mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-10-01 01:57:37 +03:00
Merge master into haskell-updates
This commit is contained in:
commit
b36624c080
@ -496,7 +496,7 @@ runTests {
|
||||
|
||||
testToPretty =
|
||||
let
|
||||
deriv = derivation { name = "test"; builder = "/bin/sh"; system = builtins.currentSystem; };
|
||||
deriv = derivation { name = "test"; builder = "/bin/sh"; system = "aarch64-linux"; };
|
||||
in {
|
||||
expr = mapAttrs (const (generators.toPretty { multiline = false; })) rec {
|
||||
int = 42;
|
||||
|
@ -357,10 +357,10 @@
|
||||
name = "AmirHossein Roozbahani";
|
||||
};
|
||||
ahuzik = {
|
||||
email = "ales.guzik@gmail.com";
|
||||
github = "alesguzik";
|
||||
email = "ah1990au@gmail.com";
|
||||
github = "alesya-h";
|
||||
githubId = 209175;
|
||||
name = "Ales Huzik";
|
||||
name = "Alesya Huzik";
|
||||
};
|
||||
aij = {
|
||||
email = "aij+git@mrph.org";
|
||||
|
@ -19,8 +19,16 @@
|
||||
</section>
|
||||
<section xml:id="sec-release-22.05-new-services">
|
||||
<title>New Services</title>
|
||||
<para>
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw">aesmd</link>,
|
||||
the Intel SGX Architectural Enclave Service Manager. Available
|
||||
as
|
||||
<link linkend="opt-services.aesmd.enable">services.aesmd</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-22.05-incompatibilities">
|
||||
<title>Backward Incompatibilities</title>
|
||||
@ -79,7 +87,32 @@
|
||||
</section>
|
||||
<section xml:id="sec-release-22.05-notable-changes">
|
||||
<title>Other Notable Changes</title>
|
||||
<para>
|
||||
</para>
|
||||
<itemizedlist spacing="compact">
|
||||
<listitem>
|
||||
<para>
|
||||
The option
|
||||
<link linkend="opt-services.redis.servers">services.redis.servers</link>
|
||||
was added to support per-application
|
||||
<literal>redis-server</literal> which is more secure since
|
||||
Redis databases are only mere key prefixes without any
|
||||
configuration or ACL of their own. Backward-compatibility is
|
||||
preserved by mapping old
|
||||
<literal>services.redis.settings</literal> to
|
||||
<literal>services.redis.servers."".settings</literal>,
|
||||
but you are strongly encouraged to name each
|
||||
<literal>redis-server</literal> instance after the application
|
||||
using it, instead of keeping that nameless one. Except for the
|
||||
nameless
|
||||
<literal>services.redis.servers.""</literal> still
|
||||
accessible at <literal>127.0.0.1:6379</literal>, and to the
|
||||
members of the Unix group <literal>redis</literal> through the
|
||||
Unix socket <literal>/run/redis/redis.sock</literal>, all
|
||||
other <literal>services.redis.servers.${serverName}</literal>
|
||||
are only accessible by default to the members of the Unix
|
||||
group <literal>redis-${serverName}</literal> through the Unix
|
||||
socket <literal>/run/redis-${serverName}/redis.sock</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
@ -8,6 +8,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
## New Services {#sec-release-22.05-new-services}
|
||||
|
||||
- [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
|
||||
|
||||
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
|
||||
|
||||
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
|
||||
@ -33,3 +35,19 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
Please switch to `claws-mail`, which is Claws Mail's latest release based on GTK+3 and Python 3.
|
||||
|
||||
## Other Notable Changes {#sec-release-22.05-notable-changes}
|
||||
|
||||
- The option [services.redis.servers](#opt-services.redis.servers) was added
|
||||
to support per-application `redis-server` which is more secure since Redis databases
|
||||
are only mere key prefixes without any configuration or ACL of their own.
|
||||
Backward-compatibility is preserved by mapping old `services.redis.settings`
|
||||
to `services.redis.servers."".settings`, but you are strongly encouraged
|
||||
to name each `redis-server` instance after the application using it,
|
||||
instead of keeping that nameless one.
|
||||
Except for the nameless `services.redis.servers.""`
|
||||
still accessible at `127.0.0.1:6379`,
|
||||
and to the members of the Unix group `redis`
|
||||
through the Unix socket `/run/redis/redis.sock`,
|
||||
all other `services.redis.servers.${serverName}`
|
||||
are only accessible by default
|
||||
to the members of the Unix group `redis-${serverName}`
|
||||
through the Unix socket `/run/redis-${serverName}/redis.sock`.
|
||||
|
47
nixos/modules/hardware/cpu/intel-sgx.nix
Normal file
47
nixos/modules/hardware/cpu/intel-sgx.nix
Normal file
@ -0,0 +1,47 @@
|
||||
{ config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.hardware.cpu.intel.sgx.provision;
|
||||
defaultGroup = "sgx_prv";
|
||||
in
|
||||
{
|
||||
options.hardware.cpu.intel.sgx.provision = {
|
||||
enable = mkEnableOption "access to the Intel SGX provisioning device";
|
||||
user = mkOption {
|
||||
description = "Owner to assign to the SGX provisioning device.";
|
||||
type = types.str;
|
||||
default = "root";
|
||||
};
|
||||
group = mkOption {
|
||||
description = "Group to assign to the SGX provisioning device.";
|
||||
type = types.str;
|
||||
default = defaultGroup;
|
||||
};
|
||||
mode = mkOption {
|
||||
description = "Mode to set for the SGX provisioning device.";
|
||||
type = types.str;
|
||||
default = "0660";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = hasAttr cfg.user config.users.users;
|
||||
message = "Given user does not exist";
|
||||
}
|
||||
{
|
||||
assertion = (cfg.group == defaultGroup) || (hasAttr cfg.group config.users.groups);
|
||||
message = "Given group does not exist";
|
||||
}
|
||||
];
|
||||
|
||||
users.groups = optionalAttrs (cfg.group == defaultGroup) {
|
||||
"${cfg.group}" = { };
|
||||
};
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="misc", KERNEL=="sgx_provision", OWNER="${cfg.user}", GROUP="${cfg.group}", MODE="${cfg.mode}"
|
||||
'';
|
||||
};
|
||||
}
|
@ -45,6 +45,7 @@
|
||||
./hardware/ckb-next.nix
|
||||
./hardware/cpu/amd-microcode.nix
|
||||
./hardware/cpu/intel-microcode.nix
|
||||
./hardware/cpu/intel-sgx.nix
|
||||
./hardware/corectrl.nix
|
||||
./hardware/digitalbitbox.nix
|
||||
./hardware/device-tree.nix
|
||||
@ -928,6 +929,7 @@
|
||||
./services/search/kibana.nix
|
||||
./services/search/meilisearch.nix
|
||||
./services/search/solr.nix
|
||||
./services/security/aesmd.nix
|
||||
./services/security/certmgr.nix
|
||||
./services/security/cfssl.nix
|
||||
./services/security/clamav.nix
|
||||
|
@ -5,17 +5,18 @@ with lib;
|
||||
let
|
||||
cfg = config.services.redis;
|
||||
|
||||
ulimitNofile = cfg.maxclients + 32;
|
||||
|
||||
mkValueString = value:
|
||||
if value == true then "yes"
|
||||
else if value == false then "no"
|
||||
else generators.mkValueStringDefault { } value;
|
||||
|
||||
redisConfig = pkgs.writeText "redis.conf" (generators.toKeyValue {
|
||||
redisConfig = settings: pkgs.writeText "redis.conf" (generators.toKeyValue {
|
||||
listsAsDuplicateKeys = true;
|
||||
mkKeyValue = generators.mkKeyValueDefault { inherit mkValueString; } " ";
|
||||
} cfg.settings);
|
||||
} settings);
|
||||
|
||||
redisName = name: "redis" + optionalString (name != "") ("-"+name);
|
||||
enabledServers = filterAttrs (name: conf: conf.enable) config.services.redis.servers;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
@ -24,7 +25,28 @@ in {
|
||||
(mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "extraConfig" ] "Use services.redis.settings instead.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "extraConfig" ] "Use services.redis.servers.*.settings instead.")
|
||||
(mkRenamedOptionModule [ "services" "redis" "enable"] [ "services" "redis" "servers" "" "enable" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "port"] [ "services" "redis" "servers" "" "port" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "openFirewall"] [ "services" "redis" "servers" "" "openFirewall" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "bind"] [ "services" "redis" "servers" "" "bind" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "unixSocket"] [ "services" "redis" "servers" "" "unixSocket" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "unixSocketPerm"] [ "services" "redis" "servers" "" "unixSocketPerm" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "logLevel"] [ "services" "redis" "servers" "" "logLevel" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "logfile"] [ "services" "redis" "servers" "" "logfile" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "syslog"] [ "services" "redis" "servers" "" "syslog" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "databases"] [ "services" "redis" "servers" "" "databases" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "maxclients"] [ "services" "redis" "servers" "" "maxclients" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "save"] [ "services" "redis" "servers" "" "save" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "slaveOf"] [ "services" "redis" "servers" "" "slaveOf" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "masterAuth"] [ "services" "redis" "servers" "" "masterAuth" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "requirePass"] [ "services" "redis" "servers" "" "requirePass" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "requirePassFile"] [ "services" "redis" "servers" "" "requirePassFile" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "appendOnly"] [ "services" "redis" "servers" "" "appendOnly" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "appendFsync"] [ "services" "redis" "servers" "" "appendFsync" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "slowLogLogSlowerThan"] [ "services" "redis" "servers" "" "slowLogLogSlowerThan" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "slowLogMaxLen"] [ "services" "redis" "servers" "" "slowLogMaxLen" ])
|
||||
(mkRenamedOptionModule [ "services" "redis" "settings"] [ "services" "redis" "servers" "" "settings" ])
|
||||
];
|
||||
|
||||
###### interface
|
||||
@ -32,18 +54,6 @@ in {
|
||||
options = {
|
||||
|
||||
services.redis = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable the Redis server. Note that the NixOS module for
|
||||
Redis disables kernel support for Transparent Huge Pages (THP),
|
||||
because this features causes major performance problems for Redis,
|
||||
e.g. (https://redis.io/topics/latency).
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.redis;
|
||||
@ -51,176 +61,226 @@ in {
|
||||
description = "Which Redis derivation to use.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 6379;
|
||||
description = "The port for Redis to listen to.";
|
||||
};
|
||||
vmOverCommit = mkEnableOption ''
|
||||
setting of vm.overcommit_memory to 1
|
||||
(Suggested for Background Saving: http://redis.io/topics/faq)
|
||||
'';
|
||||
|
||||
vmOverCommit = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
|
||||
'';
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to open ports in the firewall for the server.
|
||||
'';
|
||||
};
|
||||
|
||||
bind = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
The IP interface to bind to.
|
||||
<literal>null</literal> means "all interfaces".
|
||||
'';
|
||||
example = "192.0.2.1";
|
||||
};
|
||||
|
||||
unixSocket = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
description = "The path to the socket to bind to.";
|
||||
example = "/run/redis/redis.sock";
|
||||
};
|
||||
|
||||
unixSocketPerm = mkOption {
|
||||
type = types.int;
|
||||
default = 750;
|
||||
description = "Change permissions for the socket";
|
||||
example = 700;
|
||||
};
|
||||
|
||||
logLevel = mkOption {
|
||||
type = types.str;
|
||||
default = "notice"; # debug, verbose, notice, warning
|
||||
example = "debug";
|
||||
description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
|
||||
};
|
||||
|
||||
logfile = mkOption {
|
||||
type = types.str;
|
||||
default = "/dev/null";
|
||||
description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
|
||||
example = "/var/log/redis.log";
|
||||
};
|
||||
|
||||
syslog = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Enable logging to the system logger.";
|
||||
};
|
||||
|
||||
databases = mkOption {
|
||||
type = types.int;
|
||||
default = 16;
|
||||
description = "Set the number of databases.";
|
||||
};
|
||||
|
||||
maxclients = mkOption {
|
||||
type = types.int;
|
||||
default = 10000;
|
||||
description = "Set the max number of connected clients at the same time.";
|
||||
};
|
||||
|
||||
save = mkOption {
|
||||
type = with types; listOf (listOf int);
|
||||
default = [ [900 1] [300 10] [60 10000] ];
|
||||
description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
|
||||
};
|
||||
|
||||
slaveOf = mkOption {
|
||||
type = with types; nullOr (submodule ({ ... }: {
|
||||
servers = mkOption {
|
||||
type = with types; attrsOf (submodule ({config, name, ...}@args: {
|
||||
options = {
|
||||
ip = mkOption {
|
||||
type = str;
|
||||
description = "IP of the Redis master";
|
||||
example = "192.168.1.100";
|
||||
enable = mkEnableOption ''
|
||||
Redis server.
|
||||
|
||||
Note that the NixOS module for Redis disables kernel support
|
||||
for Transparent Huge Pages (THP),
|
||||
because this features causes major performance problems for Redis,
|
||||
e.g. (https://redis.io/topics/latency).
|
||||
'';
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = redisName name;
|
||||
defaultText = "\"redis\" or \"redis-\${name}\" if name != \"\"";
|
||||
description = "The username and groupname for redis-server.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = port;
|
||||
description = "port of the Redis master";
|
||||
type = types.port;
|
||||
default = 6379;
|
||||
description = "The port for Redis to listen to.";
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to open ports in the firewall for the server.
|
||||
'';
|
||||
};
|
||||
|
||||
bind = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = if name == "" then "127.0.0.1" else null;
|
||||
defaultText = "127.0.0.1 or null if name != \"\"";
|
||||
description = ''
|
||||
The IP interface to bind to.
|
||||
<literal>null</literal> means "all interfaces".
|
||||
'';
|
||||
example = "192.0.2.1";
|
||||
};
|
||||
|
||||
unixSocket = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = "/run/${redisName name}/redis.sock";
|
||||
defaultText = "\"/run/redis/redis.sock\" or \"/run/redis-\${name}/redis.sock\" if name != \"\"";
|
||||
description = "The path to the socket to bind to.";
|
||||
};
|
||||
|
||||
unixSocketPerm = mkOption {
|
||||
type = types.int;
|
||||
default = 660;
|
||||
description = "Change permissions for the socket";
|
||||
example = 600;
|
||||
};
|
||||
|
||||
logLevel = mkOption {
|
||||
type = types.str;
|
||||
default = "notice"; # debug, verbose, notice, warning
|
||||
example = "debug";
|
||||
description = "Specify the server verbosity level, options: debug, verbose, notice, warning.";
|
||||
};
|
||||
|
||||
logfile = mkOption {
|
||||
type = types.str;
|
||||
default = "/dev/null";
|
||||
description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
|
||||
example = "/var/log/redis.log";
|
||||
};
|
||||
|
||||
syslog = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Enable logging to the system logger.";
|
||||
};
|
||||
|
||||
databases = mkOption {
|
||||
type = types.int;
|
||||
default = 16;
|
||||
description = "Set the number of databases.";
|
||||
};
|
||||
|
||||
maxclients = mkOption {
|
||||
type = types.int;
|
||||
default = 10000;
|
||||
description = "Set the max number of connected clients at the same time.";
|
||||
};
|
||||
|
||||
save = mkOption {
|
||||
type = with types; listOf (listOf int);
|
||||
default = [ [900 1] [300 10] [60 10000] ];
|
||||
description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
|
||||
};
|
||||
|
||||
slaveOf = mkOption {
|
||||
type = with types; nullOr (submodule ({ ... }: {
|
||||
options = {
|
||||
ip = mkOption {
|
||||
type = str;
|
||||
description = "IP of the Redis master";
|
||||
example = "192.168.1.100";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = port;
|
||||
description = "port of the Redis master";
|
||||
default = 6379;
|
||||
};
|
||||
};
|
||||
}));
|
||||
|
||||
default = null;
|
||||
description = "IP and port to which this redis instance acts as a slave.";
|
||||
example = { ip = "192.168.1.100"; port = 6379; };
|
||||
};
|
||||
|
||||
masterAuth = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''If the master is password protected (using the requirePass configuration)
|
||||
it is possible to tell the slave to authenticate before starting the replication synchronization
|
||||
process, otherwise the master will refuse the slave request.
