From 9682c1d0da2c64042c274a590aed52f0ac7c571d Mon Sep 17 00:00:00 2001 From: Ryan Burns Date: Sun, 22 Nov 2020 14:31:38 -0800 Subject: [PATCH 01/10] linux bootstrap tools: fix tests on ppc64 The dynamic loader on powerpc64 is called ld64.so.2 rather than ld-linux.so.*, and was not matched by the existing pattern. We reuse the dynamicLinker name from binutils to match a wider set of platforms and to avoid specifying this information in two places. --- pkgs/build-support/bintools-wrapper/default.nix | 1 + pkgs/stdenv/linux/make-bootstrap-tools.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix index 3b1b8ff570a8..15fcc3742932 100644 --- a/pkgs/build-support/bintools-wrapper/default.nix +++ b/pkgs/build-support/bintools-wrapper/default.nix @@ -56,6 +56,7 @@ let else if targetPlatform.libc == "nblibc" then "${libc_lib}/libexec/ld.elf_so" else if targetPlatform.system == "i686-linux" then "${libc_lib}/lib/ld-linux.so.2" else if targetPlatform.system == "x86_64-linux" then "${libc_lib}/lib/ld-linux-x86-64.so.2" + else if targetPlatform.system == "powerpc64le-linux" then "${libc_lib}/lib/ld64.so.2" # ARM with a wildcard, which can be "" or "-armhf". else if (with targetPlatform; isAarch32 && isLinux) then "${libc_lib}/lib/ld-linux*.so.3" else if targetPlatform.system == "aarch64-linux" then "${libc_lib}/lib/ld-linux-aarch64.so.1" diff --git a/pkgs/stdenv/linux/make-bootstrap-tools.nix b/pkgs/stdenv/linux/make-bootstrap-tools.nix index 421bb8502a4c..d88c6f513b41 100644 --- a/pkgs/stdenv/linux/make-bootstrap-tools.nix +++ b/pkgs/stdenv/linux/make-bootstrap-tools.nix @@ -246,7 +246,7 @@ in with pkgs; rec { gcc --version '' + lib.optionalString (stdenv.hostPlatform.libc == "glibc") '' - ldlinux=$(echo ${bootstrapTools}/lib/ld-linux*.so.?) + ldlinux=$(echo ${bootstrapTools}/lib/${builtins.baseNameOf binutils.dynamicLinker}) export CPP="cpp -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools}" export CC="gcc -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools} -Wl,-dynamic-linker,$ldlinux -Wl,-rpath,${bootstrapTools}/lib" export CXX="g++ -idirafter ${bootstrapTools}/include-glibc -B${bootstrapTools} -Wl,-dynamic-linker,$ldlinux -Wl,-rpath,${bootstrapTools}/lib" From f2e84260db34d062f54dfa1a12f5ce1021549928 Mon Sep 17 00:00:00 2001 From: bb2020 Date: Thu, 26 Nov 2020 00:56:43 +0300 Subject: [PATCH 02/10] pkgs/qemu: add qemu_full package qemu_full enables samba and ceph support because otherwise enabling them triggers recompilation of qemu package that takes a long time. Similar options can be enabled later on. qemu_full is based on complete qemu package, so hostCpuOnly is not enabled. --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 08c463ba8354..2a7d9fd08394 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18870,6 +18870,7 @@ in prototool = callPackage ../development/tools/prototool { }; qemu_kvm = lowPrio (qemu.override { hostCpuOnly = true; }); + qemu_full = lowPrio (qemu.override { smbdSupport = true; cephSupport = true; }); # See `xenPackages` source for explanations. # Building with `xen` instead of `xen-slim` is possible, but makes no sense. From 7bf79f3792894d8f3501ebeea337554b1e861219 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Mon, 25 Jan 2021 11:54:30 +0100 Subject: [PATCH 03/10] spglib: init at 1.16.0 --- pkgs/development/libraries/spglib/default.nix | 26 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 28 insertions(+) create mode 100644 pkgs/development/libraries/spglib/default.nix diff --git a/pkgs/development/libraries/spglib/default.nix b/pkgs/development/libraries/spglib/default.nix new file mode 100644 index 000000000000..f4667acd5793 --- /dev/null +++ b/pkgs/development/libraries/spglib/default.nix @@ -0,0 +1,26 @@ +{ stdenv, lib, fetchFromGitHub, cmake } : + +stdenv.mkDerivation rec { + pname = "spglib"; + version = "1.16.0"; + + src = fetchFromGitHub { + owner = "atztogo"; + repo = "spglib"; + rev = "v${version}"; + sha256 = "1kzc956m1pnazhz52vspqridlw72wd8x5l3dsilpdxl491aa2nws"; + }; + + nativeBuildInputs = [ cmake ]; + + checkTarget = "check"; + doCheck = true; + + meta = with lib; { + description = "C library for finding and handling crystal symmetries"; + homepage = "https://atztogo.github.io/spglib/"; + license = licenses.bsd3; + maintainers = [ maintainers.markuskowa ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 