mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-29 16:57:40 +03:00
Merge staging-next into staging
This commit is contained in:
commit
1aadb5d97e
14
.github/workflows/check-by-name.yml
vendored
14
.github/workflows/check-by-name.yml
vendored
@ -8,8 +8,9 @@ on:
|
||||
# Using pull_request_target instead of pull_request avoids having to approve first time contributors
|
||||
pull_request_target
|
||||
|
||||
# The tool doesn't need any permissions, it only outputs success or not based on the checkout
|
||||
permissions: {}
|
||||
permissions:
|
||||
# We need this permission to cancel the workflow run if there's a merge conflict
|
||||
actions: write
|
||||
|
||||
jobs:
|
||||
check:
|
||||
@ -62,7 +63,14 @@ jobs:
|
||||
if [[ "$mergeable" == "true" ]]; then
|
||||
echo "The PR can be merged, checking the merge commit $mergedSha"
|
||||
else
|
||||
echo "The PR cannot be merged, it has a merge conflict"
|
||||
echo "The PR cannot be merged, it has a merge conflict, cancelling the workflow.."
|
||||
gh api \
|
||||
--method POST \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
-H "X-GitHub-Api-Version: 2022-11-28" \
|
||||
/repos/"$GITHUB_REPOSITORY"/actions/runs/"$GITHUB_RUN_ID"/cancel
|
||||
sleep 60
|
||||
# If it's still not canceled after a minute, something probably went wrong, just exit
|
||||
exit 1
|
||||
fi
|
||||
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
|
||||
|
@ -278,6 +278,7 @@
|
||||
./programs/wayland/waybar.nix
|
||||
./programs/wayland/wayfire.nix
|
||||
./programs/weylus.nix
|
||||
./programs/winbox.nix
|
||||
./programs/wireshark.nix
|
||||
./programs/xastir.nix
|
||||
./programs/wshowkeys.nix
|
||||
|
23
nixos/modules/programs/winbox.nix
Normal file
23
nixos/modules/programs/winbox.nix
Normal file
@ -0,0 +1,23 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.programs.winbox;
|
||||
in
|
||||
{
|
||||
options.programs.winbox = {
|
||||
enable = lib.mkEnableOption ("MikroTik Winbox");
|
||||
package = lib.mkPackageOption pkgs "winbox" { };
|
||||
|
||||
openFirewall = lib.mkOption {
|
||||
description = ''
|
||||
Whether to open ports for the MikroTik Neighbor Discovery protocol. Required for Winbox neighbor discovery.
|
||||
'';
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking.firewall.allowedUDPPorts = lib.optionals cfg.openFirewall [ 5678 ];
|
||||
};
|
||||
}
|
@ -361,6 +361,8 @@ in
|
||||
Group = cfg.group;
|
||||
StateDirectory = "";
|
||||
ReadWritePaths = optionals (!cfg.autoMount) [ "" cfg.dataDir ];
|
||||
# Make sure the socket units are started before ipfs.service
|
||||
Sockets = [ "ipfs-gateway.socket" "ipfs-api.socket" ];
|
||||
} // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; };
|
||||
} // optionalAttrs (!cfg.startWhenNeeded) {
|
||||
wantedBy = [ "default.target" ];
|
||||
|
@ -1,94 +1,153 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ options, config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkOption mdDoc types mkIf;
|
||||
|
||||
opt = options.services.quicktun;
|
||||
cfg = config.services.quicktun;
|
||||
|
||||
in
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
services.quicktun = mkOption {
|
||||
default = { };
|
||||
description = lib.mdDoc "QuickTun tunnels";
|
||||
type = types.attrsOf (types.submodule {
|
||||
description = mdDoc ''
|
||||
QuickTun tunnels.
|
||||
|
||||
See <http://wiki.ucis.nl/QuickTun> for more information about available options.
|
||||
'';
|
||||
type = types.attrsOf (types.submodule ({ name, ... }: let
|
||||
qtcfg = cfg.${name};
|
||||
in {
|
||||
options = {
|
||||
tunMode = mkOption {
|
||||
type = types.int;
|
||||
default = 0;
|
||||
example = 1;
|
||||
description = lib.mdDoc "";
|
||||
type = with types; coercedTo bool (b: if b then 1 else 0) (ints.between 0 1);
|
||||
default = false;
|
||||
example = true;
|
||||
description = mdDoc "Whether to operate in tun (IP) or tap (Ethernet) mode.";
|
||||
};
|
||||
|
||||
remoteAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
example = "tunnel.example.com";
|
||||
description = lib.mdDoc "";
|
||||
description = mdDoc ''
|
||||
IP address or hostname of the remote end (use `0.0.0.0` for a floating/dynamic remote endpoint).
|
||||
'';
|
||||
};
|
||||
|
||||
localAddress = mkOption {
|
||||
type = types.str;
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "0.0.0.0";
|
||||
description = lib.mdDoc "";
|
||||
description = mdDoc "IP address or hostname of the local end.";
|
||||
};
|
||||
|
||||
localPort = mkOption {
|
||||
type = types.int;
|
||||
type = types.port;
|
||||
default = 2998;
|
||||
description = lib.mdDoc "";
|
||||
description = mdDoc "Local UDP port.";
|
||||
};
|
||||
|
||||
remotePort = mkOption {
|
||||
type = types.int;
|
||||
default = 2998;
|
||||
description = lib.mdDoc "";
|
||||
type = types.port;
|
||||
default = qtcfg.localPort;
|
||||
defaultText = lib.literalExpression "config.services.quicktun.<name>.localPort";
|
||||
description = mdDoc " remote UDP port";
|
||||
};
|
||||
|
||||
remoteFloat = mkOption {
|
||||
type = types.int;
|
||||
default = 0;
|
||||
description = lib.mdDoc "";
|
||||
type = with types; coercedTo bool (b: if b then 1 else 0) (ints.between 0 1);
|
||||
default = false;
|
||||
example = true;
|
||||
description = mdDoc ''
|
||||
Whether to allow the remote address and port to change when properly encrypted packets are received.
|
||||
'';
|
||||
};
|
||||
|
||||
protocol = mkOption {
|
||||
type = types.str;
|
||||
type = types.enum [ "raw" "nacl0" "nacltai" "salty" ];
|
||||
default = "nacltai";
|
||||
description = lib.mdDoc "";
|
||||
description = mdDoc "Which protocol to use.";
|
||||
};
|
||||
|
||||
privateKey = mkOption {
|
||||
type = types.str;
|
||||
description = lib.mdDoc "";
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = mdDoc ''
|
||||
Local secret key in hexadecimal form.
|
||||
|
||||
::: {.warning}
|
||||
This option is deprecated. Please use {var}`services.quicktun.<name>.privateKeyFile` instead.
|
||||
:::
|
||||
|
||||
::: {.note}
|
||||
Not needed when {var}`services.quicktun.<name>.protocol` is set to `raw`.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
|
||||
privateKeyFile = mkOption {
|
||||
type = with types; nullOr path;
|
||||
# This is a hack to deprecate `privateKey` without using `mkChangedModuleOption`
|
||||
default = if qtcfg.privateKey == null then null else pkgs.writeText "quickttun-key-${name}" qtcfg.privateKey;
|
||||
defaultText = "null";
|
||||
description = mdDoc ''
|
||||
Path to file containing local secret key in binary or hexadecimal form.