|
||||
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)'';
|
||||
};
|
||||
|
||||
requirePass = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE).
|
||||
Use requirePassFile to store it outside of the nix store in a dedicated file.
|
||||
'';
|
||||
example = "letmein!";
|
||||
};
|
||||
|
||||
requirePassFile = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
description = "File with password for the database.";
|
||||
example = "/run/keys/redis-password";
|
||||
};
|
||||
|
||||
appendOnly = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
|
||||
};
|
||||
|
||||
appendFsync = mkOption {
|
||||
type = types.str;
|
||||
default = "everysec"; # no, always, everysec
|
||||
description = "How often to fsync the append-only log, options: no, always, everysec.";
|
||||
};
|
||||
|
||||
slowLogLogSlowerThan = mkOption {
|
||||
type = types.int;
|
||||
default = 10000;
|
||||
description = "Log queries whose execution take longer than X in milliseconds.";
|
||||
example = 1000;
|
||||
};
|
||||
|
||||
slowLogMaxLen = mkOption {
|
||||
type = types.int;
|
||||
default = 128;
|
||||
description = "Maximum number of items to keep in slow log.";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
# TODO: this should be converted to freeformType
|
||||
type = with types; attrsOf (oneOf [ bool int str (listOf str) ]);
|
||||
default = {};
|
||||
description = ''
|
||||
Redis configuration. Refer to
|
||||
<link xlink:href="https://redis.io/topics/config"/>
|
||||
for details on supported values.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
{
|
||||
loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
config.settings = mkMerge [
|
||||
{
|
||||
port = if config.bind == null then 0 else config.port;
|
||||
daemonize = false;
|
||||
supervised = "systemd";
|
||||
loglevel = config.logLevel;
|
||||
logfile = config.logfile;
|
||||
syslog-enabled = config.syslog;
|
||||
databases = config.databases;
|
||||
maxclients = config.maxclients;
|
||||
save = map (d: "${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}") config.save;
|
||||
dbfilename = "dump.rdb";
|
||||
dir = "/var/lib/${redisName name}";
|
||||
appendOnly = config.appendOnly;
|
||||
appendfsync = config.appendFsync;
|
||||
slowlog-log-slower-than = config.slowLogLogSlowerThan;
|
||||
slowlog-max-len = config.slowLogMaxLen;
|
||||
}
|
||||
(mkIf (config.bind != null) { bind = config.bind; })
|
||||
(mkIf (config.unixSocket != null) {
|
||||
unixsocket = config.unixSocket;
|
||||
unixsocketperm = toString config.unixSocketPerm;
|
||||
})
|
||||
(mkIf (config.slaveOf != null) { slaveof = "${config.slaveOf.ip} ${toString config.slaveOf.port}"; })
|
||||
(mkIf (config.masterAuth != null) { masterauth = config.masterAuth; })
|
||||
(mkIf (config.requirePass != null) { requirepass = config.requirePass; })
|
||||
];
|
||||
}));
|
||||
|
||||
default = null;
|
||||
description = "IP and port to which this redis instance acts as a slave.";
|
||||
example = { ip = "192.168.1.100"; port = 6379; };
|
||||
};
|
||||
|
||||
masterAuth = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''If the master is password protected (using the requirePass configuration)
|
||||
it is possible to tell the slave to authenticate before starting the replication synchronization
|
||||
process, otherwise the master will refuse the slave request.
|
||||
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)'';
|
||||
};
|
||||
|
||||
requirePass = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE).
|
||||
Use requirePassFile to store it outside of the nix store in a dedicated file.
|
||||
'';
|
||||
example = "letmein!";
|
||||
};
|
||||
|
||||
requirePassFile = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
description = "File with password for the database.";
|
||||
example = "/run/keys/redis-password";
|
||||
};
|
||||
|
||||
appendOnly = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
|
||||
};
|
||||
|
||||
appendFsync = mkOption {
|
||||
type = types.str;
|
||||
default = "everysec"; # no, always, everysec
|
||||
description = "How often to fsync the append-only log, options: no, always, everysec.";
|
||||
};
|
||||
|
||||
slowLogLogSlowerThan = mkOption {
|
||||
type = types.int;
|
||||
default = 10000;
|
||||
description = "Log queries whose execution take longer than X in milliseconds.";
|
||||
example = 1000;
|
||||
};
|
||||
|
||||
slowLogMaxLen = mkOption {
|
||||
type = types.int;
|
||||
default = 128;
|
||||
description = "Maximum number of items to keep in slow log.";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = with types; attrsOf (oneOf [ bool int str (listOf str) ]);
|
||||
description = "Configuration of multiple <literal>redis-server</literal> instances.";
|
||||
default = {};
|
||||
description = ''
|
||||
Redis configuration. Refer to
|
||||
<link xlink:href="https://redis.io/topics/config"/>
|
||||
for details on supported values.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
{
|
||||
loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
@ -229,78 +289,61 @@ in {
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf config.services.redis.enable {
|
||||
assertions = [{
|
||||
assertion = cfg.requirePass != null -> cfg.requirePassFile == null;
|
||||
message = "You can only set one services.redis.requirePass or services.redis.requirePassFile";
|
||||
}];
|
||||
boot.kernel.sysctl = (mkMerge [
|
||||
config = mkIf (enabledServers != {}) {
|
||||
|
||||
assertions = attrValues (mapAttrs (name: conf: {
|
||||
assertion = conf.requirePass != null -> conf.requirePassFile == null;
|
||||
message = ''
|
||||
You can only set one services.redis.servers.${name}.requirePass
|
||||
or services.redis.servers.${name}.requirePassFile
|
||||
'';
|
||||
}) enabledServers);
|
||||
|
||||
boot.kernel.sysctl = mkMerge [
|
||||
{ "vm.nr_hugepages" = "0"; }
|
||||
( mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; } )
|
||||
]);
|
||||
];
|
||||
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.port ];
|
||||
};
|
||||
|
||||
users.users.redis = {
|
||||
description = "Redis database user";
|
||||
group = "redis";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.redis = {};
|
||||
networking.firewall.allowedTCPPorts = concatMap (conf:
|
||||
optional conf.openFirewall conf.port
|
||||
) (attrValues enabledServers);
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
services.redis.settings = mkMerge [
|
||||
{
|
||||
port = cfg.port;
|
||||
daemonize = false;
|
||||
supervised = "systemd";
|
||||
loglevel = cfg.logLevel;
|
||||
logfile = cfg.logfile;
|
||||
syslog-enabled = cfg.syslog;
|
||||
databases = cfg.databases;
|
||||
maxclients = cfg.maxclients;
|
||||
save = map (d: "${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}") cfg.save;
|
||||
dbfilename = "dump.rdb";
|
||||
dir = "/var/lib/redis";
|
||||
appendOnly = cfg.appendOnly;
|
||||
appendfsync = cfg.appendFsync;
|
||||
slowlog-log-slower-than = cfg.slowLogLogSlowerThan;
|
||||
slowlog-max-len = cfg.slowLogMaxLen;
|
||||
}
|
||||
(mkIf (cfg.bind != null) { bind = cfg.bind; })
|
||||
(mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; unixsocketperm = "${toString cfg.unixSocketPerm}"; })
|
||||
(mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}"; })
|
||||
(mkIf (cfg.masterAuth != null) { masterauth = cfg.masterAuth; })
|
||||
(mkIf (cfg.requirePass != null) { requirepass = cfg.requirePass; })
|
||||
];
|
||||
users.users = mapAttrs' (name: conf: nameValuePair (redisName name) {
|
||||
description = "System user for the redis-server instance ${name}";
|
||||
isSystemUser = true;
|
||||
group = redisName name;
|
||||
}) enabledServers;
|
||||
users.groups = mapAttrs' (name: conf: nameValuePair (redisName name) {
|
||||
}) enabledServers;
|
||||
|
||||
systemd.services.redis = {
|
||||
description = "Redis Server";
|
||||
systemd.services = mapAttrs' (name: conf: nameValuePair (redisName name) {
|
||||
description = "Redis Server - ${redisName name}";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
preStart = ''
|
||||
install -m 600 ${redisConfig} /run/redis/redis.conf
|
||||
'' + optionalString (cfg.requirePassFile != null) ''
|
||||
password=$(cat ${escapeShellArg cfg.requirePassFile})
|
||||
echo "requirePass $password" >> /run/redis/redis.conf
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf";
|
||||
ExecStart = "${cfg.package}/bin/redis-server /run/${redisName name}/redis.conf";
|
||||
ExecStartPre = [("+"+pkgs.writeShellScript "${redisName name}-credentials" (''
|
||||
install -o '${conf.user}' -m 600 ${redisConfig conf.settings} /run/${redisName name}/redis.conf
|
||||
'' + optionalString (conf.requirePassFile != null) ''
|
||||
{
|
||||
printf requirePass' '
|
||||
cat ${escapeShellArg conf.requirePassFile}
|
||||
} >>/run/${redisName name}/redis.conf
|
||||
'')
|
||||
)];
|
||||
Type = "notify";
|
||||
# User and group
|
||||
User = "redis";
|
||||
Group = "redis";
|
||||
User = conf.user;
|
||||
Group = conf.user;
|
||||
# Runtime directory and mode
|
||||
RuntimeDirectory = "redis";
|
||||
RuntimeDirectory = redisName name;
|
||||
RuntimeDirectoryMode = "0750";
|
||||
# State directory and mode
|
||||
StateDirectory = "redis";
|
||||
StateDirectory = redisName name;
|
||||
StateDirectoryMode = "0700";
|
||||
# Access write directories
|
||||
UMask = "0077";
|
||||
@ -309,7 +352,7 @@ in {
|
||||
# Security
|
||||
NoNewPrivileges = true;
|
||||
# Process Properties
|
||||
LimitNOFILE = "${toString ulimitNofile}";
|
||||
LimitNOFILE = mkDefault "${toString (conf.maxclients + 32)}";
|
||||
# Sandboxing
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
@ -322,7 +365,9 @@ in {
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectControlGroups = true;
|
||||
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
|
||||
RestrictAddressFamilies =
|
||||
optionals (conf.bind != null) ["AF_INET" "AF_INET6"] ++
|
||||
optional (conf.unixSocket != null) "AF_UNIX";
|
||||
RestrictNamespaces = true;
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
@ -333,6 +378,7 @@ in {
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = "~@cpu-emulation @debug @keyring @memlock @mount @obsolete @privileged @resources @setuid";
|
||||
};
|
||||
};
|
||||
}) enabledServers;
|
||||
|
||||
};
|
||||
}
|
||||
|
227
nixos/modules/services/security/aesmd.nix
Normal file
227
nixos/modules/services/security/aesmd.nix
Normal file
@ -0,0 +1,227 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.aesmd;
|
||||
|
||||
sgx-psw = pkgs.sgx-psw.override { inherit (cfg) debug; };
|
||||
|
||||
configFile = with cfg.settings; pkgs.writeText "aesmd.conf" (
|
||||
concatStringsSep "\n" (
|
||||
optional (whitelistUrl != null) "whitelist url = ${whitelistUrl}" ++
|
||||
optional (proxy != null) "aesm proxy = ${proxy}" ++
|
||||
optional (proxyType != null) "proxy type = ${proxyType}" ++
|
||||
optional (defaultQuotingType != null) "default quoting type = ${defaultQuotingType}" ++
|
||||
# Newline at end of file
|
||||
[ "" ]
|
||||
)
|
||||
);
|
||||
in
|
||||
{
|
||||
options.services.aesmd = {
|
||||
enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX";
|
||||
debug = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to build the PSW package in debug mode.";
|
||||
};
|
||||
settings = mkOption {
|
||||
description = "AESM configuration";
|
||||
default = { };
|
||||
type = types.submodule {
|
||||
options.whitelistUrl = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin";
|
||||
description = "URL to retrieve authorized Intel SGX enclave signers.";
|
||||
};
|
||||
options.proxy = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "http://proxy_url:1234";
|
||||
description = "HTTP network proxy.";
|
||||
};
|
||||
options.proxyType = mkOption {
|
||||
type = with types; nullOr (enum [ "default" "direct" "manual" ]);
|
||||
default = if (cfg.settings.proxy != null) then "manual" else null;
|
||||
example = "default";
|
||||
description = ''
|
||||
Type of proxy to use. The <literal>default</literal> uses the system's default proxy.
|
||||
If <literal>direct</literal> is given, uses no proxy.
|
||||
A value of <literal>manual</literal> uses the proxy from
|
||||
<option>services.aesmd.settings.proxy</option>.
