introduced by fa5e343242.
The deluge package no longer resides in pythonPackages but now is a
top-level package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @grantwwu, @fpletz
(cherry picked from commit 799435b7ca)
This has been introduced in 6a6fb6d31c.
Relying on non-free software by default is probably a bad idea. Apart
from the fact that (sane) people usually don't want to have it sitting
on their system even people who don't care will have to set
"allowUnfree" to true in order to install conky.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @canndrew, @Mic92
(cherry picked from commit 7f99876f50)
previous mkDefault did not work as expected,
as it did not overwrite the original submodule's defaults when the user
did not specify any custom options at all.
(cherry picked from commit 786e9711f5)
GMime home has moved to Github as the list of commits clearly shows,
i.e.:
b5cbc68a67
The description is updated as well to be closer to the one used there
and over at gnome.org.
(cherry picked from commit ddaa696a4e)
The newer DEB packages have a setuid file, creating an error when
unpacking the source during the build phase.
As dpkg doesn't have a way to pass parameters to tar, dpkg is then
told to just extract the filesystem tar file and that is unpacked by
tar directly.
Fixes#28494
(cherry picked from commit fae458c5e7)
<!-- Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers. -->
- [ ] Tested using sandboxing
([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS,
or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file)
on non-NixOS)
- [ ] Tested using sandboxing ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS, or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file) on non-NixOS)
@@ -590,7 +590,7 @@ By default tests are run because `doCheck = true`. Test dependencies, like
e.g. the test runner, should be added to `buildInputs`.
By default `meta.platforms` is set to the same value
as the interpreter unless overriden otherwise.
as the interpreter unless overridden otherwise.
##### `buildPythonPackage` parameters
@@ -774,6 +774,34 @@ The `buildPythonPackage` function sets `DETERMINISTIC_BUILD=1` and
Both are also exported in `nix-shell`.
### Automatic tests
It is recommended to test packages as part of the build process.
Source distributions (`sdist`) often include test files, but not always.
By default the command `python setup.py test` is run as part of the
`checkPhase`, but often it is necessary to pass a custom `checkPhase`. An
example of such a situation is when `py.test` is used.
#### Common issues
- Non-working tests can often be deselected. By default `buildPythonPackage` runs `python setup.py test`.
Most python modules follows the standard test protocol where the pytest runner can be used instead.
`py.test` supports a `-k` parameter to ignore test methods or classes:
```nix
buildPythonPackage {
# ...
# assumes the tests are located in tests
checkInputs = [ pytest ];
checkPhase = ''
py.test -k 'not function_name and not other_function' tests
'';
}
```
- Unicode issues can typically be fixed by including `glibcLocales` in `buildInputs` and exporting `LC_ALL=en_US.utf-8`.
- Tests that attempt to access `$HOME` can be fixed by using the following work-around before running tests (e.g. `preCheck`): `export HOME=$(mktemp -d)`
## FAQ
### How to solve circular dependencies?
@@ -985,8 +1013,9 @@ rec {
Following rules are desired to be respected:
* Python libraries are supposed to be called from `python-packages.nix` and packaged with `buildPythonPackage`. The expression of a library should be in `pkgs/development/python-modules/<name>/default.nix`. Libraries in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
* Python libraries are called from `python-packages.nix` and packaged with `buildPythonPackage`. The expression of a library should be in `pkgs/development/python-modules/<name>/default.nix`. Libraries in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
* Python applications live outside of `python-packages.nix` and are packaged with `buildPythonApplication`.
* Make sure libraries build for all Python interpreters.
* By default we enable tests. Make sure the tests are found and, in the case of libraries, are passing for all interpreters. If certain tests fail they can be disabled individually. Try to avoid disabling the tests altogether. In any case, when you disable tests, leave a comment explaining why.
* Commit names of Python libraries should include `pythonPackages`, for example `pythonPackages.numpy: 1.11 -> 1.12`.
* Commit names of Python libraries should reflect that they are Python libraries, so write for example `pythonPackages.numpy: 1.11 -> 1.12`.
A machine is affected if the <literal>virt-what</literal> tool
either returns <literal>qemu</literal> or
<literal>kvm</literal><emphasis>and</emphasis> has
interface names used in any part of its NixOS configuration,
in particular if a static network configuration with
<literal>networking.interfaces</literal> is used.
</para>
<para>
Before rebooting affected machines, please ensure:
<itemizedlist>
<listitem>
<para>
Change the interface names in your NixOS configuration.
The first interface will be called <literal>ens3</literal>,
the second one <literal>ens8</literal> and starting from there
incremented by 1.
</para>
</listitem>
<listitem>
<para>
After changing the interface names, rebuild your system with
<literal>nixos-rebuild boot</literal> to activate the new
configuration after a reboot. If you switch to the new
configuration right away you might lose network connectivity!