|
||||
|
||||
::: {.note}
|
||||
Not needed when {var}`services.quicktun.<name>.protocol` is set to `raw`.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
|
||||
publicKey = mkOption {
|
||||
type = types.str;
|
||||
description = lib.mdDoc "";
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = mdDoc ''
|
||||
Remote public key in hexadecimal form.
|
||||
|
||||
::: {.note}
|
||||
Not needed when {var}`services.quicktun.<name>.protocol` is set to `raw`.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
|
||||
timeWindow = mkOption {
|
||||
type = types.int;
|
||||
type = types.ints.unsigned;
|
||||
default = 5;
|
||||
description = lib.mdDoc "";
|
||||
description = mdDoc ''
|
||||
Allowed time window for first received packet in seconds (positive number allows packets from history)
|
||||
'';
|
||||
};
|
||||
|
||||
upScript = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = lib.mdDoc "";
|
||||
type = with types; nullOr lines;
|
||||
default = null;
|
||||
description = mdDoc ''
|
||||
Run specified command or script after the tunnel device has been opened.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
}));
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf (cfg != []) {
|
||||
systemd.services = foldr (a: b: a // b) {} (
|
||||
mapAttrsToList (name: qtcfg: {
|
||||
config = {
|
||||
warnings = lib.pipe cfg [
|
||||
(lib.mapAttrsToList (name: value: if value.privateKey != null then name else null))
|
||||
(builtins.filter (n: n != null))
|
||||
(map (n: " - services.quicktun.${n}.privateKey"))
|
||||
(services: lib.optional (services != [ ]) ''
|
||||
`services.quicktun.<name>.privateKey` is deprecated.
|
||||
Please use `services.quicktun.<name>.privateKeyFile` instead.
|
||||
|
||||
Offending options:
|
||||
${lib.concatStringsSep "\n" services}
|
||||
'')
|
||||
];
|
||||
|
||||
systemd.services = lib.mkMerge (
|
||||
lib.mapAttrsToList (name: qtcfg: {
|
||||
"quicktun-${name}" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
@ -96,14 +155,14 @@ with lib;
|
||||
INTERFACE = name;
|
||||
TUN_MODE = toString qtcfg.tunMode;
|
||||
REMOTE_ADDRESS = qtcfg.remoteAddress;
|
||||
LOCAL_ADDRESS = qtcfg.localAddress;
|
||||
LOCAL_ADDRESS = mkIf (qtcfg.localAddress != null) (qtcfg.localAddress);
|
||||
LOCAL_PORT = toString qtcfg.localPort;
|
||||
REMOTE_PORT = toString qtcfg.remotePort;
|
||||
REMOTE_FLOAT = toString qtcfg.remoteFloat;
|
||||
PRIVATE_KEY = qtcfg.privateKey;
|
||||
PUBLIC_KEY = qtcfg.publicKey;
|
||||
PRIVATE_KEY_FILE = mkIf (qtcfg.privateKeyFile != null) qtcfg.privateKeyFile;
|
||||
PUBLIC_KEY = mkIf (qtcfg.publicKey != null) qtcfg.publicKey;
|
||||
TIME_WINDOW = toString qtcfg.timeWindow;
|
||||
TUN_UP_SCRIPT = pkgs.writeScript "quicktun-${name}-up.sh" qtcfg.upScript;
|
||||
TUN_UP_SCRIPT = mkIf (qtcfg.upScript != null) (pkgs.writeScript "quicktun-${name}-up.sh" qtcfg.upScript);
|
||||
SUID = "nobody";
|
||||
};
|
||||
serviceConfig = {
|
||||
@ -114,5 +173,4 @@ with lib;
|
||||
}) cfg
|
||||
);
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -717,6 +717,7 @@ in {
|
||||
qgis-ltr = handleTest ./qgis.nix { qgisPackage = pkgs.qgis-ltr; };
|
||||
qownnotes = handleTest ./qownnotes.nix {};
|
||||
quake3 = handleTest ./quake3.nix {};
|
||||
quicktun = handleTest ./quicktun.nix {};
|
||||
quorum = handleTest ./quorum.nix {};
|
||||
rabbitmq = handleTest ./rabbitmq.nix {};
|
||||
radarr = handleTest ./radarr.nix {};
|
||||
|
@ -1,5 +1,7 @@
|
||||
{ recurseIntoAttrs, runTest }:
|
||||
recurseIntoAttrs {
|
||||
kubo = runTest ./kubo.nix;
|
||||
kubo-fuse = runTest ./kubo-fuse.nix;
|
||||
# The FUSE functionality is completely broken since Kubo v0.24.0
|
||||
# See https://github.com/ipfs/kubo/issues/10242
|
||||
# kubo-fuse = runTest ./kubo-fuse.nix;
|
||||
}
|
||||
|
@ -46,6 +46,13 @@
|
||||
f"ipfs --api /unix/run/ipfs.sock cat /ipfs/{ipfs_hash.strip()} | grep fnord2"
|
||||
)
|
||||
|
||||
machine.stop_job("ipfs")
|
||||
|
||||
with subtest("Socket activation for the Gateway"):
|
||||
machine.succeed(
|
||||
f"curl 'http://127.0.0.1:8080/ipfs/{ipfs_hash.strip()}' | grep fnord2"
|
||||
)
|
||||
|
||||
with subtest("Setting dataDir works properly with the hardened systemd unit"):
|
||||
machine.succeed("test -e /mnt/ipfs/config")
|
||||
machine.succeed("test ! -e /var/lib/ipfs/")
|
||||
|
18
nixos/tests/quicktun.nix
Normal file
18
nixos/tests/quicktun.nix
Normal file
@ -0,0 +1,18 @@
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }:
|
||||
{
|
||||
name = "quicktun";
|
||||
meta.maintainers = with lib.maintainers; [ h7x4 ];
|
||||
|
||||
nodes = {
|
||||
machine = { ... }: {
|
||||
services.quicktun."test-tunnel" = {
|
||||
protocol = "raw";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
machine.wait_for_unit("quicktun-test-tunnel.service")
|
||||
'';
|
||||
})
|
@ -1,4 +1,4 @@
|
||||
{ lib, stdenv, fetchurl, pkg-config, makeWrapper
|
||||
{ lib, stdenv, fetchurl, fetchpatch, pkg-config, makeWrapper
|
||||
, libsndfile, jack2
|
||||
, libGLU, libGL, lv2, cairo
|
||||
, ladspaH, php, libXrandr }:
|
||||
@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