156d0c8afd99..3552909ebf30 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7854,6 +7854,8 @@ in soapui = callPackage ../applications/networking/soapui { }; + spglib = callPackage ../development/libraries/spglib { }; + ssh-askpass-fullscreen = callPackage ../tools/networking/ssh-askpass-fullscreen { }; sshguard = callPackage ../tools/security/sshguard {}; From bcece861e80203308b0eaee1a7711589348d1a6f Mon Sep 17 00:00:00 2001 From: Ryan Burns Date: Mon, 25 Jan 2021 18:12:26 -0800 Subject: [PATCH 04/10] coreutils: fix build on riscv RISC-V has the same issue as ARM64 with coreutils. Fixes pkgsCross.riscv64.coreutils --- pkgs/tools/misc/coreutils/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix index 4a4a9343c6a8..d30a4d00ba1a 100644 --- a/pkgs/tools/misc/coreutils/default.nix +++ b/pkgs/tools/misc/coreutils/default.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation (rec { patches = optional stdenv.hostPlatform.isCygwin ./coreutils-8.23-4.cygwin.patch # included on coreutils master; TODO: apply unconditionally, I guess - ++ optional stdenv.hostPlatform.isAarch64 ./sys-getdents-undeclared.patch + ++ optional (with stdenv.hostPlatform; isAarch64 || isRiscV) ./sys-getdents-undeclared.patch # fix gnulib tests on 32-bit ARM. Included on coreutils master. # https://lists.gnu.org/r/bug-gnulib/2020-08/msg00225.html ++ optional stdenv.hostPlatform.isAarch32 ./fix-gnulib-tests-arm.patch; From f0a821afc5c66c9878665073c2b247790f269088 Mon Sep 17 00:00:00 2001 From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> Date: Sun, 6 Dec 2020 20:49:59 +0100 Subject: [PATCH 05/10] opam-installer: init at 2.0.7 --- pkgs/development/tools/ocaml/opam/installer.nix | 17 +++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 19 insertions(+) create mode 100644 pkgs/development/tools/ocaml/opam/installer.nix diff --git a/pkgs/development/tools/ocaml/opam/installer.nix b/pkgs/development/tools/ocaml/opam/installer.nix new file mode 100644 index 000000000000..4501ddd63f04 --- /dev/null +++ b/pkgs/development/tools/ocaml/opam/installer.nix @@ -0,0 +1,17 @@ +{ lib, unzip, opam, ocamlPackages }: + +ocamlPackages.buildDunePackage { + pname = "opam-installer"; + + useDune2 = true; + + inherit (opam) version src; + nativeBuildInputs = [ unzip ]; + + configureFlags = [ "--disable-checks" "--prefix=$out" ]; + buildInputs = with ocamlPackages; [ opam-format cmdliner ]; + + meta = opam.meta // { + description = "Handle (un)installation from opam install files"; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2e37677aca30..bb16dd7c9ef5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10566,6 +10566,8 @@ in inherit (ocaml-ng.ocamlPackages_4_05) ocaml; }; + opam-installer = callPackage ../development/tools/ocaml/opam/installer.nix { }; + open-watcom-bin = callPackage ../development/compilers/open-watcom-bin { }; pforth = callPackage ../development/compilers/pforth {}; From 44c46905b9478faf86e263b591077c18ad4b9b34 Mon Sep 17 00:00:00 2001 From: Ryan Burns Date: Tue, 26 Jan 2021 02:32:59 -0800 Subject: [PATCH 06/10] llvmPackages_rocm.clang: add isClang and llvm passthru Matches generic clang compilers, and fixes isClang inspection, which 071030840252273acf05c9902458d4db5bdd71ab depends on for the `--gcc-toolchain` flag to be set up properly. Fixes rocm-comgr --- pkgs/development/compilers/llvm/rocm/clang.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/compilers/llvm/rocm/clang.nix b/pkgs/development/compilers/llvm/rocm/clang.nix index 789d4c055eb0..6ab0f894ca9c 100644 --- a/pkgs/development/compilers/llvm/rocm/clang.nix +++ b/pkgs/development/compilers/llvm/rocm/clang.nix @@ -56,6 +56,11 @@ stdenv.mkDerivation rec { echo "$VCSVersion" > lib/Basic/VCSVersion.inc ''; + passthru = { + isClang = true; + inherit llvm; + }; + meta = with lib; { description = "ROCm fork of the clang C/C++/Objective-C/Objective-C++ LLVM compiler frontend"; homepage = "https://llvm.org/"; From d40f7dcb31ab280224b143be047bf681903c6255 Mon Sep 17 00:00:00 2001 From: Fritz Otlinghaus Date: Sun, 24 Jan 2021 13:25:34 +0100 Subject: [PATCH 07/10] nixos/cgminer: add types --- nixos/modules/services/misc/cgminer.