If using <literal>nixops</literal>, deploy with
<literal>nixops deploy --force-reboot</literal>.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The following changes apply if the <literal>stateVersion</literal> is changed to 17.09 or higher.
For <literal>stateVersion = "17.03"</literal> or lower the old behavior is preserved.
</para>
<itemizedlist>
<listitem>
<para>
The <literal>postgres</literal> default version was changed from 9.5 to 9.6.
</para>
</listitem>
<listitem>
<para>
The <literal>postgres</literal> superuser name has changed from <literal>root</literal> to <literal>postgres</literal> to more closely follow what other Linux distributions are doing.
</para>
</listitem>
<listitem>
<para>
The <literal>postgres</literal> default <literal>dataDir</literal> has changed from <literal>/var/db/postgres</literal> to <literal>/var/lib/postgresql/$psqlSchema</literal> where $psqlSchema is 9.6 for example.
</para>
</listitem>
<listitem>
<para>
The <literal>mysql</literal> default <literal>dataDir</literal> has changed from <literal>/var/mysql</literal> to <literal>/var/lib/mysql</literal>.
</para>
</listitem>
<listitem>
<para>
Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found <linkxlink:href="http://radicale.org/1to2/"> here </link>. It is also possible to use the newer version by setting the <literal>package</literal> to <literal>radicale2</literal>, which is done automatically when <literal>stateVersion</literal> is 17.09 or higher. The <literal>extraArgs</literal> option has been added to allow passing the data migration arguments specified in the instructions; see the <filenamexlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/radicale.nix">radicale.nix</filename> NixOS test for an example migration.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <literal>aiccu</literal> package was removed. This is due to SixXS
<linkxlink:href="https://www.sixxs.net/main/"> sunsetting</link> its IPv6 tunnel.
</para>
</listitem>
<listitem>
<para>
The <literal>fanctl</literal> package and <literal>fan</literal> module
have been removed due to the developers not upstreaming their iproute2
patches and lagging with compatibility to recent iproute2 versions.
</para>
</listitem>
<listitem>
<para>
Top-level <literal>idea</literal> package collection was renamed.
@@ -81,7 +291,7 @@ following incompatible changes:</para>
</listitem>
<listitem>
<para>
The ipfs package now doesn't ignore the <literal>dataDir</literal> option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with
The <literal>ipfs</literal> service now doesn't ignore the <literal>dataDir</literal> option anymore. If you've ever set this option to anything other than the default you'll have to either unset it (so the default gets used) or migrate the old data manually with
<programlisting>
dataDir=<valueOfDataDir>
mv /var/lib/ipfs/.ipfs/* $dataDir
@@ -89,32 +299,11 @@ rmdir /var/lib/ipfs/.ipfs
</programlisting>
</para>
</listitem>
<listitem>
<para>
The following changes apply if the <literal>stateVersion</literal> is changed to 17.09 or higher.
For <literal>stateVersion = "17.03</literal> or lower the old behavior is preserved.
</para>
<para>
The <literal>postgres</literal> default version was changed from 9.5 to 9.6.
</para>
<para>
The <literal>postgres</literal> superuser name has changed from <literal>root</literal> to <literal>postgres</literal> to more closely follow what other Linux distributions are doing.
</para>
<para>
The <literal>postgres</literal> default <literal>dataDir</literal> has changed from <literal>/var/db/postgres</literal> to <literal>/var/lib/postgresql/$psqlSchema</literal> where $psqlSchema is 9.6 for example.
</para>
<para>
The <literal>mysql</literal> default <literal>dataDir</literal> has changed from <literal>/var/mysql</literal> to <literal>/var/lib/mysql</literal>.
</para>
<para>
Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found <linkxlink:href="http://radicale.org/1to2/"> here </link>. It is also possible to use the newer version by setting the <literal>package</literal> to <literal>radicale2</literal>, which is done automatically when <literal>stateVersion</literal> is 17.09 or higher.
</para>
</listitem>
<listitem>
<para>
The <literal>caddy</literal> service was previously using an extra
<literal>.caddy</literal> in the data directory specified with the
<literal>dataDir</literal> option. The contents of the
<literal>.caddy</literal> directory in the data directory specified
with the <literal>dataDir</literal> option. The contents of the
<literal>.caddy</literal> directory are now expected to be in the
<literal>dataDir</literal>.
</para>
@@ -176,9 +365,139 @@ rmdir /var/lib/ipfs/.ipfs
removed. The system support had been broken for several years.
</para>
</listitem>
<listitem>
<para>
Touchpad support should now be enabled through
<literal>libinput</literal> as <literal>synaptics</literal> is
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