|
||||
url = "https://github.com/sadko4u/${pname}/releases/download/${version}/${pname}-src-${version}.tar.gz";
|
||||
sha256 = "sha256-eJO+1fCNzqjTdGrPlhIrHc3UimkJOydRqTq49IN+Iwo=";
|
||||
};
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
url = "https://github.com/lsp-plugins/lsp-dsp-lib/commit/58c3f985f009c84347fa91236f164a9e47aafa93.patch";
|
||||
stripLen = 1;
|
||||
extraPrefix = "modules/lsp-dsp-lib/";
|
||||
hash = "sha256-pCLucLijXOgp69xNjSRCRxgVoQziT0YiHLnQGbkefqE=";
|
||||
})
|
||||
];
|
||||
|
||||
outputs = [ "out" "dev" "doc" ];
|
||||
|
||||
|
@ -159,8 +159,7 @@ in stdenv.mkDerivation rec {
|
||||
preFixup = ''
|
||||
gappsWrapperArgs+=(
|
||||
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc pipewire ] }"
|
||||
# Currently crashes see https://github.com/NixOS/nixpkgs/issues/222043
|
||||
#--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}"
|
||||
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}"
|
||||
--suffix PATH : ${lib.makeBinPath [ xdg-utils ]}
|
||||
)
|
||||
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gridtracker";
|
||||
version = "1.23.1202";
|
||||
version = "1.23.1207";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
owner = "gridtracker.org";
|
||||
repo = "gridtracker";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-XrHA+h6qAYyZjp/C7+oS3eAvX0ptD+T4UKFzM2ROBCw=";
|
||||
sha256 = "sha256-r7H+fds8FbSLDxPQqn0XUPC6loLgsaNX+DBqJJ96/d4=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ wrapGAppsHook ];
|
||||
|
@ -12,13 +12,13 @@
|
||||
|
||||
buildPythonApplication rec {
|
||||
pname = "git-machete";
|
||||
version = "3.20.0";
|
||||
version = "3.22.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "virtuslab";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-6TntyAkDIcCVcAsNdAlgvKYO7Db0oMDWKW92rMRIDI4=";
|
||||
hash = "sha256-2oEpBNMHj4qpkPp8rXEMsRRiRQeC30hQCQh7d8bOLUU=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
@ -21,13 +21,13 @@ assert withMpv || withVlc || withIina;
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "ani-cli";
|
||||
version = "4.6";
|
||||
version = "4.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "pystardust";
|
||||
repo = "ani-cli";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-ahyCD4QsYyb3xtNK03HITeF0+hJFIHZ+PAjisuS/Kdo=";
|
||||
hash = "sha256-Ll4bHKrDZukoQX35iiMI6rMSgiTC6wp7fHUnOMPagOA=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
@ -31,7 +31,7 @@ let
|
||||
davinci = (
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "davinci-resolve${lib.optionalString studioVariant "-studio"}";
|
||||
version = "18.6.3";
|
||||
version = "18.6.4";
|
||||
|
||||
nativeBuildInputs = [
|
||||
(appimage-run.override { buildFHSEnv = buildFHSEnvChroot; } )
|
||||
@ -52,8 +52,8 @@ let
|
||||
outputHashAlgo = "sha256";
|
||||
outputHash =
|
||||
if studioVariant
|
||||
then "sha256-OX8PyMhfl0jRdXBNsjlwkCAh8XUNJv8HEbmyAdjIv18="
|
||||
else "sha256-PNzdVxGgXIHM2vi3ChHx67TQBFlCYBOZCiFkDi/RSu4=";
|
||||
then "sha256-Us8DsxdGwBxUL+yUHT9DNJFIV7EO+J9CSN2Juyf8VQ4="
|
||||
else "sha256-yPdfmS42ID7MOTB3XlGXfOqp46kRLR8martJ9gWqDjA=";
|
||||
|
||||
impureEnvVars = lib.fetchers.proxyImpureEnvVars;
|
||||
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "ddev";
|
||||
version = "1.22.5";
|
||||
version = "1.22.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ddev";
|
||||
repo = "ddev";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-s4uRS/BIRjVVN3u+ocy2RcwSnvJLtWpkvxtvgumuWtk=";
|
||||
hash = "sha256-i+uubmCQwJALt7YRuANpEN2AAn9i6880MaXkayIZ82g=";
|
||||
};
|
||||
|
||||
vendorHash = null;
|
||||
|
@ -7,16 +7,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "cargo-xwin";
|
||||
version = "0.14.9";
|
||||
version = "0.16.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "rust-cross";
|
||||
repo = "cargo-xwin";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-y2hlzewDWYxkKhr77JB3lkYo5hexcdmPiCRbXLtnolM=";
|
||||
hash = "sha256-EZM1TeWUnoRcsF6m6mDNCoUR2WWe7ohqT3wNWnq0kQY=";
|
||||
};
|
||||
|
||||
cargoHash = "sha256-uIFjWgoNCU5kUX4i1Law/YE0TmFLOi6V3Y4b9BpQlI4=";
|
||||
cargoHash = "sha256-MEBMXP7a/w2aN6RuWrm16PsnIPw6+8k5jI2yRnwBy0s=";
|
||||
|
||||
buildInputs = lib.optionals stdenv.isDarwin [
|
||||
darwin.apple_sdk.frameworks.Security
|
||||
|
@ -5,13 +5,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "hjson-go";
|
||||
version = "4.3.1";
|
||||
version = "4.4.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "hjson";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-ox6/PY7Nx282bUekLoXezWfKDiDzCBUZMa5/nu2qG40=";
|
||||
hash = "sha256-fonPxk/9ue8LzHTdKpuHJcucQoMl4P6gq+tbjS8Ui7Q=";
|
||||
};
|
||||
|
||||
vendorHash = null;
|
@ -7,7 +7,7 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "kubo";
|
||||
version = "0.24.0"; # When updating, also check if the repo version changed and adjust repoVersion below
|
||||
version = "0.25.0"; # When updating, also check if the repo version changed and adjust repoVersion below
|
||||
rev = "v${version}";
|
||||
|
||||
passthru.repoVersion = "15"; # Also update kubo-migrator when changing the repo version