|
||||
'';
|
||||
};
|
||||
options.defaultQuotingType = mkOption {
|
||||
type = with types; nullOr (enum [ "ecdsa_256" "epid_linkable" "epid_unlinkable" ]);
|
||||
default = null;
|
||||
example = "ecdsa_256";
|
||||
description = "Attestation quote type.";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [{
|
||||
assertion = !(config.boot.specialFileSystems."/dev".options ? "noexec");
|
||||
message = "SGX requires exec permission for /dev";
|
||||
}];
|
||||
|
||||
hardware.cpu.intel.sgx.provision.enable = true;
|
||||
|
||||
systemd.services.aesmd =
|
||||
let
|
||||
storeAesmFolder = "${sgx-psw}/aesm";
|
||||
# Hardcoded path AESM_DATA_FOLDER in psw/ae/aesm_service/source/oal/linux/aesm_util.cpp
|
||||
aesmDataFolder = "/var/opt/aesmd/data";
|
||||
aesmStateDirSystemd = "%S/aesmd";
|
||||
in
|
||||
{
|
||||
description = "Intel Architectural Enclave Service Manager";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
after = [
|
||||
"auditd.service"
|
||||
"network.target"
|
||||
"syslog.target"
|
||||
];
|
||||
|
||||
environment = {
|
||||
NAME = "aesm_service";
|
||||
AESM_PATH = storeAesmFolder;
|
||||
LD_LIBRARY_PATH = storeAesmFolder;
|
||||
};
|
||||
|
||||
# Make sure any of the SGX application enclave devices is available
|
||||
unitConfig.AssertPathExists = [
|
||||
# legacy out-of-tree driver
|
||||
"|/dev/isgx"
|
||||
# DCAP driver
|
||||
"|/dev/sgx/enclave"
|
||||
# in-tree driver
|
||||
"|/dev/sgx_enclave"
|
||||
];
|
||||
|
||||
serviceConfig = rec {
|
||||
ExecStartPre = pkgs.writeShellScript "copy-aesmd-data-files.sh" ''
|
||||
set -euo pipefail
|
||||
whiteListFile="${aesmDataFolder}/white_list_cert_to_be_verify.bin"
|
||||
if [[ ! -f "$whiteListFile" ]]; then
|
||||
${pkgs.coreutils}/bin/install -m 644 -D \
|
||||
"${storeAesmFolder}/data/white_list_cert_to_be_verify.bin" \
|
||||
"$whiteListFile"
|
||||
fi
|
||||
'';
|
||||
ExecStart = "${sgx-psw}/bin/aesm_service --no-daemon";
|
||||
ExecReload = ''${pkgs.coreutils}/bin/kill -SIGHUP "$MAINPID"'';
|
||||
|
||||
Restart = "on-failure";
|
||||
RestartSec = "15s";
|
||||
|
||||
DynamicUser = true;
|
||||
Group = "sgx";
|
||||
SupplementaryGroups = [
|
||||
config.hardware.cpu.intel.sgx.provision.group
|
||||
];
|
||||
|
||||
Type = "simple";
|
||||
|
||||
WorkingDirectory = storeAesmFolder;
|
||||
StateDirectory = "aesmd";
|
||||
StateDirectoryMode = "0700";
|
||||
RuntimeDirectory = "aesmd";
|
||||
RuntimeDirectoryMode = "0750";
|
||||
|
||||
# Hardening
|
||||
|
||||
# chroot into the runtime directory
|
||||
RootDirectory = "%t/aesmd";
|
||||
BindReadOnlyPaths = [
|
||||
builtins.storeDir
|
||||
# Hardcoded path AESM_CONFIG_FILE in psw/ae/aesm_service/source/utils/aesm_config.cpp
|
||||
"${configFile}:/etc/aesmd.conf"
|
||||
];
|
||||
BindPaths = [
|
||||
# Hardcoded path CONFIG_SOCKET_PATH in psw/ae/aesm_service/source/core/ipc/SocketConfig.h
|
||||
"%t/aesmd:/var/run/aesmd"
|
||||
"%S/aesmd:/var/opt/aesmd"
|
||||
];
|
||||
|
||||
# PrivateDevices=true will mount /dev noexec which breaks AESM
|
||||
PrivateDevices = false;
|
||||
DevicePolicy = "closed";
|
||||
DeviceAllow = [
|
||||
# legacy out-of-tree driver
|
||||
"/dev/isgx rw"
|
||||
# DCAP driver
|
||||
"/dev/sgx rw"
|
||||
# in-tree driver
|
||||
"/dev/sgx_enclave rw"
|
||||
"/dev/sgx_provision rw"
|
||||
];
|
||||
|
||||
# Requires Internet access for attestation
|
||||
PrivateNetwork = false;
|
||||
|
||||
RestrictAddressFamilies = [
|
||||
# Allocates the socket /var/run/aesmd/aesm.socket
|
||||
"AF_UNIX"
|
||||
# Uses the HTTP protocol to initialize some services
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
|
||||
# True breaks stuff
|
||||
MemoryDenyWriteExecute = false;
|
||||
|
||||
# needs the ipc syscall in order to run
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@aio"
|
||||
"~@chown"
|
||||
"~@clock"
|
||||
"~@cpu-emulation"
|
||||
"~@debug"
|
||||
"~@keyring"
|
||||
"~@memlock"
|
||||
"~@module"
|
||||
"~@mount"
|
||||
"~@privileged"
|
||||
"~@raw-io"
|
||||
"~@reboot"
|
||||
"~@resources"
|
||||
"~@setuid"
|
||||
"~@swap"
|
||||
"~@sync"
|
||||
"~@timer"
|
||||
];
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
|
||||
CapabilityBoundingSet = "";
|
||||
KeyringMode = "private";
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
NotifyAccess = "none";
|
||||
PrivateMounts = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = true;
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProtectSystem = "strict";
|
||||
RemoveIPC = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
UMask = "0066";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -526,8 +526,8 @@ in {
|
||||
# FIXME(@Ma27) remove as soon as nextcloud properly supports
|
||||
# mariadb >=10.6.
|
||||
isUnsupportedMariadb =
|
||||
# All currently supported Nextcloud versions are affected.
|
||||
(versionOlder cfg.package.version "23")
|
||||
# All currently supported Nextcloud versions are affected (https://github.com/nextcloud/server/issues/25436).
|
||||
(versionOlder cfg.package.version "24")
|
||||
# This module uses mysql
|
||||
&& (cfg.config.dbtype == "mysql")
|
||||
# MySQL is managed via NixOS
|
||||
|
@ -146,6 +146,79 @@ sub fingerprintUnit {
|
||||
return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : "");
|
||||
}
|
||||
|
||||
sub handleModifiedUnit {
|
||||
my ($unit, $baseName, $newUnitFile, $activePrev, $unitsToStop, $unitsToStart, $unitsToReload, $unitsToRestart, $unitsToSkip) = @_;
|
||||
|
||||
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.path$/ || $unit =~ /\.slice$/) {
|
||||
# Do nothing. These cannot be restarted directly.
|
||||
|
||||
# Slices and Paths don't have to be restarted since
|
||||
# properties (resource limits and inotify watches)
|
||||
# seem to get applied on daemon-reload.
|
||||
} elsif ($unit =~ /\.mount$/) {
|
||||
# Reload the changed mount unit to force a remount.
|
||||
$unitsToReload->{$unit} = 1;
|
||||
recordUnit($reloadListFile, $unit);
|
||||
} elsif ($unit =~ /\.socket$/) {
|
||||
# FIXME: do something?
|
||||
# Attempt to fix this: https://github.com/NixOS/nixpkgs/pull/141192
|
||||
# Revert of the attempt: https://github.com/NixOS/nixpkgs/pull/147609
|
||||
# More details: https://github.com/NixOS/nixpkgs/issues/74899#issuecomment-981142430
|
||||
} else {
|
||||
my $unitInfo = parseUnit($newUnitFile);
|
||||
if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) {
|
||||
$unitsToReload->{$unit} = 1;
|
||||
recordUnit($reloadListFile, $unit);
|
||||
}
|
||||
elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) {
|
||||
$unitsToSkip->{$unit} = 1;
|
||||
} else {
|
||||
# It doesn't make sense to stop and start non-services because
|
||||
# they can't have ExecStop=
|
||||
if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes") || $unit !~ /\.service$/) {
|
||||
# This unit should be restarted instead of
|
||||
# stopped and started.
|
||||
$unitsToRestart->{$unit} = 1;
|
||||
recordUnit($restartListFile, $unit);
|
||||
} else {
|
||||
# If this unit is socket-activated, then stop the
|
||||
# socket unit(s) as well, and restart the
|
||||
# socket(s) instead of the service.
|
||||
my $socketActivated = 0;
|
||||
if ($unit =~ /\.service$/) {
|
||||
my @sockets = split / /, ($unitInfo->{Sockets} // "");
|
||||
if (scalar @sockets == 0) {
|
||||
@sockets = ("$baseName.socket");
|
||||
}
|
||||
foreach my $socket (@sockets) {
|
||||
if (defined $activePrev->{$socket}) {
|
||||
$unitsToStop->{$socket} = 1;
|
||||
# Only restart sockets that actually
|
||||
# exist in new configuration:
|
||||
if (-e "$out/etc/systemd/system/$socket") {
|
||||
$unitsToStart->{$socket} = 1;
|
||||
recordUnit($startListFile, $socket);
|
||||
$socketActivated = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# If the unit is not socket-activated, record
|
||||
# that this unit needs to be started below.
|
||||
# We write this to a file to ensure that the
|
||||
# service gets restarted if we're interrupted.
|
||||
if (!$socketActivated) {
|
||||
$unitsToStart->{$unit} = 1;
|
||||
recordUnit($startListFile, $unit);
|
||||
}
|
||||
|
||||
$unitsToStop->{$unit} = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Figure out what units need to be stopped, started, restarted or reloaded.
|
||||
my (%unitsToStop, %unitsToSkip, %unitsToStart, %unitsToRestart, %unitsToReload);
|
||||
|
||||
@ -218,69 +291,7 @@ while (my ($unit, $state) = each %{$activePrev}) {
|
||||
}
|
||||
|
||||
elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) {
|
||||
if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.path$/ || $unit =~ /\.slice$/) {
|
||||
# Do nothing. These cannot be restarted directly.
|
||||
|
||||
# Slices and Paths don't have to be restarted since
|
||||
# properties (resource limits and inotify watches)
|
||||
# seem to get applied on daemon-reload.
|
||||
} elsif ($unit =~ /\.mount$/) {
|
||||
# Reload the changed mount unit to force a remount.
|
||||
$unitsToReload{$unit} = 1;
|
||||
recordUnit($reloadListFile, $unit);
|
||||
} elsif ($unit =~ /\.socket$/) {
|
||||
# FIXME: do something?
|
||||
} else {
|
||||
my $unitInfo = parseUnit($newUnitFile);
|
||||
if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) {
|
||||
$unitsToReload{$unit} = 1;
|
||||
recordUnit($reloadListFile, $unit);
|
||||
}
|
||||
elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) {
|
||||
$unitsToSkip{$unit} = 1;
|
||||
} else {
|
||||
if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes")) {
|
||||
# This unit should be restarted instead of
|
||||
# stopped and started.
|
||||
$unitsToRestart{$unit} = 1;
|
||||
recordUnit($restartListFile, $unit);
|
||||
} else {
|
||||
# If this unit is socket-activated, then stop the
|
||||
# socket unit(s) as well, and restart the
|
||||
# socket(s) instead of the service.
|
||||
my $socketActivated = 0;
|
||||
if ($unit =~ /\.service$/) {
|
||||
my @sockets = split / /, ($unitInfo->{Sockets} // "");
|
||||
if (scalar @sockets == 0) {
|
||||
@sockets = ("$baseName.socket");
|
||||
}
|
||||
foreach my $socket (@sockets) {
|
||||
if (defined $activePrev->{$socket}) {
|
||||
$unitsToStop{$socket} = 1;
|
||||
# Only restart sockets that actually
|
||||
# exist in new configuration:
|
||||
if (-e "$out/etc/systemd/system/$socket") {
|
||||
$unitsToStart{$socket} = 1;
|
||||
recordUnit($startListFile, $socket);
|
||||
$socketActivated = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# If the unit is not socket-activated, record
|
||||
# that this unit needs to be started below.
|
||||
# We write this to a file to ensure that the
|
||||
# service gets restarted if we're interrupted.
|
||||
if (!$socketActivated) {
|
||||
$unitsToStart{$unit} = 1;
|
||||
recordUnit($startListFile, $unit);
|
||||
}
|
||||
|
||||
$unitsToStop{$unit} = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, \%unitsToSkip);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
62
nixos/tests/aesmd.nix
Normal file
62
nixos/tests/aesmd.nix
Normal file
@ -0,0 +1,62 @@
|
||||
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
||||
name = "aesmd";
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ veehaitch ];
|
||||
};
|
||||
|
||||
machine = { lib, ... }: {
|
||||
services.aesmd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
defaultQuotingType = "ecdsa_256";
|
||||
proxyType = "direct";
|
||||
whitelistUrl = "http://nixos.org";
|
||||
};
|
||||
};
|
||||
|
||||
# Should have access to the AESM socket
|
||||
users.users."sgxtest" = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "sgx" ];
|
||||
};
|
||||
|
||||
# Should NOT have access to the AESM socket
|
||||
users.users."nosgxtest".isNormalUser = true;
|
||||
|
||||
# We don't have a real SGX machine in NixOS tests
|
||||
systemd.services.aesmd.unitConfig.AssertPathExists = lib.mkForce [ ];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
with subtest("aesmd.service starts"):
|
||||
machine.wait_for_unit("aesmd.service")
|
||||
status, main_pid = machine.systemctl("show --property MainPID --value aesmd.service")
|
||||
assert status == 0, "Could not get MainPID of aesmd.service"
|
||||
main_pid = main_pid.strip()
|
||||
|
||||
with subtest("aesmd.service runtime directory permissions"):
|
||||
runtime_dir = "/run/aesmd";
|
||||
res = machine.succeed(f"stat -c '%a %U %G' {runtime_dir}").strip()
|
||||
assert "750 aesmd sgx" == res, f"{runtime_dir} does not have the expected permissions: {res}"
|
||||
|
||||
with subtest("aesm.socket available on host"):
|
||||
socket_path = "/var/run/aesmd/aesm.socket"
|
||||
machine.wait_until_succeeds(f"test -S {socket_path}")
|
||||
machine.succeed(f"test 777 -eq $(stat -c '%a' {socket_path})")
|
||||
for op in [ "-r", "-w", "-x" ]:
|
||||
machine.succeed(f"sudo -u sgxtest test {op} {socket_path}")
|
||||
machine.fail(f"sudo -u nosgxtest test {op} {socket_path}")
|
||||
|
||||
with subtest("Copies white_list_cert_to_be_verify.bin"):
|
||||
whitelist_path = "/var/opt/aesmd/data/white_list_cert_to_be_verify.bin"
|
||||
whitelist_perms = machine.succeed(
|
||||
f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/stat -c '%a' {whitelist_path}"
|
||||
).strip()
|
||||
assert "644" == whitelist_perms, f"white_list_cert_to_be_verify.bin has permissions {whitelist_perms}"
|
||||
|
||||
with subtest("Writes and binds aesm.conf in service namespace"):
|
||||
aesmd_config = machine.succeed(f"nsenter -m -t {main_pid} ${pkgs.coreutils}/bin/cat /etc/aesmd.conf")
|
||||
|
||||
assert aesmd_config == "whitelist url = http://nixos.org\nproxy type = direct\ndefault quoting type = ecdsa_256\n", "aesmd.conf differs"
|
||||
'';
|
||||
})
|
@ -23,6 +23,7 @@ in
|
||||
{
|
||||
_3proxy = handleTest ./3proxy.nix {};
|
||||
acme = handleTest ./acme.nix {};
|
||||
aesmd = handleTest ./aesmd.nix {};
|
||||
agda = handleTest ./agda.nix {};
|
||||
airsonic = handleTest ./airsonic.nix {};
|
||||
amazon-init-shell = handleTest ./amazon-init-shell.nix {};
|
||||
|
@ -939,7 +939,7 @@ let
|
||||
exporterConfig = {
|
||||
enable = true;
|
||||
};
|
||||
metricProvider.services.redis.enable = true;
|
||||
metricProvider.services.redis.servers."".enable = true;
|
||||
exporterTest = ''
|
||||
wait_for_unit("redis.service")
|
||||
wait_for_unit("prometheus-redis-exporter.service")
|
||||
|
@ -1,7 +1,4 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }:
|
||||
let
|
||||
redisSocket = "/run/redis/redis.sock";
|
||||
in
|
||||
{
|
||||
name = "redis";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
@ -10,35 +7,40 @@ in
|
||||
|
||||
nodes = {
|
||||
machine =
|
||||
{ pkgs, ... }:
|
||||
{ pkgs, lib, ... }: with lib;
|
||||
|
||||
{
|
||||
services.redis.enable = true;
|
||||
services.redis.unixSocket = redisSocket;
|
||||
services.redis.servers."".enable = true;
|
||||
services.redis.servers."test".enable = true;