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/services/misc/cgminer.nix b/nixos/modules/services/misc/cgminer.nix index b80a4746fd1e..662570f9451f 100644 --- a/nixos/modules/services/misc/cgminer.nix +++ b/nixos/modules/services/misc/cgminer.nix @@ -41,12 +41,14 @@ in }; user = mkOption { + type = types.str; default = "cgminer"; description = "User account under which cgminer runs"; }; pools = mkOption { default = []; # Run benchmark + type = types.listOf (types.attrsOf types.str); description = "List of pools where to mine"; example = [{ url = "http://p2pool.org:9332"; @@ -57,6 +59,7 @@ in hardware = mkOption { default = []; # Run without options + type = types.listOf (types.attrsOf (types.either types.str types.int)); description= "List of config options for every GPU"; example = [ { @@ -83,6 +86,7 @@ in config = mkOption { default = {}; + type = (types.either types.bool types.int); description = "Additional config"; example = { auto-fan = true; From dbbdc2eb3e5b2d3f431aab465adc7c0e1fac4780 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Tue, 17 Nov 2020 06:31:10 +0100 Subject: [PATCH 08/10] freeciv: fix Qt runtime --- pkgs/games/freeciv/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/games/freeciv/default.nix b/pkgs/games/freeciv/default.nix index de5f2751fd19..f9938eaca313 100644 --- a/pkgs/games/freeciv/default.nix +++ b/pkgs/games/freeciv/default.nix @@ -28,7 +28,8 @@ in stdenv.mkDerivation rec { done ''; - nativeBuildInputs = [ autoreconfHook pkg-config ]; + nativeBuildInputs = [ autoreconfHook pkg-config ] + ++ optional qtClient [ qt5.wrapQtAppsHook ]; buildInputs = [ lua5_3 zlib bzip2 curl lzma gettext libiconv ] ++ optionals sdlClient [ SDL SDL_mixer SDL_image SDL_ttf SDL_gfx freetype fluidsynth ] From 39a5e2c76bc457cfca1dc6b91a15aed98f475d5e Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Tue, 17 Nov 2020 07:44:28 +0100 Subject: [PATCH 09/10] nixos/freeciv: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/games/freeciv.nix | 187 +++++++++++++++++++++++ 2 files changed, 188 insertions(+) create mode 100644 nixos/modules/services/games/freeciv.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0f8a7ba79044..911f0434e1b8 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -349,6 +349,7 @@ ./services/editors/emacs.nix ./services/editors/infinoted.nix ./services/games/factorio.nix + ./services/games/freeciv.nix ./services/games/minecraft-server.nix ./services/games/minetest-server.nix ./services/games/openarena.nix diff --git a/nixos/modules/services/games/freeciv.nix b/nixos/modules/services/games/freeciv.nix new file mode 100644 index 000000000000..4923891a6179 --- /dev/null +++ b/nixos/modules/services/games/freeciv.nix @@ -0,0 +1,187 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.freeciv; + inherit (config.users) groups; + rootDir = "/run/freeciv"; + argsFormat = { + type = with lib.types; let + valueType = nullOr (oneOf [ + bool int float str + (listOf valueType) + ]) // { + description = "freeciv-server params"; + }; + in valueType; + generate = name: value: + let mkParam = k: v: + if v == null then [] + else if isBool v then if v then [("--"+k)] else [] + else [("--"+k) v]; + mkParams = k: v: map (mkParam k) (if isList v then v else [v]); + in escapeShellArgs (concatLists (concatLists (mapAttrsToList mkParams value))); + }; +in +{ + options = { + services.freeciv = { + enable = mkEnableOption ''freeciv''; + settings = mkOption { + description = '' + Parameters of freeciv-server. + ''; + default = {}; + type = types.submodule { + freeformType = argsFormat.type; + options.Announce = mkOption { + type = types.enum ["IPv4" "IPv6" "none"]; + default = "none"; + description = "Announce game in LAN using given protocol."; + }; + options.auth = mkEnableOption "server authentication"; + options.Database = mkOption { + type = types.nullOr types.str; + apply = pkgs.writeText "auth.conf"; + default = '' + [fcdb] + backend="sqlite" + database="/var/lib/freeciv/auth.sqlite" + ''; + description = "Enable database connection with given configuration."; + }; + options.debug = mkOption { + type = types.ints.between 0 3; + default = 0; + description = "Set debug log level."; + }; + options.exit-on-end = mkEnableOption "exit instead of restarting when a game ends."; + options.Guests = mkEnableOption "guests to login if auth is enabled"; + options.Newusers = mkEnableOption "new users to login if auth is enabled"; + options.port = mkOption { + type = types.port; + default = 5556; + description = "Listen for clients on given port"; + }; + options.quitidle = mkOption { + type = types.nullOr types.int; + default = null; + description = "Quit if no players for given time in seconds."; + }; + options.read = mkOption { + type = types.lines; + apply = v: pkgs.writeTextDir "read.serv" v + "/read"; + default = '' + /fcdb lua sqlite_createdb() + ''; + description = "Startup script."; + }; + options.saves = mkOption { + type = types.nullOr types.str; + default = "/var/lib/freeciv/saves/"; + description = '' + Save games to given directory, + a sub-directory named after the starting date of the service + will me inserted to preserve older saves. + ''; + }; + }; + }; + openFirewall = mkEnableOption "opening the firewall for the port listening for clients"; + }; + }; + config = mkIf cfg.enable { + users.groups.freeciv = {}; + # Use with: + # journalctl -u freeciv.service -f -o cat & + # cat >/run/freeciv.stdin + # load saves/2020-11-14_05-22-27/freeciv-T0005-Y-3750-interrupted.sav.bz2 + systemd.sockets.freeciv = { + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenFIFO = "/run/freeciv.stdin"; + SocketGroup = groups.freeciv.name; + SocketMode = "660"; + RemoveOnStop = true; + }; + }; + systemd.services.freeciv = { + description = "Freeciv Service"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment.HOME = "/var/lib/freeciv"; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "5s"; + StandardInput = "fd:freeciv.socket"; + StandardOutput = "journal"; + StandardError = "journal"; + ExecStart = pkgs.writeShellScript "freeciv-server" ('' + set -eux + savedir=$(date +%Y-%m-%d_%H-%M-%S) + '' + "${pkgs.freeciv}/bin/freeciv-server" + + " " + optionalString (cfg.settings.saves != null) + (concatStringsSep " " [ "--saves" "${escapeShellArg cfg.settings.saves}/$savedir" ]) + + " " + argsFormat.generate "freeciv-server" (cfg.settings // { saves = null; })); + DynamicUser = true; + # Create rootDir in the host's mount namespace. + RuntimeDirectory = [(baseNameOf rootDir)]; + RuntimeDirectoryMode = "755"; + StateDirectory = [ "freeciv" ]; + WorkingDirectory = "/var/lib/freeciv"; + # Avoid mounting rootDir in the own rootDir of ExecStart='s mount namespace. + InaccessiblePaths = ["-+${rootDir}"]; + # This is for BindPaths= and BindReadOnlyPaths= + # to allow traversal of directories they create in RootDirectory=. + UMask = "0066"; + RootDirectory = rootDir; + RootDirectoryStartOnly = true; + MountAPIVFS = true; + BindReadOnlyPaths = [ + builtins.storeDir + "/etc" + "/run" + ]; + # The following options are only for optimizing: + # systemd-analyze security freeciv + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + # ProtectClock= adds DeviceAllow=char-rtc r + DeviceAllow = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateNetwork = mkDefault false; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallFilter = [ + "@system-service" + # Groups in @system-service which do not contain a syscall listed by: + # perf stat -x, 2>perf.log -e 'syscalls:sys_enter_*' freeciv-server + # in tests, and seem likely not necessary for freeciv-server. + "~@aio" "~@chown" "~@ipc" "~@keyring" "~@memlock" + "~@resources" "~@setuid" "~@sync" "~@timer" + ]; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + }; + }; + networking.firewall = mkIf cfg.openFirewall + { allowedTCPPorts = [ cfg.settings.port ]; }; + }; + meta.maintainers = with lib.maintainers; [ julm ]; +} From 13a6565c4c5fd34c4dcaf3fc06471a49e100b8ab Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Tue, 26 Jan 2021 12:46:47 +0100 Subject: [PATCH 10/10] erofs-utils: 1.2 -> 1.2.1 --- pkgs/os-specific/linux/erofs-utils/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/erofs-utils/default.nix b/pkgs/os-specific/linux/erofs-utils/default.nix index e1ff63bce773..73e50c5740bc 100644 --- a/pkgs/os-specific/linux/erofs-utils/default.nix +++ b/pkgs/os-specific/linux/erofs-utils/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "erofs-utils"; - version = "1.2"; + version = "1.2.1"; outputs = [ "out" "man" ]; src = fetchgit { url = "https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git"; rev = "v" + version; - sha256 = "07hvijq2hsn3gg1kb8abrfk23n83j57yx8kyv4wqgwhhvd30myjc"; + sha256 = "1vb4mxsb59g29x7l22cffsqa8x743sra4j5zbmx89hjwpwm9vvcg"; }; buildInputs = [ autoreconfHook pkg-config fuse libuuid lz4 ];