|
||||
@ -15,7 +15,7 @@ buildGoModule rec {
|
||||
# Kubo makes changes to its source tarball that don't match the git source.
|
||||
src = fetchurl {
|
||||
url = "https://github.com/ipfs/kubo/releases/download/${rev}/kubo-source.tar.gz";
|
||||
hash = "sha256-stSjLvg8G1EiXon3Qby4wLgbhX7Aaj9pnxcvE32/42k=";
|
||||
hash = "sha256-+Mk3rDdtjhETmdaOOSXEFdLTJ0nX9G3qUxctsu5vrSc=";
|
||||
};
|
||||
|
||||
# tarball contains multiple files/directories
|
@ -11,14 +11,14 @@
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "crocoddyl";
|
||||
version = "2.0.1";
|
||||
version = "2.0.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "loco-3d";
|
||||
repo = finalAttrs.pname;
|
||||
rev = "v${finalAttrs.version}";
|
||||
fetchSubmodules = true;
|
||||
hash = "sha256-h7rzLSvmWOZCP8rvmUEhFeMEiPhojfbvkt+fNKpgoXo=";
|
||||
hash = "sha256-MsAXHfxLNlIK/PbtVTjvBN1Jk3dyGEkfpj3/98nExj4=";
|
||||
};
|
||||
|
||||
strictDeps = true;
|
||||
|
@ -7,13 +7,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "httplib";
|
||||
version = "0.14.1";
|
||||
version = "0.14.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "yhirose";
|
||||
repo = "cpp-httplib";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-JBs2FvcdAvxysYhzakP0wU/mUCWfKZ8dk5ROWL5sej0=";
|
||||
hash = "sha256-JfxeXHo34MKtAkMO3pNWiPorh3f8s4SVrdAaydVYdrY=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
@ -85,7 +85,6 @@ stdenv.mkDerivation rec {
|
||||
description = "Library and utilities for working with the TIFF image file format";
|
||||
homepage = "https://libtiff.gitlab.io/libtiff";
|
||||
changelog = "https://libtiff.gitlab.io/libtiff/v${version}.html";
|
||||
maintainers = with maintainers; [ qyliss ];
|
||||
license = licenses.libtiff;
|
||||
platforms = platforms.unix;
|
||||
};
|
||||
|
@ -20,13 +20,13 @@
|
||||
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "juce";
|
||||
version = "7.0.7";
|
||||
version = "7.0.9";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "juce-framework";
|
||||
repo = "juce";
|
||||
rev = finalAttrs.version;
|
||||
hash = "sha256-r+Wf/skPDexm3rsrVBoWrygKvV9HGlCQd7r0iHr9avM=";
|
||||
hash = "sha256-k8cNTPH9OgOav4dsSLqrd5PlJ1rqO0PLt6Lwmumc2Gg=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "grpc-gateway";
|
||||
version = "2.18.0";
|
||||
version = "2.18.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "grpc-ecosystem";
|
||||
repo = "grpc-gateway";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-FVb3x/wZ0jLI17lXAT/lcUpJiq3ZcvWjFnORynOvfmY=";
|
||||
sha256 = "sha256-mbRceXqc7UmrhM2Y6JJIUvMf9YxMFMjRW7VvEa8/xHs=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-SV2ZO8Y9yt6iyw9VvNY0xpqZIzLrTyHYYpIpzcEVsLY=";
|
||||
vendorHash = "sha256-zVojs4q8TytJY3myKvLdACnMFJ0iK9Cfn+aZ4d/j34s=";
|
||||
|
||||
meta = with lib; {
|
||||
description =
|
||||
|
@ -5,14 +5,14 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "cargo-run-bin";
|
||||
version = "1.5.0";
|
||||
version = "1.6.0";
|
||||
|
||||
src = fetchCrate {
|
||||
inherit pname version;
|
||||
hash = "sha256-FPkZk5qKHrRR3V8s04yLgOVOKj+Rln3Cu/VW2bnr2fE=";
|
||||
hash = "sha256-PB44m39TDH1z8N3DrxAlZ/FKOdZmpe+U84tbmBBP9VQ=";
|
||||
};
|
||||
|
||||
cargoHash = "sha256-aFHuIEDpGCel1FC7D0hTUmzHbEj7wVarsE0wNZ/3Khw=";
|
||||
cargoHash = "sha256-FMlirUr3c8QhnTmTHvfNPff7PYlWSl83vCGLOLbyaR4=";
|
||||
|
||||
# multiple impurities in tests
|
||||
doCheck = false;
|
||||
|
@ -14,12 +14,12 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "iwd";
|
||||
version = "2.10";
|
||||
version = "2.11";
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://git.kernel.org/pub/scm/network/wireless/iwd.git";
|
||||
rev = version;
|
||||
hash = "sha256-zePFmcQRFjcH6KToTpBFMQzGY+Eq7jijfn0R/MMKGrw=";
|
||||
hash = "sha256-kE9GBVTKNpgEuE9jQ7k85OhEAN3VWgjmAgifvZfq46I=";
|
||||
};
|
||||
|
||||
# Revert test that's broken on aarch64
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "consul";
|
||||
version = "1.16.3";
|
||||
version = "1.17.0";
|
||||
rev = "v${version}";
|
||||
|
||||
# Note: Currently only release tags are supported, because they have the Consul UI
|
||||
@ -17,7 +17,7 @@ buildGoModule rec {
|
||||
owner = "hashicorp";
|
||||
repo = pname;
|
||||
inherit rev;
|
||||
hash = "sha256-XxT+66CNuDeVBoaNhlgET5bJYB/KDCjcO0RDmyI6S9o=";
|
||||
hash = "sha256-fAcgO7r0GrL2GrsX7flezhbQMcg+YBH6Lrn7BW2XMwM=";
|
||||
};
|
||||
|
||||
passthru.tests.consul = nixosTests.consul;
|
||||
@ -26,7 +26,7 @@ buildGoModule rec {
|
||||
# has a split module structure in one repo
|
||||
subPackages = ["." "connect/certgen"];
|
||||
|
||||
vendorHash = "sha256-WNvdHT915GSTFhZZfoi/MCHAjzBVYkhUiPNPw5GDT4s=";
|
||||
vendorHash = "sha256-xxREyw7xgx9Zp7nua1yq39TioWvRQXOhWqYaK6eJaOc=";
|
||||
|
||||
doCheck = false;
|
||||
|
||||
|
@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
|
||||
# bozohttpd is developed in-tree in pkgsrc, canonical hashes can be found at:
|
||||
# http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/bozohttpd/distinfo
|
||||
src = fetchurl {
|
||||
url = "http://www.eterna.com.au/${pname}/${pname}-${version}.tar.bz2";
|
||||
url = "http://eterna23.net/${pname}/${pname}-${version}.tar.bz2";
|
||||
hash = "sha512-J1uPqzzy5sWXIWgsrpUtuV2lvTsfIGgCQMbPEClGNpP2/soEf77146PnUotAt7LoeypW/YALYS5nmhbySJDltg==";
|
||||
};
|
||||
|
||||
|
@ -15,13 +15,13 @@ in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "janus-gateway";
|
||||
version = "1.2.0";
|
||||
version = "1.2.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "meetecho";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-YbY7wcd8YHcPo5w4n54gjOtepYLbboLsrLij7oYzhco=";
|
||||
sha256 = "sha256-Bqb4UO4R5CnV8+2OthGrEVORzH+k+zgzI4UsvwRHgk8=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook pkg-config gengetopt ];
|
||||
|
@ -4,27 +4,14 @@ This directory implements a program to check the [validity](#validity-checks) of
|
||||
It is being used by [this GitHub Actions workflow](../../../.github/workflows/check-by-name.yml).
|
||||
This is part of the implementation of [RFC 140](https://github.com/NixOS/rfcs/pull/140).
|
||||
|
||||
## API
|
||||
## Interface
|
||||
|
||||
This API may be changed over time if the CI workflow making use of it is adjusted to deal with the change appropriately.
|
||||
The interface of the tool is shown with `--help`:
|
||||
```
|
||||
cargo run -- --help
|
||||
```
|
||||
|
||||
- Command line: `nixpkgs-check-by-name <NIXPKGS>`
|
||||
- Arguments:
|
||||
- `<NIXPKGS>`: The path to the Nixpkgs to check
|
||||
- `--version <VERSION>`: The version of the checks to perform.
|
||||
|
||||
Possible values:
|
||||
- `v0` (default)
|
||||
- `v1`
|
||||
|
||||
See [validation](#validity-checks) for the differences.