|
||||
|
||||
# Allow access to the unix socket for the "redis" group.
|
||||
services.redis.unixSocketPerm = 770;
|
||||
|
||||
users.users."member" = {
|
||||
users.users = listToAttrs (map (suffix: nameValuePair "member${suffix}" {
|
||||
createHome = false;
|
||||
description = "A member of the redis group";
|
||||
description = "A member of the redis${suffix} group";
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"redis"
|
||||
];
|
||||
};
|
||||
extraGroups = [ "redis${suffix}" ];
|
||||
}) ["" "-test"]);
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
testScript = { nodes, ... }: let
|
||||
inherit (nodes.machine.config.services) redis;
|
||||
in ''
|
||||
start_all()
|
||||
machine.wait_for_unit("redis")
|
||||
machine.wait_for_unit("redis-test")
|
||||
|
||||
# The unnamed Redis server still opens a port for backward-compatibility
|
||||
machine.wait_for_open_port("6379")
|
||||
|
||||
machine.wait_for_file("${redis.servers."".unixSocket}")
|
||||
machine.wait_for_file("${redis.servers."test".unixSocket}")
|
||||
|
||||
# The unix socket is accessible to the redis group
|
||||
machine.succeed('su member -c "redis-cli ping | grep PONG"')
|
||||
machine.succeed('su member-test -c "redis-cli ping | grep PONG"')
|
||||
|
||||
machine.succeed("redis-cli ping | grep PONG")
|
||||
machine.succeed("redis-cli -s ${redisSocket} ping | grep PONG")
|
||||
machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG")
|
||||
machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG")
|
||||
'';
|
||||
})
|
||||
|
@ -3,21 +3,138 @@
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
name = "switch-test";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ gleber ];
|
||||
maintainers = [ gleber das_j ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
machine = { ... }: {
|
||||
machine = { pkgs, lib, ... }: {
|
||||
users.mutableUsers = false;
|
||||
|
||||
specialisation = rec {
|
||||
simpleService.configuration = {
|
||||
systemd.services.test = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = "${pkgs.coreutils}/bin/true";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
simpleServiceModified.configuration = {
|
||||
imports = [ simpleService.configuration ];
|
||||
systemd.services.test.serviceConfig.X-Test = true;
|
||||
};
|
||||
|
||||
simpleServiceNostop.configuration = {
|
||||
imports = [ simpleService.configuration ];
|
||||
systemd.services.test.stopIfChanged = false;
|
||||
};
|
||||
|
||||
simpleServiceReload.configuration = {
|
||||
imports = [ simpleService.configuration ];
|
||||
systemd.services.test = {
|
||||
reloadIfChanged = true;
|
||||
serviceConfig.ExecReload = "${pkgs.coreutils}/bin/true";
|
||||
};
|
||||
};
|
||||
|
||||
simpleServiceNorestart.configuration = {
|
||||
imports = [ simpleService.configuration ];
|
||||
systemd.services.test.restartIfChanged = false;
|
||||
};
|
||||
|
||||
mount.configuration = {
|
||||
systemd.mounts = [
|
||||
{
|
||||
description = "Testmount";
|
||||
what = "tmpfs";
|
||||
type = "tmpfs";
|
||||
where = "/testmount";
|
||||
options = "size=1M";
|
||||
wantedBy = [ "local-fs.target" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
mountModified.configuration = {
|
||||
systemd.mounts = [
|
||||
{
|
||||
description = "Testmount";
|
||||
what = "tmpfs";
|
||||
type = "tmpfs";
|
||||
where = "/testmount";
|
||||
options = "size=10M";
|
||||
wantedBy = [ "local-fs.target" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
timer.configuration = {
|
||||
systemd.timers.test-timer = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "@1395716396"; # chosen by fair dice roll
|
||||
};
|
||||
systemd.services.test-timer = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.coreutils}/bin/true";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
timerModified.configuration = {
|
||||
imports = [ timer.configuration ];
|
||||
systemd.timers.test-timer.timerConfig.OnCalendar = lib.mkForce "Fri 2012-11-23 16:00:00";
|
||||
};
|
||||
|
||||
path.configuration = {
|
||||
systemd.paths.test-watch = {
|
||||
wantedBy = [ "paths.target" ];
|
||||
pathConfig.PathExists = "/testpath";
|
||||
};
|
||||
systemd.services.test-watch = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.coreutils}/bin/touch /testpath-modified";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
pathModified.configuration = {
|
||||
imports = [ path.configuration ];
|
||||
systemd.paths.test-watch.pathConfig.PathExists = lib.mkForce "/testpath2";
|
||||
};
|
||||
|
||||
slice.configuration = {
|
||||
systemd.slices.testslice.sliceConfig.MemoryMax = "1"; # don't allow memory allocation
|
||||
systemd.services.testservice = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = "${pkgs.coreutils}/bin/true";
|
||||
Slice = "testslice.slice";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sliceModified.configuration = {
|
||||
imports = [ slice.configuration ];
|
||||
systemd.slices.testslice.sliceConfig.MemoryMax = lib.mkForce null;
|
||||
};
|
||||
};
|
||||
};
|
||||
other = { ... }: {
|
||||
|
||||
other = {
|
||||
users.mutableUsers = true;
|
||||
};
|
||||
};
|
||||
|
||||
testScript = {nodes, ...}: let
|
||||
testScript = { nodes, ... }: let
|
||||
originalSystem = nodes.machine.config.system.build.toplevel;
|
||||
otherSystem = nodes.other.config.system.build.toplevel;
|
||||
machine = nodes.machine.config.system.build.toplevel;
|
||||
|
||||
# Ensures failures pass through using pipefail, otherwise failing to
|
||||
# switch-to-configuration is hidden by the success of `tee`.
|
||||
@ -27,12 +144,186 @@ import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
set -o pipefail
|
||||
exec env -i "$@" | tee /dev/stderr
|
||||
'';
|
||||
in ''
|
||||
in /* python */ ''
|
||||
def switch_to_specialisation(system, name, action="test"):
|
||||
if name == "":
|
||||
stc = f"{system}/bin/switch-to-configuration"
|
||||
else:
|
||||
stc = f"{system}/specialisation/{name}/bin/switch-to-configuration"
|
||||
out = machine.succeed(f"{stc} {action} 2>&1")
|
||||
assert_lacks(out, "switch-to-configuration line") # Perl warnings
|
||||
return out
|
||||
|
||||
def assert_contains(haystack, needle):
|
||||
if needle not in haystack:
|
||||
print("The haystack that will cause the following exception is:")
|
||||
print("---")
|
||||
print(haystack)
|
||||
print("---")
|
||||
raise Exception(f"Expected string '{needle}' was not found")
|
||||
|
||||
def assert_lacks(haystack, needle):
|
||||
if needle in haystack:
|
||||
print("The haystack that will cause the following exception is:")
|
||||
print("---")
|
||||
print(haystack, end="")
|
||||
print("---")
|
||||
raise Exception(f"Unexpected string '{needle}' was found")
|
||||
|
||||
|
||||
machine.succeed(
|
||||
"${stderrRunner} ${originalSystem}/bin/switch-to-configuration test"
|
||||
)
|
||||
machine.succeed(
|
||||
"${stderrRunner} ${otherSystem}/bin/switch-to-configuration test"
|
||||
)
|
||||
|
||||
with subtest("services"):
|
||||
switch_to_specialisation("${machine}", "")
|
||||
# Nothing happens when nothing is changed
|
||||
out = switch_to_specialisation("${machine}", "")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
|
||||
# Start a simple service
|
||||
out = switch_to_specialisation("${machine}", "simpleService")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_contains(out, "reloading the following units: dbus.service\n") # huh
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_contains(out, "the following new units were started: test.service\n")
|
||||
assert_lacks(out, "as well:")
|
||||
|
||||
# Not changing anything doesn't do anything
|
||||
out = switch_to_specialisation("${machine}", "simpleService")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
|
||||
# Restart the simple service
|
||||
out = switch_to_specialisation("${machine}", "simpleServiceModified")
|
||||
assert_contains(out, "stopping the following units: test.service\n")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_contains(out, "\nstarting the following units: test.service\n")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
|
||||
# Restart the service with stopIfChanged=false
|
||||
out = switch_to_specialisation("${machine}", "simpleServiceNostop")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_contains(out, "\nrestarting the following units: test.service\n")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
|
||||
# Reload the service with reloadIfChanged=true
|
||||
out = switch_to_specialisation("${machine}", "simpleServiceReload")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_contains(out, "reloading the following units: test.service\n")
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
|
||||
# Nothing happens when restartIfChanged=false
|
||||
out = switch_to_specialisation("${machine}", "simpleServiceNorestart")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_contains(out, "NOT restarting the following changed units: test.service\n")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
|
||||
# Dry mode shows different messages
|
||||
out = switch_to_specialisation("${machine}", "simpleService", action="dry-activate")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
assert_contains(out, "would start the following units: test.service\n")
|
||||
|
||||
with subtest("mounts"):
|
||||
switch_to_specialisation("${machine}", "mount")
|
||||
out = machine.succeed("mount | grep 'on /testmount'")
|
||||
assert_contains(out, "size=1024k")
|
||||
out = switch_to_specialisation("${machine}", "mountModified")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_contains(out, "reloading the following units: testmount.mount\n")
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
# It changed
|
||||
out = machine.succeed("mount | grep 'on /testmount'")
|
||||
assert_contains(out, "size=10240k")
|
||||
|
||||
with subtest("timers"):
|
||||
switch_to_specialisation("${machine}", "timer")
|
||||
out = machine.succeed("systemctl show test-timer.timer")
|
||||
assert_contains(out, "OnCalendar=2014-03-25 02:59:56 UTC")
|
||||
out = switch_to_specialisation("${machine}", "timerModified")
|
||||
assert_lacks(out, "stopping the following units:")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_contains(out, "restarting the following units: test-timer.timer\n")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_lacks(out, "the following new units were started:")
|
||||
assert_lacks(out, "as well:")
|
||||
# It changed
|
||||
out = machine.succeed("systemctl show test-timer.timer")
|
||||
assert_contains(out, "OnCalendar=Fri 2012-11-23 16:00:00")
|
||||
|
||||
with subtest("paths"):
|
||||
out = switch_to_specialisation("${machine}", "path")
|
||||
assert_contains(out, "stopping the following units: test-timer.timer\n")
|
||||
assert_lacks(out, "NOT restarting the following changed units:")
|
||||
assert_lacks(out, "reloading the following units:")
|
||||
assert_lacks(out, "\nrestarting the following units:")
|
||||
assert_lacks(out, "\nstarting the following units:")
|
||||
assert_contains(out, "the following new units were started: test-watch.path")
|
||||
assert_lacks(out, "as well:")
|
||||
machine.fail("test -f /testpath-modified")
|
||||
|
||||
# touch the file, unit should be triggered
|
||||
machine.succeed("touch /testpath")
|
||||
machine.wait_until_succeeds("test -f /testpath-modified")
|
||||
machine.succeed("rm /testpath /testpath-modified")
|
||||
switch_to_specialisation("${machine}", "pathModified")
|
||||
machine.succeed("touch /testpath")
|
||||
machine.fail("test -f /testpath-modified")
|
||||
machine.succeed("touch /testpath2")
|
||||
machine.wait_until_succeeds("test -f /testpath-modified")
|
||||
|
||||
# This test ensures that changes to slice configuration get applied.
|
||||
# We test this by having a slice that allows no memory allocation at
|
||||
# all and starting a service within it. If the service crashes, the slice
|
||||
# is applied and if we modify the slice to allow memory allocation, the
|
||||
# service should successfully start.
|
||||
with subtest("slices"):
|
||||
machine.succeed("echo 0 > /proc/sys/vm/panic_on_oom") # allow OOMing
|
||||
out = switch_to_specialisation("${machine}", "slice")
|
||||
machine.fail("systemctl start testservice.service")
|
||||
out = switch_to_specialisation("${machine}", "sliceModified")
|
||||
machine.succeed("systemctl start testservice.service")
|
||||
machine.succeed("echo 1 > /proc/sys/vm/panic_on_oom") # disallow OOMing
|
||||
'';
|
||||
})
|
||||
|
@ -10,17 +10,19 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.redis.enable = true;
|
||||
services.redis.unixSocket = "/run/redis/redis.sock";
|
||||
services.redis.servers."".enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [ (python38.withPackages (ps: [ ps.twisted ps.txredisapi ps.mock ]))];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
testScript = { nodes, ... }: let
|
||||
inherit (nodes.machine.config.services) redis;
|
||||
in ''
|
||||
start_all()
|
||||
machine.wait_for_unit("redis")