|
||||
- Exit code:
|
||||
- `0`: If the [validation](#validity-checks) is successful
|
||||
- `1`: If the [validation](#validity-checks) is not successful
|
||||
- `2`: If an unexpected I/O error occurs
|
||||
- Standard error:
|
||||
- Informative messages
|
||||
- Detected problems if validation is not successful
|
||||
The interface may be changed over time only if the CI workflow making use of it is adjusted to deal with the change appropriately.
|
||||
|
||||
## Validity checks
|
||||
|
||||
@ -32,7 +19,7 @@ These checks are performed by this tool:
|
||||
|
||||
### File structure checks
|
||||
- `pkgs/by-name` must only contain subdirectories of the form `${shard}/${name}`, called _package directories_.
|
||||
- The `name`'s of package directories must be unique when lowercased
|
||||
- The `name`'s of package directories must be unique when lowercased.
|
||||
- `name` is a string only consisting of the ASCII characters `a-z`, `A-Z`, `0-9`, `-` or `_`.
|
||||
- `shard` is the lowercased first two letters of `name`, expressed in Nix: `shard = toLower (substring 0 2 name)`.
|
||||
- Each package directory must contain a `package.nix` file and may contain arbitrary other files.
|
||||
@ -41,9 +28,21 @@ These checks are performed by this tool:
|
||||
- Each package directory must not refer to files outside itself using symlinks or Nix path expressions.
|
||||
|
||||
### Nix evaluation checks
|
||||
- `pkgs.${name}` is defined as `callPackage pkgs/by-name/${shard}/${name}/package.nix args` for some `args`.
|
||||
- **Only after --version v1**: If `pkgs.${name}` is not auto-called from `pkgs/by-name`, `args` must not be empty
|
||||
- `pkgs.lib.isDerivation pkgs.${name}` is `true`.
|
||||
- For each package directory, the `pkgs.${name}` attribute must be defined as `callPackage pkgs/by-name/${shard}/${name}/package.nix args` for some `args`.
|
||||
- For each package directory, `pkgs.lib.isDerivation pkgs.${name}` must be `true`.
|
||||
|
||||
### Ratchet checks
|
||||
|
||||
Furthermore, this tool implements certain [ratchet](https://qntm.org/ratchet) checks.
|
||||
This allows gradually phasing out deprecated patterns without breaking the base branch or having to migrate it all at once.
|
||||
It works by not allowing new instances of the pattern to be introduced, but allowing already existing instances.
|
||||
The existing instances are coming from `<BASE_NIXPKGS>`, which is then checked against `<NIXPKGS>` for new instances.
|
||||
Ratchets should be removed eventually once the pattern is not used anymore.
|
||||
|
||||
The current ratchets are:
|
||||
|
||||
- New manual definitions of `pkgs.${name}` (e.g. in `pkgs/top-level/all-packages.nix`) with `args = { }`
|
||||
(see [nix evaluation checks](#nix-evaluation-checks)) must not be introduced.
|
||||
|
||||
## Development
|
||||
|
||||
@ -86,6 +85,10 @@ Tests are declared in [`./tests`](./tests) as subdirectories imitating Nixpkgs w
|
||||
allowing the simulation of package overrides to the real [`pkgs/top-level/all-packages.nix`](../../top-level/all-packages.nix`).
|
||||
The default is an empty overlay.
|
||||
|
||||
- `base` (optional):
|
||||
Contains another subdirectory imitating Nixpkgs with potentially any of the above structures.
|
||||
This is used for [ratchet checks](#ratchet-checks).
|
||||
|
||||
- `expected` (optional):
|
||||
A file containing the expected standard output.
|
||||
The default is expecting an empty standard output.
|
||||
|
@ -1,7 +1,7 @@
|
||||
use crate::nixpkgs_problem::NixpkgsProblem;
|
||||
use crate::ratchet;
|
||||
use crate::structure;
|
||||
use crate::validation::{self, Validation::Success};
|
||||
use crate::Version;
|
||||
use std::path::Path;
|
||||
|
||||
use anyhow::Context;
|
||||
@ -39,11 +39,10 @@ enum AttributeVariant {
|
||||
/// of the form `callPackage <package_file> { ... }`.
|
||||
/// See the `eval.nix` file for how this is achieved on the Nix side
|
||||
pub fn check_values(
|
||||
version: Version,
|
||||
nixpkgs_path: &Path,
|
||||
package_names: Vec<String>,
|
||||
eval_accessible_paths: Vec<&Path>,
|
||||
) -> validation::Result<()> {
|
||||
eval_accessible_paths: &[&Path],
|
||||
) -> validation::Result<ratchet::Nixpkgs> {
|
||||
// Write the list of packages we need to check into a temporary JSON file.
|
||||
// This can then get read by the Nix evaluation.
|
||||
let attrs_file = NamedTempFile::new().context("Failed to create a temporary file")?;
|
||||
@ -110,39 +109,13 @@ pub fn check_values(
|
||||
String::from_utf8_lossy(&result.stdout)
|
||||
))?;
|
||||
|
||||
Ok(validation::sequence_(package_names.iter().map(
|
||||
|package_name| {
|
||||
let relative_package_file = structure::relative_file_for_package(package_name);
|
||||
Ok(
|
||||
validation::sequence(package_names.into_iter().map(|package_name| {
|
||||
let relative_package_file = structure::relative_file_for_package(&package_name);
|
||||
let absolute_package_file = nixpkgs_path.join(&relative_package_file);
|
||||
|
||||
if let Some(attribute_info) = actual_files.get(package_name) {
|
||||
let valid = match &attribute_info.variant {
|
||||
AttributeVariant::AutoCalled => true,
|
||||
AttributeVariant::CallPackage { path, empty_arg } => {
|
||||
let correct_file = if let Some(call_package_path) = path {
|
||||
absolute_package_file == *call_package_path
|
||||
} else {
|
||||
false
|
||||
};
|
||||
// Only check for the argument to be non-empty if the version is V1 or
|
||||
// higher
|
||||
let non_empty = if version >= Version::V1 {
|
||||
!empty_arg
|
||||
} else {
|
||||
true
|
||||
};
|
||||
correct_file && non_empty
|
||||
}
|
||||
AttributeVariant::Other => false,
|
||||
};
|
||||
|
||||
if !valid {
|
||||
NixpkgsProblem::WrongCallPackage {
|
||||
relative_package_file: relative_package_file.clone(),
|
||||
package_name: package_name.clone(),
|
||||
}
|
||||
.into()
|
||||
} else if !attribute_info.is_derivation {
|
||||
if let Some(attribute_info) = actual_files.get(&package_name) {
|
||||
let check_result = if !attribute_info.is_derivation {
|
||||
NixpkgsProblem::NonDerivation {
|
||||
relative_package_file: relative_package_file.clone(),
|
||||
package_name: package_name.clone(),
|
||||
@ -150,7 +123,44 @@ pub fn check_values(
|
||||
.into()
|
||||
} else {
|
||||
Success(())
|
||||
}
|
||||
};
|
||||
|
||||
let check_result = check_result.and(match &attribute_info.variant {
|
||||
AttributeVariant::AutoCalled => Success(ratchet::Package {
|
||||
empty_non_auto_called: ratchet::EmptyNonAutoCalled::Valid,
|
||||
}),
|
||||
AttributeVariant::CallPackage { path, empty_arg } => {
|
||||
let correct_file = if let Some(call_package_path) = path {
|
||||
absolute_package_file == *call_package_path
|
||||
} else {
|
||||
false
|
||||
};
|
||||
|
||||
if correct_file {
|
||||
Success(ratchet::Package {
|
||||
// Empty arguments for non-auto-called packages are not allowed anymore.
|
||||
empty_non_auto_called: if *empty_arg {
|
||||
ratchet::EmptyNonAutoCalled::Invalid
|
||||
} else {
|
||||
ratchet::EmptyNonAutoCalled::Valid
|
||||
},
|
||||
})
|
||||
} else {
|
||||
NixpkgsProblem::WrongCallPackage {
|
||||
relative_package_file: relative_package_file.clone(),
|
||||
package_name: package_name.clone(),
|
||||
}
|
||||
.into()
|
||||
}
|
||||
}
|
||||
AttributeVariant::Other => NixpkgsProblem::WrongCallPackage {
|
||||
relative_package_file: relative_package_file.clone(),
|
||||
package_name: package_name.clone(),
|
||||
}
|
||||
.into(),
|
||||
});
|
||||
|
||||
check_result.map(|value| (package_name.clone(), value))
|
||||
} else {
|
||||
NixpkgsProblem::UndefinedAttr {
|
||||
relative_package_file: relative_package_file.clone(),
|
||||
@ -158,6 +168,9 @@ pub fn check_values(
|
||||
}
|
||||
.into()
|
||||
}
|
||||
},
|
||||
)))
|
||||
}))
|
||||
.map(|elems| ratchet::Nixpkgs {
|
||||
packages: elems.into_iter().collect(),
|
||||
}),
|
||||
)
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
mod eval;
|
||||
mod nixpkgs_problem;
|
||||
mod ratchet;
|
||||
mod references;
|
||||
mod structure;
|
||||
mod utils;
|
||||
@ -9,37 +10,43 @@ use crate::structure::check_structure;
|
||||
use crate::validation::Validation::Failure;
|
||||
use crate::validation::Validation::Success;
|
||||
use anyhow::Context;
|
||||
use clap::{Parser, ValueEnum};
|
||||
use clap::Parser;
|
||||
use colored::Colorize;
|
||||
use std::io;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::process::ExitCode;
|
||||
|
||||
/// Program to check the validity of pkgs/by-name
|
||||
///
|
||||
/// This CLI interface may be changed over time if the CI workflow making use of
|
||||
/// it is adjusted to deal with the change appropriately.
|
||||
///
|
||||
/// Exit code:
|
||||
/// - `0`: If the validation is successful
|
||||
/// - `1`: If the validation is not successful
|
||||
/// - `2`: If an unexpected I/O error occurs
|
||||
///
|
||||
/// Standard error:
|
||||
/// - Informative messages
|
||||
/// - Detected problems if validation is not successful
|
||||
#[derive(Parser, Debug)]
|
||||
#[command(about)]
|
||||
#[command(about, verbatim_doc_comment)]
|
||||
pub struct Args {
|
||||
/// Path to nixpkgs
|
||||
/// Path to the main Nixpkgs to check.
|
||||
/// For PRs, this should be set to a checkout of the PR branch.
|
||||
nixpkgs: PathBuf,
|
||||
/// The version of the checks
|
||||
/// Increasing this may cause failures for a Nixpkgs that succeeded before
|
||||
/// TODO: Remove default once Nixpkgs CI passes this argument
|
||||
#[arg(long, value_enum, default_value_t = Version::V0)]
|
||||
version: Version,
|
||||
}
|
||||
|
||||
/// The version of the checks
|
||||
#[derive(Debug, Clone, PartialEq, PartialOrd, ValueEnum)]
|
||||
pub enum Version {
|
||||
/// Initial version
|
||||
V0,
|
||||
/// Empty argument check
|
||||
V1,
|
||||
/// Path to the base Nixpkgs to run ratchet checks against.
|
||||
/// For PRs, this should be set to a checkout of the PRs base branch.
|
||||
/// If not specified, no ratchet checks will be performed.
|
||||
/// However, this flag will become required once CI uses it.
|
||||
#[arg(long)]
|
||||
base: Option<PathBuf>,
|
||||
}
|
||||
|
||||
fn main() -> ExitCode {
|
||||
let args = Args::parse();
|
||||
match check_nixpkgs(&args.nixpkgs, args.version, vec![], &mut io::stderr()) {
|
||||
match process(args.base.as_deref(), &args.nixpkgs, &[], &mut io::stderr()) {
|
||||
Ok(true) => {
|
||||
eprintln!("{}", "Validated successfully".green());
|
||||
ExitCode::SUCCESS
|
||||
@ -55,10 +62,11 @@ fn main() -> ExitCode {
|
||||
}
|
||||
}
|
||||
|
||||
/// Checks whether the pkgs/by-name structure in Nixpkgs is valid.
|
||||
/// Does the actual work. This is the abstraction used both by `main` and the tests.
|
||||
///
|
||||
/// # Arguments
|
||||
/// - `nixpkgs_path`: The path to the Nixpkgs to check
|
||||
/// - `base_nixpkgs`: Path to the base Nixpkgs to run ratchet checks against.
|
||||
/// - `main_nixpkgs`: Path to the main Nixpkgs to check.
|
||||
/// - `eval_accessible_paths`:
|
||||
/// Extra paths that need to be accessible to evaluate Nixpkgs using `restrict-eval`.
|
||||
/// This is used to allow the tests to access the mock-nixpkgs.nix file
|
||||
@ -68,33 +76,30 @@ fn main() -> ExitCode {
|
||||
/// - `Err(e)` if an I/O-related error `e` occurred.
|
||||
/// - `Ok(false)` if there are problems, all of which will be written to `error_writer`.
|
||||
/// - `Ok(true)` if there are no problems
|
||||
pub fn check_nixpkgs<W: io::Write>(
|
||||
nixpkgs_path: &Path,
|
||||
version: Version,
|
||||
eval_accessible_paths: Vec<&Path>,
|
||||
pub fn process<W: io::Write>(
|
||||
base_nixpkgs: Option<&Path>,
|
||||
main_nixpkgs: &Path,
|
||||
eval_accessible_paths: &[&Path],
|
||||
error_writer: &mut W,
|
||||
) -> anyhow::Result<bool> {
|
||||
let nixpkgs_path = nixpkgs_path.canonicalize().context(format!(
|
||||
"Nixpkgs path {} could not be resolved",
|
||||
nixpkgs_path.display()
|
||||
))?;
|
||||
|
||||
let check_result = if !nixpkgs_path.join(utils::BASE_SUBPATH).exists() {
|
||||
eprintln!(
|
||||
"Given Nixpkgs path does not contain a {} subdirectory, no check necessary.",
|
||||
utils::BASE_SUBPATH
|
||||
);
|
||||
Success(())
|
||||
} else {
|
||||
match check_structure(&nixpkgs_path)? {
|
||||
Failure(errors) => Failure(errors),
|
||||
Success(package_names) =>
|
||||
// Only if we could successfully parse the structure, we do the evaluation checks
|
||||
{
|
||||
eval::check_values(version, &nixpkgs_path, package_names, eval_accessible_paths)?