|
||||
machine.wait_for_open_port("6379")
|
||||
machine.wait_for_file("${redis.servers."".unixSocket}")
|
||||
machine.succeed("ln -s ${redis.servers."".unixSocket} /tmp/redis.sock")
|
||||
|
||||
tests = machine.succeed("PYTHONPATH=\"${pkgs.python3Packages.txredisapi.src}\" python -m twisted.trial ${pkgs.python3Packages.txredisapi.src}/tests")
|
||||
'';
|
||||
|
@ -35,11 +35,11 @@ let
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bisq-desktop";
|
||||
version = "1.7.5";
|
||||
version = "1.8.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/bisq-network/bisq/releases/download/v${version}/Bisq-64bit-${version}.deb";
|
||||
sha256 = "0mwlmya53xaps8x8c5cvk9zxy0ddijkrba8x3jp2glql34wac3ri";
|
||||
sha256 = "1q6x6w8mp5ax852hlvi2p61xgckb2lpr2ml21a9mfs9421b6m8h2";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper copyDesktopItems imagemagick dpkg gnutar zip xz ];
|
||||
|
@ -10,7 +10,7 @@
|
||||
, Xaw3d, libXcursor, pkg-config, gettext, libXft, dbus, libpng, libjpeg, giflib
|
||||
, libtiff, librsvg, gconf, libxml2, imagemagick, gnutls, libselinux
|
||||
, alsa-lib, cairo, acl, gpm, AppKit, GSS, ImageIO, m17n_lib, libotf
|
||||
, sigtool, jansson, harfbuzz
|
||||
, sigtool, jansson, harfbuzz, sqlite
|
||||
, dontRecurseIntoAttrs ,emacsPackagesFor
|
||||
, libgccjit, targetPlatform, makeWrapper # native-comp params
|
||||
, systemd ? null
|
||||
@ -20,6 +20,7 @@
|
||||
, withGTK3 ? true, gtk3-x11 ? null, gsettings-desktop-schemas ? null
|
||||
, withXwidgets ? false, webkitgtk ? null, wrapGAppsHook ? null, glib-networking ? null
|
||||
, withMotif ? false, motif ? null
|
||||
, withSQLite3 ? false
|
||||
, withCsrc ? true
|
||||
, srcRepo ? false, autoreconfHook ? null, texinfo ? null
|
||||
, siteStart ? ./site-start.el
|
||||
@ -116,6 +117,7 @@ let emacs = stdenv.mkDerivation (lib.optionalAttrs nativeComp {
|
||||
++ lib.optional (withX && withGTK2) gtk2-x11
|
||||
++ lib.optionals (withX && withGTK3) [ gtk3-x11 gsettings-desktop-schemas ]
|
||||
++ lib.optional (withX && withMotif) motif
|
||||
++ lib.optional withSQLite3 sqlite
|
||||
++ lib.optionals (withX && withXwidgets) [ webkitgtk glib-networking ]
|
||||
++ lib.optionals withNS [ AppKit GSS ImageIO ]
|
||||
++ lib.optionals stdenv.isDarwin [ sigtool ]
|
||||
|
@ -24,10 +24,10 @@
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "auto-multiple-choice";
|
||||
version = "1.5.1";
|
||||
version = "1.5.2";
|
||||
src = fetchurl {
|
||||
url = "https://download.auto-multiple-choice.net/${pname}_${version}_precomp.tar.gz";
|
||||
sha256 = "71831122f7b43245d3289617064e0b561817c0130ee1773c1b957841b28b854c";
|
||||
sha256 = "sha256-AjonJOooSe53Fww3QU6Dft95ojNqWrTuPul3nkIbctM=";
|
||||
};
|
||||
tlType = "run";
|
||||
|
||||
|
@ -3,11 +3,11 @@
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "latte-dock";
|
||||
version = "0.10.0";
|
||||
version = "0.10.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download.kde.org/stable/${pname}/${pname}-${version}.tar.xz";
|
||||
sha256 = "04kq86qmrjbzidrkknj000pv1b5z0r7nfidhy2zv67ks8fdi4zln";
|
||||
sha256 = "XRop+MNcbeCcbnL2LM1i67QvMudW3CjWYEPLkT/qbGM=";
|
||||
name = "${pname}-${version}.tar.xz";
|
||||
};
|
||||
|
||||
|
@ -1,12 +1,12 @@
|
||||
{ lib, stdenv, fetchurl, appimageTools, makeWrapper, electron_15 }:
|
||||
{ lib, stdenv, fetchurl, appimageTools, makeWrapper, electron }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "logseq";
|
||||
version = "0.5.1";
|
||||
version = "0.5.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage";
|
||||
sha256 = "/ZI9kK/9bYRJL8jOyRKpdMcy4Cbau+a28AO+kTUl+SE=";
|
||||
sha256 = "ZlyteVTwP5oM32G+yUzCOmu6b/b19RVLmlEvyOz5hu0=";
|
||||
name = "${pname}-${version}.AppImage";
|
||||
};
|
||||
|
||||
@ -36,7 +36,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
makeWrapper ${electron_15}/bin/electron $out/bin/${pname} \
|
||||
makeWrapper ${electron}/bin/electron $out/bin/${pname} \
|
||||
--add-flags $out/share/${pname}/resources/app
|
||||
'';
|
||||
|
||||
|
@ -2,18 +2,18 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "kubelogin";
|
||||
version = "1.23.3";
|
||||
version = "1.25.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "int128";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-qhdt/j1yFlCr+CCM3VQHxRVMEelZDsjhDJW9CYNCx2U=";
|
||||
sha256 = "sha256-orclZtmkdplTRvYkN7VotbynSQ9L2kvAPqP20j8QJ2s=";
|
||||
};
|
||||
|
||||
subPackages = ["."];
|
||||
|
||||
vendorSha256 = "sha256-RxIrnwIHDi9umu9bqpz3lnpNFdIWoTP657Te9iBv4IA=";
|
||||
vendorSha256 = "sha256-i46G0lsRvh/PmM+pMYuAjoLMHWF1Uzbd8+EkjIId8KE=";
|
||||
|
||||
# Rename the binary instead of symlinking to avoid conflict with the
|
||||
# Azure version of kubelogin
|
||||
|
@ -196,10 +196,10 @@ rec {
|
||||
passthru = { inherit plugins; };
|
||||
};
|
||||
|
||||
terraform_1_0 = mkTerraform {
|
||||
version = "1.0.11";
|
||||
sha256 = "0k05s4zm16vksq21f1q00y2lzfgi5fhs1ygydm8jk0srs9x8ask7";
|
||||
vendorSha256 = "1brgghl7fb26va4adix443rl1dkjaqrr4jkknxjkcaps0knqp172";
|
||||
terraform_1 = mkTerraform {
|
||||
version = "1.1.0";
|
||||
sha256 = "sha256-nnYMoQitqFbOjI8twDh9hWDb1qxMNNVy6wldxkyDKY0=";
|
||||
vendorSha256 = "sha256-inPNvNUcil9X0VQ/pVgZdnnmn9UCfEz7qXiuKDj8RYM=";
|
||||
patches = [ ./provider-path-0_15.patch ];
|
||||
passthru = { inherit plugins; };
|
||||
};
|
||||
@ -213,7 +213,7 @@ rec {
|
||||
mainTf = writeText "main.tf" ''
|
||||
resource "random_id" "test" {}
|
||||
'';
|
||||
terraform = terraform_1_0.withPlugins (p: [ p.random ]);
|
||||
terraform = terraform_1.withPlugins (p: [ p.random ]);
|
||||
test =
|
||||
runCommand "terraform-plugin-test" { buildInputs = [ terraform ]; } ''
|
||||
set -e
|
||||
|
@ -2,7 +2,7 @@
|
||||
"name": "element-desktop",
|
||||
"productName": "Element",
|
||||
"main": "lib/electron-main.js",
|
||||
"version": "1.9.6",
|
||||
"version": "1.9.7",
|
||||
"description": "A feature-rich client for Matrix.org",
|
||||
"author": "Element",
|
||||
"repository": {
|
||||
@ -83,7 +83,7 @@
|
||||
},
|
||||
"build": {
|
||||
"appId": "im.riot.app",
|
||||
"electronVersion": "13.5.1",
|
||||
"electronVersion": "13.5.2",
|
||||
"files": [
|
||||
"package.json",
|
||||
{
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"version": "1.9.6",
|
||||
"desktopSrcHash": "AJLKp9VbNF0XvcQe6t0/pw1hiVCgRiRb27KJooQ2NlQ=",
|
||||
"desktopYarnHash": "1xa8vrqj3g3hfhzrk8m7yr57my9ipyyhw8vsx4m86v8i1iqrpmnm",
|
||||
"webHash": "161w6i122i81jyb23mpxlf7k5wx2v4c6ai2liywn89q74hj3axr5"
|
||||
"version": "1.9.7",
|
||||
"desktopSrcHash": "bUzIIPNVgK2whQJoEZOaoa+jsJx4No+xji6hXK6wxFY=",
|
||||
"desktopYarnHash": "1n9dqpvq31k94mx5s1dgqavaxdd0jrzcwdx106c5dnq6xnxs941p",
|
||||
"webHash": "1fx1nznqbwvs84kpc239ms9kpzy9p72hrz3qqbzay8p9x4gc1ws3"
|
||||
}
|
||||
|
@ -12,6 +12,7 @@
|
||||
, qtkeychain
|
||||
, qtmacextras
|
||||
, qtmultimedia
|
||||
, qtimageformats
|
||||
, qttools
|
||||
, qtquickcontrols2
|
||||
, qtgraphicaleffects
|
||||
@ -57,6 +58,7 @@ mkDerivation rec {
|
||||
cmark
|
||||
qtbase
|
||||
qtmultimedia
|
||||
qtimageformats
|
||||
qttools
|
||||
qtquickcontrols2
|
||||
qtgraphicaleffects
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"version": "1.9.0-sc.1",
|
||||
"srcHash": "10swz5gwz1izryzllmjm8mhhd0vqk2cp8qjcmmr5gbzspj7p3xgw",
|
||||
"webYarnHash": "134llyh0197andpnbmfcxnidcgi3xxnb9v10bwfvrqysgnhb5z8v",
|
||||
"desktopYarnHash": "150jc6p9kbdz599bdkinrhbhncpamhz35j6rcc008qxg2d9qfhwr"
|
||||
"version": "1.9.7-sc.1",
|
||||
"srcHash": "0qrjjwcxa141phsgdz325rrkfmjqdmxc3h917cs9c9kf6cblkxaq",
|
||||
"webYarnHash": "19c594pql2yz1z15phfdlkwcvrcbm8k058fcq7p0k6840dhif5fd",
|
||||
"desktopYarnHash": "058ihkljb1swjzvgf8gqci5ghvwapmpcf2bsab3yr66lhps7fhci"
|
||||
}
|
||||
|
@ -5,13 +5,13 @@ with lib;
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "nicotine-plus";
|
||||
version = "3.0.6";
|
||||
version = "3.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Nicotine-Plus";
|
||||
repo = "nicotine-plus";
|
||||
rev = version;
|
||||
sha256 = "sha256-NL6TXFRB7OeqNEfdANkEqh+MCOF1+ehR+6RO1XsIix8=";
|
||||
hash = "sha256-NfI2RfxAYhA1qefml1ayfYWjbkrzUL4l9p2Rm/ROnzQ=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ gettext wrapGAppsHook ];
|
||||
@ -21,8 +21,6 @@ python3Packages.buildPythonApplication rec {
|
||||
|
||||
postInstall = ''
|
||||
mv $out/bin/nicotine $out/bin/nicotine-plus
|
||||
substituteInPlace $out/share/applications/org.nicotine_plus.Nicotine.desktop \
|
||||
--replace "Exec=nicotine" "Exec=$out/bin/nicotine-plus"
|
||||
'';
|
||||
|
||||
doCheck = false;
|
||||
|
43
pkgs/applications/office/gnucash/0001-changes.patch
Normal file
43
pkgs/applications/office/gnucash/0001-changes.patch
Normal file
@ -0,0 +1,43 @@
|
||||
diff --git a/libgnucash/engine/test/CMakeLists.txt b/libgnucash/engine/test/CMakeLists.txt
|
||||
index 8e44172ff..c7289e4fd 100644
|
||||
--- a/libgnucash/engine/test/CMakeLists.txt
|
||||
+++ b/libgnucash/engine/test/CMakeLists.txt
|
||||
@@ -167,22 +167,22 @@ set(test_gnc_numeric_SOURCES
|
||||
gnc_add_test(test-gnc-numeric "${test_gnc_numeric_SOURCES}"
|
||||
gtest_engine_INCLUDES gtest_qof_LIBS)
|
||||
|
||||
-set(test_gnc_timezone_SOURCES
|
||||
- ${MODULEPATH}/gnc-timezone.cpp
|
||||
- gtest-gnc-timezone.cpp)
|
||||
-gnc_add_test(test-gnc-timezone "${test_gnc_timezone_SOURCES}"
|
||||
- gtest_engine_INCLUDES gtest_old_engine_LIBS)
|
||||
-
|
||||
-set(test_gnc_datetime_SOURCES
|
||||
- ${MODULEPATH}/gnc-datetime.cpp
|
||||
- ${MODULEPATH}/gnc-timezone.cpp
|
||||
- ${MODULEPATH}/gnc-date.cpp
|
||||
- ${MODULEPATH}/qoflog.cpp
|
||||
- ${CMAKE_SOURCE_DIR}/libgnucash/core-utils/gnc-locale-utils.cpp
|
||||
- ${gtest_engine_win32_SOURCES}
|
||||
- gtest-gnc-datetime.cpp)
|
||||
-gnc_add_test(test-gnc-datetime "${test_gnc_datetime_SOURCES}"
|
||||
- gtest_engine_INCLUDES gtest_qof_LIBS)
|
||||
+#set(test_gnc_timezone_SOURCES
|
||||
+# ${MODULEPATH}/gnc-timezone.cpp
|
||||
+# gtest-gnc-timezone.cpp)
|
||||
+#gnc_add_test(test-gnc-timezone "${test_gnc_timezone_SOURCES}"
|
||||
+# gtest_engine_INCLUDES gtest_old_engine_LIBS)
|
||||
+
|
||||
+#set(test_gnc_datetime_SOURCES
|
||||
+# ${MODULEPATH}/gnc-datetime.cpp
|
||||
+# ${MODULEPATH}/gnc-timezone.cpp
|
||||
+# ${MODULEPATH}/gnc-date.cpp
|
||||
+# ${MODULEPATH}/qoflog.cpp
|
||||
+# ${CMAKE_SOURCE_DIR}/libgnucash/core-utils/gnc-locale-utils.cpp
|
||||
+# ${gtest_engine_win32_SOURCES}
|
||||
+# gtest-gnc-datetime.cpp)
|
||||
+#gnc_add_test(test-gnc-datetime "${test_gnc_datetime_SOURCES}"
|
||||
+# gtest_engine_INCLUDES gtest_qof_LIBS)
|
||||
|
||||
set(test_import_map_SOURCES
|
||||
gtest-import-map.cpp)
|
@ -1,4 +1,4 @@
|
||||
{ fetchurl, fetchpatch, lib, stdenv, pkg-config, makeWrapper, cmake, gtest
|
||||
{ fetchurl, lib, stdenv, pkg-config, makeWrapper, cmake, gtest
|
||||
, boost, icu, libxml2, libxslt, gettext, swig, isocodes, gtk3, glibcLocales
|
||||
, webkitgtk, dconf, hicolor-icon-theme, libofx, aqbanking, gwenhywfar, libdbi
|
||||
, libdbiDrivers, guile, perl, perlPackages
|
||||
@ -26,22 +26,13 @@ in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnucash";
|
||||
version = "4.6";
|
||||
version = "4.8";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/gnucash/${pname}-${version}.tar.bz2";
|
||||
sha256 = "0csp8iddhc901vv09gl5lj970g6ili696vwj4vdpkiprp7gh26r5";
|
||||
sha256 = "04pbgx08lfm3l46ndd28ivq5yp3y6zgalbzgi2x8w5inhgzy9f0m";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Fixes a warning about an initialized variable that kills enableDebugging gnucash builds on nix.
|
||||
# This will most likely be part of the 4.7 release, it will be safe to remove then.
|
||||
(fetchpatch {
|
||||
url = "https://github.com/Gnucash/gnucash/commit/b42052464ba9701a3d1834fc58fa0deb32ab9afe.patch";
|
||||
sha256 = "092957c8jqj4v70fv0ia1wpgl6x34hbwjrichxfbk5ja8l6535gc";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ pkg-config makeWrapper cmake gtest swig ];
|
||||
|
||||
buildInputs = [
|
||||
@ -56,6 +47,9 @@ stdenv.mkDerivation rec {
|
||||
# glib-2.62 deprecations
|
||||
NIX_CFLAGS_COMPILE = "-DGLIB_DISABLE_DEPRECATION_WARNINGS";
|
||||
|
||||
# this patch disables test-gnc-timezone and test-gnc-datetime which fail due to nix datetime challenges
|
||||
patches = [ ./0001-changes.patch ];
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs .
|
||||
'';
|
||||
@ -77,20 +71,16 @@ stdenv.mkDerivation rec {
|
||||
--prefix GIO_EXTRA_MODULES : "${lib.getLib dconf}/lib/gio/modules"
|
||||
'';
|
||||
|
||||
# TODO: The following tests FAILED:
|
||||
# 70 - test-load-c (Failed)
|
||||
# 71 - test-modsysver (Failed)
|
||||
# 72 - test-incompatdep (Failed)
|
||||
# 73 - test-agedver (Failed)
|
||||
# 77 - test-gnc-module-swigged-c (Failed)
|
||||
# 78 - test-gnc-module-load-deps (Failed)
|
||||
# 80 - test-gnc-module-scm-module (Failed)
|
||||
# 81 - test-gnc-module-scm-multi (Failed)
|
||||
/*
|
||||
GNUcash's `make check` target does not define its prerequisites but expects them to have already been built.
|
||||
The list of targets below was built through trial and error based on failing tests.