|
||||
}
|
||||
// Check the main Nixpkgs first
|
||||
let main_result = check_nixpkgs(main_nixpkgs, eval_accessible_paths, error_writer)?;
|
||||
let check_result = main_result.result_map(|nixpkgs_version| {
|
||||
// If the main Nixpkgs doesn't have any problems, run the ratchet checks against the base
|
||||
// Nixpkgs
|
||||
if let Some(base) = base_nixpkgs {
|
||||
check_nixpkgs(base, eval_accessible_paths, error_writer)?.result_map(
|
||||
|base_nixpkgs_version| {
|
||||
Ok(ratchet::Nixpkgs::compare(
|
||||
Some(base_nixpkgs_version),
|
||||
nixpkgs_version,
|
||||
))
|
||||
},
|
||||
)
|
||||
} else {
|
||||
Ok(ratchet::Nixpkgs::compare(None, nixpkgs_version))
|
||||
}
|
||||
};
|
||||
})?;
|
||||
|
||||
match check_result {
|
||||
Failure(errors) => {
|
||||
@ -103,15 +108,45 @@ pub fn check_nixpkgs<W: io::Write>(
|
||||
}
|
||||
Ok(false)
|
||||
}
|
||||
Success(_) => Ok(true),
|
||||
Success(()) => Ok(true),
|
||||
}
|
||||
}
|
||||
|
||||
/// Checks whether the pkgs/by-name structure in Nixpkgs is valid.
|
||||
///
|
||||
/// This does not include ratchet checks, see ../README.md#ratchet-checks
|
||||
/// Instead a `ratchet::Nixpkgs` value is returned, whose `compare` method allows performing the
|
||||
/// ratchet check against another result.
|
||||
pub fn check_nixpkgs<W: io::Write>(
|
||||
nixpkgs_path: &Path,
|
||||
eval_accessible_paths: &[&Path],
|
||||
error_writer: &mut W,
|
||||
) -> validation::Result<ratchet::Nixpkgs> {
|
||||
Ok({
|
||||
let nixpkgs_path = nixpkgs_path.canonicalize().context(format!(
|
||||
"Nixpkgs path {} could not be resolved",
|
||||
nixpkgs_path.display()
|
||||
))?;
|
||||
|
||||
if !nixpkgs_path.join(utils::BASE_SUBPATH).exists() {
|
||||
writeln!(
|
||||
error_writer,
|
||||
"Given Nixpkgs path does not contain a {} subdirectory, no check necessary.",
|
||||
utils::BASE_SUBPATH
|
||||
)?;
|
||||
Success(ratchet::Nixpkgs::default())
|
||||
} else {
|
||||
check_structure(&nixpkgs_path)?.result_map(|package_names|
|
||||
// Only if we could successfully parse the structure, we do the evaluation checks
|
||||
eval::check_values(&nixpkgs_path, package_names, eval_accessible_paths))?
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use crate::check_nixpkgs;
|
||||
use crate::process;
|
||||
use crate::utils;
|
||||
use crate::Version;
|
||||
use anyhow::Context;
|
||||
use std::fs;
|
||||
use std::path::Path;
|
||||
@ -197,10 +232,17 @@ mod tests {
|
||||
fn test_nixpkgs(name: &str, path: &Path, expected_errors: &str) -> anyhow::Result<()> {
|
||||
let extra_nix_path = Path::new("tests/mock-nixpkgs.nix");
|
||||
|
||||
let base_path = path.join("base");
|
||||
let base_nixpkgs = if base_path.exists() {
|
||||
Some(base_path.as_path())
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
// We don't want coloring to mess up the tests
|
||||
let writer = temp_env::with_var("NO_COLOR", Some("1"), || -> anyhow::Result<_> {
|
||||
let mut writer = vec![];
|
||||
check_nixpkgs(&path, Version::V1, vec![&extra_nix_path], &mut writer)
|
||||
process(base_nixpkgs, &path, &[&extra_nix_path], &mut writer)
|
||||
.context(format!("Failed test case {name}"))?;
|
||||
Ok(writer)
|
||||
})?;
|
||||
|
85
pkgs/test/nixpkgs-check-by-name/src/ratchet.rs
Normal file
85
pkgs/test/nixpkgs-check-by-name/src/ratchet.rs
Normal file
@ -0,0 +1,85 @@
|
||||
//! This module implements the ratchet checks, see ../README.md#ratchet-checks
|
||||
//!
|
||||
//! Each type has a `compare` method that validates the ratchet checks for that item.
|
||||
|
||||
use crate::nixpkgs_problem::NixpkgsProblem;
|
||||
use crate::structure;
|
||||
use crate::validation::{self, Validation, Validation::Success};
|
||||
use std::collections::HashMap;
|
||||
|
||||
/// The ratchet value for the entirety of Nixpkgs.
|
||||
#[derive(Default)]
|
||||
pub struct Nixpkgs {
|
||||
/// The ratchet values for each package in `pkgs/by-name`
|
||||
pub packages: HashMap<String, Package>,
|
||||
}
|
||||
|
||||
impl Nixpkgs {
|
||||
/// Validates the ratchet checks for Nixpkgs
|
||||
pub fn compare(optional_from: Option<Self>, to: Self) -> Validation<()> {
|
||||
validation::sequence_(
|
||||
// We only loop over the current attributes,
|
||||
// we don't need to check ones that were removed
|
||||
to.packages.into_iter().map(|(name, attr_to)| {
|
||||
let attr_from = if let Some(from) = &optional_from {
|
||||
from.packages.get(&name)
|
||||
} else {
|
||||
// This pretends that if there's no base version to compare against, all
|
||||
// attributes existed without conforming to the new strictness check for
|
||||
// backwards compatibility.
|
||||
// TODO: Remove this case. This is only needed because the `--base`
|
||||
// argument is still optional, which doesn't need to be once CI is updated
|
||||
// to pass it.
|
||||
Some(&Package {
|
||||
empty_non_auto_called: EmptyNonAutoCalled::Invalid,
|
||||
})
|
||||
};
|
||||
Package::compare(&name, attr_from, &attr_to)
|
||||
}),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/// The ratchet value for a single package in `pkgs/by-name`
|
||||
pub struct Package {
|
||||
/// The ratchet value for the check for non-auto-called empty arguments
|
||||
pub empty_non_auto_called: EmptyNonAutoCalled,
|
||||
}
|
||||
|
||||
impl Package {
|
||||
/// Validates the ratchet checks for a single package defined in `pkgs/by-name`
|
||||
pub fn compare(name: &str, optional_from: Option<&Self>, to: &Self) -> Validation<()> {
|
||||
EmptyNonAutoCalled::compare(
|
||||
name,
|
||||
optional_from.map(|x| &x.empty_non_auto_called),
|
||||
&to.empty_non_auto_called,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/// The ratchet value of a single package in `pkgs/by-name`
|
||||
/// for the non-auto-called empty argument check of a single.
|
||||
///
|
||||
/// This checks that packages defined in `pkgs/by-name` cannot be overridden
|
||||
/// with an empty second argument like `callPackage ... { }`.
|
||||
#[derive(PartialEq, PartialOrd)]
|
||||
pub enum EmptyNonAutoCalled {
|
||||
Invalid,
|
||||
Valid,
|
||||
}
|
||||
|
||||
impl EmptyNonAutoCalled {
|
||||
/// Validates the non-auto-called empty argument ratchet check for a single package defined in `pkgs/by-name`
|
||||
fn compare(name: &str, optional_from: Option<&Self>, to: &Self) -> Validation<()> {
|
||||
let from = optional_from.unwrap_or(&Self::Valid);
|
||||
if to >= from {
|
||||
Success(())
|
||||
} else {
|
||||
NixpkgsProblem::WrongCallPackage {
|
||||
relative_package_file: structure::relative_file_for_package(name),
|
||||
package_name: name.to_owned(),
|
||||
}
|
||||
.into()
|
||||
}
|
||||
}
|
||||
}
|
@ -58,6 +58,15 @@ impl<A> Validation<A> {
|
||||
Success(value) => Success(f(value)),
|
||||
}
|
||||
}
|
||||
|
||||
/// Map a `Validation<A>` to a `Result<B>` by applying a function `A -> Result<B>`
|
||||
/// only if there is a `Success` value
|
||||
pub fn result_map<B>(self, f: impl FnOnce(A) -> Result<B>) -> Result<B> {
|
||||
match self {
|
||||
Failure(err) => Ok(Failure(err)),
|
||||
Success(value) => f(value),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Validation<()> {
|
||||
|
@ -0,0 +1 @@
|
||||
Given Nixpkgs path does not contain a pkgs/by-name subdirectory, no check necessary.
|
@ -0,0 +1,3 @@
|
||||
self: super: {
|
||||
nonDerivation = self.callPackage ./pkgs/by-name/no/nonDerivation/package.nix { };
|
||||
}
|
@ -0,0 +1,3 @@
|
||||
self: super: {
|
||||
nonDerivation = self.callPackage ./pkgs/by-name/no/nonDerivation/package.nix { };
|
||||
}
|
@ -0,0 +1 @@
|
||||
import ../../mock-nixpkgs.nix { root = ./.; }
|
@ -0,0 +1 @@
|
||||
{ someDrv }: someDrv
|
@ -0,0 +1 @@
|
||||
import ../mock-nixpkgs.nix { root = ./.; }
|
@ -0,0 +1 @@
|
||||
{ someDrv }: someDrv
|
@ -0,0 +1 @@
|
||||
import ../../mock-nixpkgs.nix { root = ./.; }
|
@ -0,0 +1 @@
|
||||
(this is just here so the directory can get tracked by git)
|
@ -1,3 +1,3 @@
|
||||
self: super: {
|
||||
nonDerivation = null;
|
||||
nonDerivation = self.someDrv;
|
||||
}
|
||||
|
@ -1,3 +1,3 @@
|
||||
self: super: {
|
||||
nonDerivation = self.callPackage ({ }: { }) { };
|
||||
nonDerivation = self.callPackage ({ someDrv }: someDrv) { };
|
||||
}
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "cf-terraforming";
|
||||
version = "0.16.1";
|
||||
version = "0.17.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cloudflare";
|
||||
repo = "cf-terraforming";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-C046oNN+tGvVIakCGJKKQBNHX+L1naaMDIk7tNGNjeQ=";
|
||||
sha256 = "sha256-XFL9BfTpZaIsNeJLT3wEPFBvyO/VxvFjpApjjxvaGKw=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-bfxF0qlEbZDczEuFhckqsG00/IzuM18ut/AQ9EMwdh0=";
|
||||
vendorHash = "sha256-j4J6VAXT+CdU4WkISBunJn6B25CDdaarhFnnLaC4cBE=";
|
||||
ldflags = [ "-X github.com/cloudflare/cf-terraforming/internal/app/cf-terraforming/cmd.versionString=${version}" ];
|
||||
|
||||
# The test suite insists on downloading a binary release of Terraform from
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "lesspipe";
|
||||
version = "2.10";
|
||||
version = "2.11";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "wofr06";
|
||||
repo = "lesspipe";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-fLDB0rUo1kfPs0Xy2s1gG5ZsRjk1h1yYqjXkQC4qPf0=";
|
||||
hash = "sha256-jJrKiRdrargk0JzcPWxBZGyOpMfTIONHG8HNRecazVo=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ perl makeWrapper ];
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ lib, stdenv, fetchFromGitHub, libsodium }:
|
||||
{ lib, stdenv, fetchFromGitHub, libsodium, nixosTests }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
pname = "quicktun";
|
||||
@ -22,11 +22,13 @@ stdenv.mkDerivation {
|
||||
install -vD out/quicktun* -t $out/bin
|
||||
'';
|
||||
|
||||
passthru.tests.quicktun = nixosTests.quicktun;
|
||||
|
||||
meta = with lib; {
|
||||
broken = stdenv.isDarwin;
|
||||
description = "Very simple, yet secure VPN software";
|
||||
homepage = "http://wiki.ucis.nl/QuickTun";
|
||||
maintainers = [ ];
|
||||
maintainers = with maintainers; [ h7x4 ];
|
||||
platforms = platforms.unix;
|
||||
license = licenses.bsd2;
|
||||
};
|
||||
|
@ -2161,7 +2161,7 @@ with pkgs;
|
||||
vrrtest = callPackage ../tools/video/vrrtest { };
|
||||
|
||||
winbox = callPackage ../tools/admin/winbox {
|
||||
wine = wineWowPackages.staging;
|
||||
wine = wineWowPackages.stable;
|
||||
};
|
||||
|
||||
wtwitch = callPackage ../tools/video/wtwitch { };
|
||||
@ -9904,8 +9904,6 @@ with pkgs;
|
||||
|
||||
kubergrunt = callPackage ../applications/networking/cluster/kubergrunt { };
|
||||
|
||||
kubo = callPackage ../applications/networking/kubo { };
|
||||
|
||||
kubo-migrator-all-fs-repo-migrations = callPackage ../applications/networking/kubo-migrator/all-migrations.nix { };
|
||||
kubo-migrator-unwrapped = callPackage ../applications/networking/kubo-migrator/unwrapped.nix { };
|
||||
kubo-migrator = callPackage ../applications/networking/kubo-migrator { };
|
||||
@ -40467,8 +40465,6 @@ with pkgs;
|
||||
|
||||
hjson = with python3Packages; toPythonApplication hjson;
|
||||
|
||||
hjson-go = callPackage ../development/tools/hjson-go { };
|
||||
|
||||
epkowa = callPackage ../misc/drivers/epkowa { };
|
||||
|
||||
utsushi = callPackage ../misc/drivers/utsushi { };
|
||||
|
Loading…
Reference in New Issue
Block a user