|
||||
*/
|
||||
preCheck = ''
|
||||
export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
|
||||
export LD_LIBRARY_PATH=$PWD/lib:$PWD/lib/gnucash:$PWD/lib/gnucash/test:$PWD/lib/gnucash/test/future''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
|
||||
export NIX_CFLAGS_LINK="-lgtest -lgtest_main"
|
||||
make test-scm-query test-split-register-copy-ops test-link-ofx test-import-backend test-import-account-matcher test-import-pending-matches test-qofquerycore test-import-map test-gnc-numeric test-gnc-rational test-gnc-int128 test-qofsession test-kvp-value test-gnc-guid test-numeric test-vendor test-job test-employee test-customer test-address test-business test-recurrence test-transaction-voiding test-transaction-reversal test-split-vs-account test-tokenizer test-aqb test-import-parse test-link-module-tax-us test-dynload test-agedver test-incompatdep test-modsysver test-load-c test-gnc-path-util test-xml2-is-file test-load-example-account test-query test-querynew test-lots test-group-vs-book test-account-object test-engine test-qof test-commodities test-object test-guid test-load-engine test-userdata-dir-invalid-home test-userdata-dir test-resolve-file-path test-gnc-glib-utils test-sqlbe test-column-types test-backend-dbi test-xml-transaction test-xml-pricedb test-xml-commodity test-xml-account test-string-converters test-load-backend test-kvp-frames test-dom-converters1 test-autoclear test-sx test-print-parse-amount gncmod-futuremodsys
|
||||
'';
|
||||
doCheck = false;
|
||||
doCheck = true;
|
||||
|
||||
meta = {
|
||||
description = "Personal and small-business financial-accounting application";
|
||||
|
@ -2,17 +2,17 @@
|
||||
, libiconv, Security }:
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
version = "0.6.1";
|
||||
version = "0.6.2";
|
||||
pname = "rink";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "tiffany352";
|
||||
repo = "rink-rs";
|
||||
rev = "v${version}";
|
||||
sha256 = "1h93xlavcjvx588q8wkpbzph88yjjhhvzcfxr5nicdca0jnha5ch";
|
||||
sha256 = "sha256-l2Rj15zaJm94EHwvOssfvYQNOoWj45Nq9M85n+A0vo4=";
|
||||
};
|
||||
|
||||
cargoSha256 = "0x4rvfnw3gl2aj6i006nkk3y1f8skyv8g0ss3z2v6qj9nhs7pyir";
|
||||
cargoSha256 = "sha256-GhuvwVkDRFjC6BghaNMFZZG9hResTN1u0AuvIXlFmig=";
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [ ncurses ]
|
||||
|
@ -27,7 +27,7 @@
|
||||
}:
|
||||
|
||||
let
|
||||
version = "1.10.2";
|
||||
version = "1.10.3";
|
||||
|
||||
# build stimuli file for PGO build and the script to generate it
|
||||
# independently of the foot's build, so we can cache the result
|
||||
@ -99,7 +99,7 @@ stdenv.mkDerivation rec {
|
||||
owner = "dnkl";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "00096c2m8pn4gpafvmg9lhyprwgnsis62bq4qmagnbb49bj5kr9v";
|
||||
sha256 = "13v6xqaw3xn1x84dn4gnkiimcsllb19mrbvcdj2fnm8klnrys3gs";
|
||||
};
|
||||
|
||||
depsBuildBuild = [
|
||||
|
@ -1,32 +0,0 @@
|
||||
{ lib
|
||||
, buildGoPackage
|
||||
, fetchFromGitHub
|
||||
, pkg-config
|
||||
, libgit2_0_27
|
||||
}:
|
||||
|
||||
buildGoPackage rec {
|
||||
version = "0.2.3";
|
||||
pname = "gitin";
|
||||
|
||||
goPackagePath = "github.com/isacikgoz/gitin";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "isacikgoz";
|
||||
repo = "gitin";
|
||||
rev = "v${version}";
|
||||
sha256 = "00z6i0bjk3hdxbc0cy12ss75b41yvzyl5pm6rdrvsjhzavry2fa3";
|
||||
};
|
||||
|
||||
goDeps = ./deps.nix;
|
||||
|
||||
nativeBuildInputs = [ pkg-config ];
|
||||
buildInputs = [ libgit2_0_27 ];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/isacikgoz/gitin";
|
||||
description = "Text-based user interface for git";
|
||||
license = licenses.bsd3;
|
||||
maintainers = with maintainers; [ kimat ];
|
||||
};
|
||||
}
|
@ -1,121 +0,0 @@
|
||||
# This file was generated by https://github.com/kamilchm/go2nix v1.3.0
|
||||
[
|
||||
{
|
||||
goPackagePath = "github.com/alecthomas/template";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/alecthomas/template";
|
||||
rev = "fb15b899a75114aa79cc930e33c46b577cc664b1";
|
||||
sha256 = "1vlasv4dgycydh5wx6jdcvz40zdv90zz1h7836z7lhsi2ymvii26";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/alecthomas/units";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/alecthomas/units";
|
||||
rev = "f65c72e2690dc4b403c8bd637baf4611cd4c069b";
|
||||
sha256 = "04jyqm7m3m01ppfy1f9xk4qvrwvs78q9zml6llyf2b3v5k6b2bbc";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/fatih/color";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/fatih/color";
|
||||
rev = "daf2830f2741ebb735b21709a520c5f37d642d85";
|
||||
sha256 = "086z8ssmr1fn9ba4mqnw7pnccfpys6l5yfhvycv1gdrsk7n27mvs";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/isacikgoz/gia";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/isacikgoz/gia";
|
||||
rev = "00556493579ec25f4e199b85ee1e2a73c98d15bb";
|
||||
sha256 = "16nqi4z1pgybcw05wbp3qnbbq407smcr56hq7npnhkirngc5j822";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/jroimartin/gocui";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/jroimartin/gocui";
|
||||
rev = "c055c87ae801372cd74a0839b972db4f7697ae5f";
|
||||
sha256 = "1b1cbjg925l1c5v3ls8amni9716190yzf847cqs9wjnj82z8qa47";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/justincampbell/timeago";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/justincampbell/timeago";
|
||||
rev = "027f40306f1dbe89d24087611680ef95543bf876";
|
||||
sha256 = "1p3va1cn9x5pyvq7k64mnvbxp5zy7h9z49syjyglixgg6avdbp1v";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/kelseyhightower/envconfig";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/kelseyhightower/envconfig";
|
||||
rev = "0b417c4ec4a8a82eecc22a1459a504aa55163d61";
|
||||
sha256 = "1a7b35njpqz94gbd7wvsl3wjzpd5y1fj1lrg2sdh00yq0nax1qj9";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/mattn/go-runewidth";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/mattn/go-runewidth";
|
||||
rev = "14e809f6d78fcf9f48ff9b70981472b64c05f754";
|
||||
sha256 = "1mvlxcdwr0vwp8b2wqs6y7hk72y28sqh03dz5x0xkg48d4y9cplj";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/nsf/termbox-go";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/nsf/termbox-go";
|
||||
rev = "38ba6e5628f1d70bac606cfd210b9ad1a16c3027";
|
||||
sha256 = "03xx5vbnavklsk6wykcc7qhmhvn2074sx0ql06b51vqsxwsa6zw2";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/sahilm/fuzzy";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/sahilm/fuzzy";
|
||||
rev = "d88f8cb825ddd46a2ce86b60382e11645220ee33";
|
||||
sha256 = "0nl4l02s3961p11aj1vgajfy28rqlya2z6af2xjncra59gfhqvlq";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "github.com/waigani/diffparser";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://github.com/waigani/diffparser";
|
||||
rev = "7391f219313d9175703f67561b222fd2a81bca30";
|
||||
sha256 = "0h3y3ivlghdvkyqsh5lcidqdajhc9g7m1xqm73j9a0ayby0sx1ql";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "gopkg.in/alecthomas/kingpin.v2";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://gopkg.in/alecthomas/kingpin.v2";
|
||||
rev = "947dcec5ba9c011838740e680966fd7087a71d0d";
|
||||
sha256 = "0mndnv3hdngr3bxp7yxfd47cas4prv98sqw534mx7vp38gd88n5r";
|
||||
};
|
||||
}
|
||||
{
|
||||
goPackagePath = "gopkg.in/libgit2/git2go.v27";
|
||||
fetch = {
|
||||
type = "git";
|
||||
url = "https://gopkg.in/libgit2/git2go.v27";
|
||||
rev = "6cc7d3dc6aec2781fe0239315da215f49c76e2f8";
|
||||
sha256 = "0b2m4rjadngyd675bi1k21pyi9r91dsxngzd4mikacpd7yshgvaq";
|
||||
};
|
||||
}
|
||||
]
|
||||
|
@ -214,6 +214,7 @@ in stdenv.mkDerivation (fBuildAttrs // {
|
||||
--output_base="$bazelOut" \
|
||||
--output_user_root="$bazelUserRoot" \
|
||||
build \
|
||||
--curses=no \
|
||||
-j $NIX_BUILD_CORES \
|
||||
"''${copts[@]}" \
|
||||
"''${host_copts[@]}" \
|
||||
|
@ -5,18 +5,28 @@
|
||||
, gnome-themes-extra
|
||||
, gtk-engine-murrine
|
||||
, sassc
|
||||
, accentColor ? "default"
|
||||
, tweaks ? [ ] # can be "solid" "compact" "black" "primary"
|
||||
}:
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
let
|
||||
validTweaks = [ "solid" "compact" "black" "primary" ];
|
||||
unknownTweaks = lib.subtractLists validTweaks tweaks;
|
||||
in
|
||||
assert lib.assertMsg (unknownTweaks == [ ]) ''
|
||||
You entered wrong tweaks: ${toString unknownTweaks}
|
||||
Valid tweaks are: ${toString validTweaks}
|
||||
'';
|
||||
|
||||
stdenvNoCC.mkDerivation
|
||||
rec {
|
||||
pname = "orchis-theme";
|
||||
version = "2021-06-25";
|
||||
version = "2021-12-13";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
repo = "Orchis-theme";
|
||||
owner = "vinceliuice";
|
||||
rev = version;
|
||||
sha256 = "sha256-j0nsw1yR1yOckXiIMtzhC3w6kvfzxQQHgwdY6l0OuXw=";
|
||||
sha256 = "sha256-PN2ucGMDzRv4v86X1zVIs9+GkbMWuja2WaSQLFvJYd0=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ gtk3 sassc ];
|
||||
@ -31,7 +41,7 @@ stdenvNoCC.mkDerivation rec {
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
bash install.sh -d $out/share/themes -t ${accentColor}
|
||||
bash install.sh -d $out/share/themes -t all ${lib.optionalString (tweaks != []) "--tweaks " + builtins.toString tweaks}
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
|
@ -13,11 +13,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnome-shell-extensions";
|
||||
version = "41.0";
|
||||
version = "41.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/gnome-shell-extensions/${lib.versions.major version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "2E+qwUSLOPl12cGUkMWSivxcWixJ3X5/ga9pD5Rm/Gg=";
|
||||
sha256 = "0ObyJz8I1S2SX8K7ZrR7KOXvUNG4oUAgh3xmJCPVB9M=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -66,13 +66,13 @@ let
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnome-shell";
|
||||
version = "41.1";
|
||||
version = "41.2";
|
||||
|
||||
outputs = [ "out" "devdoc" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/gnome-shell/${lib.versions.major version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "X3QkVt/gBgXA8JCjcoymJ5e8SeUK+FK71yhdoaBRf/Y=";
|
||||
sha256 = "OEZR6wUTk9ur4AbRrQV78p1c1z67h7x3n/Xhwx6AqCc=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -46,13 +46,13 @@
|
||||
|
||||
let self = stdenv.mkDerivation rec {
|
||||
pname = "mutter";
|
||||
version = "41.1";
|
||||
version = "41.2";
|
||||
|
||||
outputs = [ "out" "dev" "man" ];
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/mutter/${lib.versions.major version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "WOY/0LxD81E08hMTr/Suv5LIKdbfTcmaBEoeN2aR4/M=";
|
||||
sha256 = "AN+oEvHEhtdKK3P0IEWuEYL5JGx3lNZ9dLXlQ+pwBhc=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
@ -1,8 +1,20 @@
|
||||
{ lib, stdenv, fetchFromGitHub, glib }:
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitHub
|
||||
, glib
|
||||
, substituteAll
|
||||
, hddtemp
|
||||
, liquidctl
|
||||
, lm_sensors
|
||||
, netcat-gnu
|
||||
, nvme-cli
|
||||
, procps
|
||||
, smartmontools
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gnome-shell-extension-freon";
|
||||
version = "44";
|
||||
version = "45";
|
||||
|
||||
passthru = {
|
||||
extensionUuid = "freon@UshakovVasilii_Github.yahoo.com";
|
||||
@ -13,11 +25,20 @@ stdenv.mkDerivation rec {
|
||||
owner = "UshakovVasilii";
|
||||
repo = "gnome-shell-extension-freon";
|
||||
rev = "EGO-${version}";
|
||||
sha256 = "sha256-4DYAIC9N5id3vQe0WaOFP+MymsrPK18hbYqO4DjG+2U=";
|
||||
sha256 = "sha256-tPb7SzHSwvz7VV+kZTmcw1eAdtL1J7FJ3BOtg4Us8jc=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ glib ];
|
||||
|
||||
patches = [
|
||||
(substituteAll {
|
||||
src = ./fix_paths.patch;
|
||||
inherit hddtemp liquidctl lm_sensors procps smartmontools;
|
||||
netcat = netcat-gnu;
|
||||
nvmecli = nvme-cli;
|
||||
})
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
glib-compile-schemas --strict --targetdir="freon@UshakovVasilii_Github.yahoo.com/schemas" "freon@UshakovVasilii_Github.yahoo.com/schemas"
|
||||
|
85
pkgs/desktops/gnome/extensions/freon/fix_paths.patch
Normal file
85
pkgs/desktops/gnome/extensions/freon/fix_paths.patch
Normal file
@ -0,0 +1,85 @@
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
|
||||
index e5d1d6d..856654b 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/hddtempUtil.js
|
||||
@@ -7,7 +7,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
- let hddtempArgv = GLib.find_program_in_path('hddtemp');
|
||||
+ let hddtempArgv = GLib.find_program_in_path('@hddtemp@/bin/hddtemp');
|
||||
if(hddtempArgv) {
|
||||
// check if this user can run hddtemp directly.
|
||||
if(!GLib.spawn_command_line_sync(hddtempArgv)[3]){
|
||||
@@ -19,8 +19,8 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
|
||||
// doesn't seem to be the case… is it running as a daemon?
|
||||
// Check first for systemd
|
||||
let systemctl = GLib.find_program_in_path('systemctl');
|
||||
- let pidof = GLib.find_program_in_path('pidof');
|
||||
- let nc = GLib.find_program_in_path('nc');
|
||||
+ let pidof = GLib.find_program_in_path('@procps@/bin/pidof');
|
||||
+ let nc = GLib.find_program_in_path('@netcat@/bin/nc');
|
||||
let pid = undefined;
|
||||
|
||||
if(systemctl) {
|
||||
@@ -35,7 +35,7 @@ var HddtempUtil = class extends CommandLineUtil.CommandLineUtil {
|
||||
|
||||
// systemd isn't used on this system, try sysvinit instead
|
||||
if(!pid && pidof) {
|
||||
- let output = GLib.spawn_command_line_sync("pidof hddtemp")[1].toString().trim();
|
||||
+ let output = GLib.spawn_command_line_sync("@procps@/bin/pidof hddtemp")[1].toString().trim();
|
||||
if(output.length)
|
||||
pid = Number(output.trim());
|
||||
}
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
|
||||
index 766bf62..7cd4e94 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/liquidctlUtil.js
|
||||
@@ -8,7 +8,7 @@ const commandLineUtil = Me.imports.commandLineUtil;
|
||||
var LiquidctlUtil = class extends commandLineUtil.CommandLineUtil {
|
||||
constructor() {
|
||||
super();
|
||||
- const path = GLib.find_program_in_path('liquidctl');
|
||||
+ const path = GLib.find_program_in_path('@liquidctl@/bin/liquidctl');
|
||||
this._argv = path ? [path, 'status', '--json'] : null;
|
||||
}
|
||||
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
|
||||
index ae2ea93..2349b9e 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/nvmecliUtil.js
|
||||
@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
|
||||
const Me = imports.misc.extensionUtils.getCurrentExtension();
|
||||
|
||||
function getNvmeData (argv){
|
||||
- const nvme = GLib.find_program_in_path('nvme')
|
||||
+ const nvme = GLib.find_program_in_path('@nvmecli@/bin/nvme')
|
||||
return JSON.parse(GLib.spawn_command_line_sync(`${nvme} ${argv} -o json`)[1].toString())
|
||||
}
|
||||
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
|
||||
index 62fa580..c017748 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/sensorsUtil.js
|
||||
@@ -7,7 +7,7 @@ var SensorsUtil = class extends CommandLineUtil.CommandLineUtil {
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
- let path = GLib.find_program_in_path('sensors');
|
||||
+ let path = GLib.find_program_in_path('@lm_sensors@/bin/sensors');
|
||||
// -A: Do not show adapter -j: JSON output
|
||||
this._argv = path ? [path, '-A', '-j'] : null;
|
||||
}
|
||||
diff --git a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
|
||||
index 03d469b..6057a3b 100644
|
||||
--- a/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
|
||||
+++ b/freon@UshakovVasilii_Github.yahoo.com/smartctlUtil.js
|
||||
@@ -3,7 +3,7 @@ const GLib = imports.gi.GLib;
|
||||
const Me = imports.misc.extensionUtils.getCurrentExtension();
|
||||
const ByteArray = imports.byteArray;
|
||||
function getSmartData (argv){
|
||||
- const smartctl = GLib.find_program_in_path('smartctl')
|
||||
+ const smartctl = GLib.find_program_in_path('@smartmontools@/bin/smartctl')
|
||||
return JSON.parse(ByteArray.toString( GLib.spawn_command_line_sync(`${smartctl} ${argv} -j`)[1] ))
|
||||
}
|
||||
|
@ -11,6 +11,13 @@ mkDerivation rec {
|
||||
sha256 = "1acb693ad2nrmnn6jxsyrlkc0di3kk2ksj2w9wnyfxrgvfsil7rn";
|
||||
};
|
||||
|
||||
# Remove this once new version of agda-categories is released which
|
||||
# directly references standard-library-1.7.1
|
||||
postPatch = ''
|
||||
substituteInPlace agda-categories.agda-lib \
|
||||
--replace 'standard-library-1.7' 'standard-library-1.7.1'
|
||||
'';
|
||||
|
||||
buildInputs = [ standard-library ];
|
||||
|
||||
meta = with lib; {
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "cubical";
|
||||
version = "0.3pred5030a9";
|
||||
version = "0.4prec3e097a";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
repo = pname;
|
||||
owner = "agda";
|
||||
rev = "d5030a9c89070255fc575add4e9f37b97e6a0c0c";
|
||||
sha256 = "18achbxap4ikydigmz3m3xjfn3i9dw4rn8yih82vrlc01j02nqpi";
|
||||
rev = "c3e097a98c84083550fa31101346bd42a0501add";
|
||||
sha256 = "101cni2a9xvia1mglb94z61jm8xk9r5kc1sn44cri0qsmk1zbqxs";
|
||||
};
|
||||
|
||||
LC_ALL = "en_US.UTF-8";
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
mkDerivation rec {
|
||||
pname = "standard-library";
|
||||
version = "1.7";
|
||||
version = "1.7.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
repo = "agda-stdlib";
|
||||
owner = "agda";
|
||||
rev = "v${version}";
|
||||
sha256 = "14h3jprm6924g9576v25axn9v6xnip354hvpzlcqsc5qqyj7zzjs";
|
||||
sha256 = "0khl12jvknsvjsq3l5cbp2b5qlw983qbymi1dcgfz9z0b92si3r0";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ (ghcWithPackages (self : [ self.filemanip ])) ];
|
||||
|
@ -7,7 +7,7 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bctoolbox";
|
||||
version = "5.0.0";
|
||||
version = "5.0.55";
|
||||
|
||||
nativeBuildInputs = [ cmake bcunit ];
|
||||
buildInputs = [ mbedtls ];
|
||||
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
|
||||
group = "BC";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-/jv59ZeELfP7PokzthvZNL4FS3tyzRmCHp4I/Lp8BJM=";
|
||||
sha256 = "sha256-fZ+8XBTZ6/wNd8odzg20dAXtbjRudI6Nw0hKC9bopGo=";
|
||||
};
|
||||
|
||||
# Do not build static libraries
|
||||
|
@ -2,14 +2,14 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "olm";
|
||||
version = "3.2.6";
|
||||
version = "3.2.8";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "gitlab.matrix.org";
|
||||
owner = "matrix-org";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "1srmw36nxi0z2y5d9adks09p950qm0fscbnrq1fl37fdypvjl1sk";
|
||||
sha256 = "1jfhydfcnqpksb2bhi960v3h10prf4v5gx42mm2rp6p0jfbqcy50";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake ];
|
||||
|
@ -6,11 +6,11 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "aiohue";
|
||||
version = "3.0.2";
|
||||
version = "3.0.3";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "8aaee7fef3fff4c9271728c645896226f3df1e00bfab8dcea2456edfb3395fd0";
|
||||
sha256 = "sha256-ajDwA8zFBQdFeI3oUBBWQZA13PNust21BWxrsB7PcTQ=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -2,21 +2,24 @@
|
||||
, aiohttp
|
||||
, async-timeout
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, fetchFromGitHub
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "aiopvapi";
|
||||
version = "1.6.14";
|
||||
version = "1.6.19";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.5";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "02bl7q166j6rb8av9n1jz11xlwhrzmbkjq70mwr86qaj63pcxrak";
|
||||
src = fetchFromGitHub {
|
||||
owner = "sander76";
|
||||
repo = "aio-powerview-api";
|
||||
# no tags on git, no sdist on pypi: https://github.com/sander76/aio-powerview-api/issues/12
|
||||
rev = "89711e2a0cb4640eb458767d289dcfa3acafb10f";
|
||||
sha256 = "18gbz9rcf183syvxvvhhl62af3b7463rlqxxs49w4m805hkvirdp";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
28
pkgs/development/python-modules/asyncio-rlock/default.nix
Normal file
28
pkgs/development/python-modules/asyncio-rlock/default.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, pytestCheckHook
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "asyncio-rlock";
|
||||
version = "0.1.0";
|
||||
|
||||
src = fetchPypi {
|
||||
pname = "asyncio_rlock";
|
||||
inherit version;
|
||||
sha256 = "7e29824331619873e10d5d99dcc46d7b8f196c4a11b203f4eeccc0c091039d43";
|
||||
};
|
||||
|
||||
# no tests on PyPI, no tags on GitLab
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [ "asyncio_rlock" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Rlock like in threading module but for asyncio";
|
||||
homepage = "https://gitlab.com/heckad/asyncio_rlock";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ dotlambda ];
|
||||
};
|
||||
}
|
47
pkgs/development/python-modules/cart/default.nix
Normal file
47
pkgs/development/python-modules/cart/default.nix
Normal file
@ -0,0 +1,47 @@
|
||||
{ lib
|
||||
, pycryptodome
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, pythonOlder
|
||||
, pytestCheckHook
|
||||
, unittest2
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "cart";
|
||||
version = "1.2.1";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "CybercentreCanada";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-PsdDlNhX0FbuwS5ZXk9P98DjnzDGdigfnRwrdwYa4qY=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pycryptodome
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
unittest2
|
||||
];
|
||||
|
||||
pytestFlagsArray = [
|
||||
"unittests"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"cart"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python module for the CaRT Neutering format";
|
||||
homepage = "https://github.com/CybercentreCanada/cart";
|
||||
license = with licenses; [ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
38
pkgs/development/python-modules/circuitbreaker/default.nix
Normal file
38
pkgs/development/python-modules/circuitbreaker/default.nix
Normal file
@ -0,0 +1,38 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, mock
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "circuitbreaker";
|
||||
version = "1.3.2";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "fabfuel";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-3hFa8dwCso5tj26ek2jMdVBRzu5H3vkdjQlDYw2hSH0=";
|
||||
};
|
||||
|
||||
checkInputs = [
|
||||
mock
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"circuitbreaker"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python Circuit Breaker implementation";
|
||||
homepage = "https://github.com/fabfuel/circuitbreaker";
|
||||
license = with licenses; [ bsd3 ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
47
pkgs/development/python-modules/dm-tree/default.nix
Normal file
47
pkgs/development/python-modules/dm-tree/default.nix
Normal file
@ -0,0 +1,47 @@
|
||||
{ autoPatchelfHook
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, isPy39
|
||||
, lib
|
||||
, six
|
||||
, stdenv
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "dm-tree";
|
||||
version = "0.1.6";
|
||||
format = "wheel";
|
||||
|
||||
# At the time of writing (8/19/21), there are releases for 3.6-3.9. Supporting
|
||||
# all of them is a pain, so we focus on 3.9, the current nixpkgs python3
|
||||
# version.
|
||||
disabled = !isPy39;
|
||||
|
||||
src = fetchPypi {
|
||||
inherit version format;
|
||||
sha256 = "1f71dy5xa5ywa5chbdhpdf8k0w1v9cvpn3qyk8nnjm79j90la9c4";
|
||||
pname = "dm_tree";
|
||||
dist = "cp39";
|
||||
python = "cp39";
|
||||
abi = "cp39";
|
||||
platform = "manylinux_2_24_x86_64";
|
||||
};
|
||||
|
||||
# Prebuilt wheels are dynamically linked against things that nix can't find.
|
||||
# Run `autoPatchelfHook` to automagically fix them.
|
||||
nativeBuildInputs = [ autoPatchelfHook ];
|
||||
# Dynamic link dependencies
|
||||
buildInputs = [ stdenv.cc.cc ];
|
||||
|
||||
propagatedBuildInputs = [ six ];
|
||||
|
||||
pythonImportsCheck = [ "tree" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Tree is a library for working with nested data structures.";
|
||||
homepage = "https://github.com/deepmind/tree";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ samuela ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
40
pkgs/development/python-modules/ecs-logging/default.nix
Normal file
40
pkgs/development/python-modules/ecs-logging/default.nix
Normal file
@ -0,0 +1,40 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, flit-core
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "ecs-logging";
|
||||
version = "1.1.0";
|
||||
format = "flit";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "elastic";
|
||||
repo = "ecs-logging-python";
|
||||
rev = version;
|
||||
sha256 = "sha256-UcQh/+K2d4tiMZaz4IAZ2w/B88vEkHoq2LCPMNZ95Mo=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
flit-core
|
||||
];
|
||||
|
||||
# Circular dependency elastic-apm
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"ecs_logging"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Logging formatters for the Elastic Common Schema (ECS) in Python";
|
||||
homepage = "https://github.com/elastic/ecs-logging-python";
|
||||
license = with licenses; [ asl20 ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
90
pkgs/development/python-modules/elastic-apm/default.nix
Normal file
90
pkgs/development/python-modules/elastic-apm/default.nix
Normal file
@ -0,0 +1,90 @@
|
||||
{ lib
|
||||
, asynctest
|
||||
, aiohttp
|
||||
, blinker
|
||||
, buildPythonPackage
|
||||
, certifi
|
||||
, ecs-logging
|
||||
, fetchFromGitHub
|
||||
, httpx
|
||||
, jinja2
|
||||
, jsonschema
|
||||
, Logbook
|
||||
, mock
|
||||
, pytest-asyncio
|
||||
, pytest-bdd
|
||||
, pytest-localserver
|
||||
, pytest-mock
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, sanic
|
||||
, sanic-testing
|
||||
, starlette
|
||||
, structlog
|
||||
, tornado
|
||||
, urllib3
|
||||
, webob
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "elastic-apm";
|
||||
version = "6.7.2";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "elastic";
|
||||
repo = "apm-agent-python";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-NyoFJ3HVxE3AdCCZCZrEk4dDiTIv9cGZYPHVre/PMO4=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
aiohttp
|
||||
blinker
|
||||
certifi
|
||||
sanic
|
||||
starlette
|
||||
tornado
|
||||
urllib3
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
asynctest
|
||||
ecs-logging
|
||||
jinja2
|
||||
jsonschema
|
||||
Logbook
|
||||
mock
|
||||
httpx
|
||||
pytest-asyncio
|
||||
pytest-bdd
|
||||
pytest-mock
|
||||
pytest-localserver
|
||||
sanic-testing
|
||||
pytestCheckHook
|
||||
structlog
|
||||
webob
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
"elasticapm_client"
|
||||
];
|
||||
|
||||
disabledTestPaths = [
|
||||
# Exclude tornado tests
|
||||
"tests/contrib/asyncio/tornado/tornado_tests.py"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"elasticapm"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python agent for the Elastic APM";
|
||||
homepage = "https://github.com/elastic/apm-agent-python";
|
||||
license = with licenses; [ bsd3 ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
@ -7,12 +7,12 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "fastecdsa";
|
||||
version = "2.2.2";
|
||||
version = "2.2.3";
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1eb6f3ac86ec483a10df62fcda1fb9a9d5d895a436871a8aa935dd20ccd82c6f";
|
||||
sha256 = "269bdb0f618b38f8f6aec9d23d23db518046c3cee01a954fa6aa7322a1a7db8f";
|
||||
};
|
||||
|
||||
buildInputs = [ gmp ];
|
||||
|
@ -8,7 +8,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "flux-led";
|
||||
version = "0.25.13";
|
||||
version = "0.26.11";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
@ -17,7 +17,7 @@ buildPythonPackage rec {
|
||||
owner = "Danielhiversen";
|
||||
repo = "flux_led";
|
||||
rev = version;
|
||||
sha256 = "sha256-ZWaKk9496AKlQIni+VmnyIda9kn5zQfzmaD76DznQNU=";
|
||||
sha256 = "sha256-1+LS9pAJQsXzt5vC4vR2SBzC21GbLj8nZ8oF5CfVWSg=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "google-nest-sdm";
|
||||
version = "0.4.5";
|
||||
version = "0.4.6";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
@ -22,7 +22,7 @@ buildPythonPackage rec {
|
||||
owner = "allenporter";
|
||||
repo = "python-google-nest-sdm";
|
||||
rev = version;
|
||||
sha256 = "sha256-R1/PkWyMHrZmLp+6VqAkLVzycdT1uK5SySUqpOolJCY=";
|
||||
sha256 = "sha256-oMYCBmqDTPcGHwP3LFYX3CdbHw2hg41EQQv8iiv+ljE=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
@ -3,6 +3,7 @@
|
||||
, fetchFromGitHub
|
||||
, pythonOlder
|
||||
, anyio
|
||||
, asyncio-rlock
|
||||
, asyncio-throttle
|
||||
, dataclasses
|
||||
, ircstates
|
||||
@ -13,23 +14,26 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "ircrobots";
|
||||
version = "0.3.8";
|
||||
version = "0.4.6";
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "jesopo";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "06q86dqllxvi3nssfplmjk9yxaybighwh87lrxfpfhl8yy4z68jz";
|
||||
sha256 = "sha256-+BrS1+ZkgwT/qvqD0PwRZi2LF+31biS738SzKH1dy7w=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
# too specific pins https://github.com/jesopo/ircrobots/issues/3
|
||||
sed -iE 's/anyio.*/anyio/' requirements.txt
|
||||
sed -iE 's/ircstates.*/ircstates/' requirements.txt
|
||||
sed -iE 's/async_timeout.*/async_timeout/' requirements.txt
|
||||
'';
|
||||
|
||||
propagatedBuildInputs = [
|
||||
anyio
|
||||
asyncio-rlock
|
||||
asyncio-throttle
|
||||
ircstates
|
||||
async_stagger
|
||||
|
59
pkgs/development/python-modules/jproperties/default.nix
Normal file
59
pkgs/development/python-modules/jproperties/default.nix
Normal file
@ -0,0 +1,59 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, pytestCheckHook
|
||||
, six
|
||||
, pytest-datadir
|
||||
, setuptools-scm
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "jproperties";
|
||||
version = "2.1.1";
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Tblue";
|
||||
repo = "python-jproperties";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-O+ALeGHMNjW1dc9IRyLzO81k8DW2vbGjuZqXxgrhYjo=";
|
||||
};
|
||||
|
||||
SETUPTOOLS_SCM_PRETEND_VERSION = version;
|
||||
|
||||
nativeBuildInputs = [
|
||||
setuptools-scm
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
six
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytest-datadir
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "setuptools_scm ~= 3.3" "setuptools_scm"
|
||||
substituteInPlace pytest.ini \
|
||||
--replace "--cov=jproperties --cov-report=term --cov-report=html --cov-branch" ""
|
||||
'';
|
||||
|
||||
disabledTestPaths = [
|
||||
# TypeError: 'PosixPath' object...
|
||||
"tests/test_simple_utf8.py"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"jproperties"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Java Property file parser and writer for Python";
|
||||
homepage = "https://github.com/Tblue/python-jproperties";
|
||||
license = with licenses; [ bsd3 ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
@ -9,13 +9,13 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "lsassy";
|
||||
version = "3.1.0";
|
||||
version = "3.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Hackndo";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "0xycpyzjbzr7836hjzcbmf7sri0r2az65yc6yrgy6kay0v75j4p6";
|
||||
sha256 = "0jd0kmp0mc8jn5qmgrspdx05vy6nyq773cj4yid1qyr8dmyx6a7n";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
36
pkgs/development/python-modules/luhn/default.nix
Normal file
36
pkgs/development/python-modules/luhn/default.nix
Normal file
@ -0,0 +1,36 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, pytestCheckHook
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "luhn";
|
||||
version = "0.2.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mmcloughlin";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-ZifaCjOVhWdXuzi5n6V+6eVN5vrEHKgUdpSOXoMyR18=";
|
||||
};
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
pytestFlagsArray = [
|
||||
"test.py"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"luhn"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python module for generate and verify Luhn check digits";
|
||||
homepage = "https://github.com/mmcloughlin/luhn";
|
||||
license = with licenses; [ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
37
pkgs/development/python-modules/mizani/default.nix
Normal file
37
pkgs/development/python-modules/mizani/default.nix
Normal file
@ -0,0 +1,37 @@
|
||||
{ buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, lib
|
||||
, matplotlib
|
||||
, palettable
|
||||
, pandas
|
||||
, pytestCheckHook
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "mizani";
|
||||
version = "0.7.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "has2k1";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "04r53dp5jbklv8l9ncgc5wiq0gx25y73h65gmmbbfkxwgsl3w78l";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace pytest.ini --replace " --cov=mizani --cov-report=xml" ""
|
||||
'';
|
||||
|
||||
propagatedBuildInputs = [ matplotlib palettable pandas ];
|
||||
|
||||
checkInputs = [ pytestCheckHook ];
|
||||
|
||||
pythonImportsCheck = [ "mizani" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Scales for Python";
|
||||
homepage = "https://github.com/has2k1/mizani";
|
||||
license = licenses.bsd3;
|
||||
maintainers = with maintainers; [ samuela ];
|
||||
};
|
||||
}
|
53
pkgs/development/python-modules/ml-collections/default.nix
Normal file
53
pkgs/development/python-modules/ml-collections/default.nix
Normal file
@ -0,0 +1,53 @@
|
||||
{ absl-py
|
||||
, buildPythonPackage
|
||||
, contextlib2
|
||||
, fetchPypi
|
||||
, fetchurl
|
||||
, lib
|
||||
, pyyaml
|
||||
}:
|
||||
|
||||
let
|
||||
requirements = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/google/ml_collections/7f749a281c69f9d0b339c05ecb94b80d95029f25/requirements.txt";
|
||||
sha256 = "1xb351hiscj4zmajfkql3swpacdp6lmz8iwdvwwdx2zqw9a62zps";
|
||||
};
|
||||
requirements-test = fetchurl {
|
||||
url = "https://raw.githubusercontent.com/google/ml_collections/7f749a281c69f9d0b339c05ecb94b80d95029f25/requirements-test.txt";
|
||||
sha256 = "0r457k2nrg5jkf093r0x29yf8xwy6l7jxi6al0fh7mmnfrhr9cb1";
|
||||
};
|
||||
in
|
||||
buildPythonPackage rec {
|
||||
pname = "ml-collections";
|
||||
version = "0.1.0";
|
||||
|
||||
# ml-collections does not have any git release tags. See https://github.com/google/ml_collections/issues/8.
|
||||
src = fetchPypi {
|
||||
inherit version;
|
||||
pname = "ml_collections";
|
||||
sha256 = "0g6gxfz8g6fh1sghys869ylxgpda9hq7ylc8jw05608l3k6pz8ar";
|
||||
};
|
||||
|
||||
# The pypi source archive does not include requirements.txt or
|
||||
# requirements-test.txt. See https://github.com/google/ml_collections/issues/7.
|
||||
postPatch = ''
|
||||
cp ${requirements} requirements.txt
|
||||
cp ${requirements-test} requirements-test.txt
|
||||
'';
|
||||
|
||||
propagatedBuildInputs = [ absl-py contextlib2 pyyaml ];
|
||||
|
||||
# The official test suite uses bazel. With pytestCheckHook there are name
|
||||
# conflicts between files and tests have assumptions that are broken by the
|
||||
# nix-build environment, eg. re module names and __file__ attributes.
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [ "ml_collections" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "ML Collections is a library of Python collections designed for ML usecases.";
|
||||
homepage = "https://github.com/google/ml_collections";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ samuela ];
|
||||
};
|
||||
}
|
55
pkgs/development/python-modules/msoffcrypto-tool/default.nix
Normal file
55
pkgs/development/python-modules/msoffcrypto-tool/default.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ lib
|
||||
, olefile
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, poetry-core
|
||||
, cryptography
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, setuptools
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "msoffcrypto-tool";
|
||||
version = "4.12.0";
|
||||
format = "pyproject";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nolze";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-EBEwldh2Ct/4oxnAF1hWeW/uRrVsCYEi0cJaZubofFk=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
poetry-core
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
cryptography
|
||||
olefile
|
||||
setuptools
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# Test fails with AssertionError
|
||||
"test_cli"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"msoffcrypto"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python tool and library for decrypting MS Office files with passwords or other keys";
|
||||
homepage = "https://github.com/nolze/msoffcrypto-tool";
|
||||
license = with licenses; [ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
@ -0,0 +1,58 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, docopt
|
||||
, fetchFromGitHub
|
||||
, freezegun
|
||||
, mock
|
||||
, pyjwt
|
||||
, pytest-mock
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, requests
|
||||
, requests-mock
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "notifications-python-client";
|
||||
version = "6.3.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "alphagov";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-pfOTVgsfXJQ9GIGowra3RAwxCri76RgnA9iyWbjomCk=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
docopt
|
||||
pyjwt
|
||||
requests
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
freezegun
|
||||
mock
|
||||
pytest-mock
|
||||
pytestCheckHook
|
||||
requests-mock
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "'pytest-runner'" ""
|
||||
'';
|
||||
|
||||
pythonImportsCheck = [
|
||||
"notifications_python_client"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python client for the GOV.UK Notify API";
|
||||
homepage = "https://github.com/alphagov/notifications-python-client";
|
||||
license = with licenses; [ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
57
pkgs/development/python-modules/oletools/default.nix
Normal file
57
pkgs/development/python-modules/oletools/default.nix
Normal file
@ -0,0 +1,57 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, colorclass
|
||||
, easygui
|
||||
, fetchFromGitHub
|
||||
, msoffcrypto-tool
|
||||
, olefile
|
||||
, pcodedmp
|
||||
, pyparsing
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, setuptools
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "oletools";
|
||||
version = "0.60";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "decalage2";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-gatUVkf8iT1OGnahX1BzQLDypCqhS1EvkAgUHJ6myA4=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
colorclass
|
||||
easygui
|
||||
msoffcrypto-tool
|
||||
olefile
|
||||
pcodedmp
|
||||
pyparsing
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# Test fails with AssertionError: Tuples differ: ('MS Word 2007+...
|
||||
"test_all"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"oletools"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python tool to analyze MS OLE2 files and MS Office documents";
|
||||
homepage = "https://github.com/decalage2/oletools";
|
||||
license = with licenses; [ bsd2 /* and */ mit ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
41
pkgs/development/python-modules/pcodedmp/default.nix
Normal file
41
pkgs/development/python-modules/pcodedmp/default.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pcodedmp";
|
||||
version = "1.2.6";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bontchev";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-SYOFGMvrzxDPMACaCvqwU28Mh9LEuvFBGvAph4X+geo=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
# Circular dependency
|
||||
substituteInPlace setup.py \
|
||||
--replace "'oletools>=0.54'," ""
|
||||
'';
|
||||
|
||||
# Module doesn't have tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"pcodedmp"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python VBA p-code disassembler";
|
||||
homepage = "https://github.com/bontchev/pcodedmp";
|
||||
license = with licenses; [ gpl3Only ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
@ -10,7 +10,7 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pyskyqremote";
|
||||
version = "0.2.49";
|
||||
version = "0.2.52";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.7";
|
||||
@ -19,7 +19,7 @@ buildPythonPackage rec {
|
||||
owner = "RogerSelwyn";
|
||||
repo = "skyq_remote";
|
||||
rev = version;
|
||||
sha256 = "sha256-Xhr+p/kIp3Sm7swqCsjXHaECntwJnBLyGlcSg2lsxZc=";
|
||||
sha256 = "sha256-iVXi9wopDjtZcqoEWYfg1oPx4RV3e3b9P07rC8ftz9U=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
47
pkgs/development/python-modules/python-datemath/default.nix
Normal file
47
pkgs/development/python-modules/python-datemath/default.nix
Normal file
@ -0,0 +1,47 @@
|
||||
{ lib
|
||||
, arrow
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, pythonOlder
|
||||
, pytestCheckHook
|
||||
, unittest2
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "python-datemath";
|
||||
version = "1.5.5";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "nickmaccarthy";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-WVWGhyBguE1+KEMQu0N5QxO7IC4rPEJ/2L3VWUCQNi4=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
arrow
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
pytestCheckHook
|
||||
unittest2
|
||||
];
|
||||
|
||||
pytestFlagsArray = [
|
||||
"tests.py"
|
||||
];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"datemath"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python module to emulate the date math used in SOLR and Elasticsearch";
|
||||
homepage = "https://github.com/nickmaccarthy/python-datemath";
|
||||
license = with licenses; [ asl20 ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
@ -7,13 +7,14 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "python_http_client";
|
||||
version = "3.3.3";
|
||||
version = "3.3.4";
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "sendgrid";
|
||||
repo = "python-http-client";
|
||||
rev = version;
|
||||
sha256 = "sha256-cZqyu67xP0UIKYbhYYTNL5kLiPjjMjayde75sqkHZhg=";
|
||||
sha256 = "sha256-wTXHq+tC+rfvmDZIWvcGhQZqm6DxOmx50BsX0c6asec=";
|
||||
};
|
||||
|
||||
checkInputs = [
|
||||
@ -21,9 +22,9 @@ buildPythonPackage rec {
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
# Failure was fixed by https://github.com/sendgrid/python-http-client/commit/6d62911ab0d0645b499e14bb17c302b48f3c10e4
|
||||
disabledTests = [ "test__daterange" ];
|
||||
pythonImportsCheck = [ "python_http_client" ];
|
||||
pythonImportsCheck = [
|
||||
"python_http_client"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python HTTP library to call APIs";
|
||||
|
37
pkgs/development/python-modules/subzerod/default.nix
Normal file
37
pkgs/development/python-modules/subzerod/default.nix
Normal file
@ -0,0 +1,37 @@
|
||||
{ lib
|
||||
, aiohttp
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "subzerod";
|
||||
version = "1.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-/7g8Upj9Hb4m83JXLI3X2lqa9faCt42LVxh+V9WpI68=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
aiohttp
|
||||
];
|
||||
|
||||
# Module has no tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"subzerod"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python module to help with the enumeration of subdomains";
|
||||
homepage = "https://github.com/sanderfoobar/subzerod";
|
||||
license = with licenses; [ wtfpl ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
};
|
||||
}
|
@ -2,14 +2,14 @@
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "youtube-transcript-api";
|
||||
version = "0.4.2";
|
||||
version = "0.4.3";
|
||||
|
||||
# PyPI tarball is missing some test files
|
||||
src = fetchFromGitHub {
|
||||
owner = "jdepoix";
|
||||
repo = "youtube-transcript-api";
|
||||
rev = "v${version}";
|
||||
sha256 = "04x7mfp4q17w3n8dnklbxblz22496g7g4879nz0wzgijg3m6cwlp";
|
||||
sha256 = "1krak5j2faj6951cl13h7hg9i3kyp6nslcbi608k8hxlbd80hc5h";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ requests ];
|
||||
|
@ -0,0 +1,30 @@
|
||||
From 13c633bf0075daa6ff973f368a25cf205caa017e Mon Sep 17 00:00:00 2001
|
||||
From: Pascal Bach <pascal.bach@nextrem.ch>
|
||||
Date: Sat, 11 Dec 2021 10:07:01 +0100
|
||||
Subject: [PATCH] gitlab-runner: don't checked for fixed runtime
|
||||
|
||||
We already use 1.16.12 which has the proper fix
|
||||
---
|
||||
helpers/patches/issue_28732/syscall.go | 7 +------
|
||||
1 file changed, 1 insertion(+), 6 deletions(-)
|
||||
|
||||
diff --git a/helpers/patches/issue_28732/syscall.go b/helpers/patches/issue_28732/syscall.go
|
||||
index 580513b57..fa9e4cc85 100644
|
||||
--- a/helpers/patches/issue_28732/syscall.go
|
||||
+++ b/helpers/patches/issue_28732/syscall.go
|
||||
@@ -2,11 +2,6 @@
|
||||
|
||||
package issue_28732
|
||||
|
||||
-import (
|
||||
- "syscall"
|
||||
-)
|
||||
-
|
||||
func AssertFixPresent() {
|
||||
- // Ensure that Issue28732Fix fixed runtime is used
|
||||
- syscall.Issue28732Fix()
|
||||
+ // Issue already fixed by using go 1.16.12
|
||||
}
|
||||
--
|
||||
2.34.0
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ lib, buildGoPackage, fetchFromGitLab, fetchurl }:
|
||||
|
||||
let
|
||||
version = "14.5.0";
|
||||
version = "14.5.2";
|
||||
in
|
||||
buildGoPackage rec {
|
||||
inherit version;
|
||||
@ -19,10 +19,13 @@ buildGoPackage rec {
|
||||
owner = "gitlab-org";
|
||||
repo = "gitlab-runner";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-BxnIrjiEW61J6hl7mWNXc2Vb4ae1cWqOypTy9Xo7Hkc=";
|
||||
sha256 = "07mr9w1rp3rnrlixmqziin1gw78s3gncg47b4z9h9zzpy3acy3xd";
|
||||
};
|
||||
|
||||
patches = [ ./fix-shell-path.patch ];
|
||||
patches = [
|
||||
./fix-shell-path.patch
|
||||
./0001-gitlab-runner-don-t-checked-for-fixed-runtime.patch
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "GitLab Runner the continuous integration executor of GitLab";
|
||||
|
@ -7,13 +7,13 @@
|
||||
# compilers to determine the desired target.
|
||||
, defaultTargets ? []}:
|
||||
stdenv.mkDerivation rec {
|
||||
version = "4.3.1";
|
||||
version = "4.5.2";
|
||||
pname = "rocminfo";
|
||||
src = fetchFromGitHub {
|
||||
owner = "RadeonOpenCompute";
|
||||
repo = "rocminfo";
|
||||
rev = "rocm-${version}";
|
||||
sha256 = "sha256-n80tiSVaPTFl4imZvoFENM4KhPLxgDKz5VlOvhEYlV0=";
|
||||
sha256 = "sha256-VIlHYiGLen4xmdP7kpmObj5wKy6Qq7iupJFtPa4Zd98=";
|
||||
};
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
@ -2,16 +2,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "cargo-feature";
|
||||
version = "0.5.5";
|
||||
version = "0.6.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Riey";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-0Ski+LytE636HHduisYJJq3khRsaJJ4YhpmaU5On348=";
|
||||
sha256 = "sha256-9TP67YtvRtgLtsKACL5xjXq5kZtYpTWsTqQsbOKPwtY=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-PA/s/BrqUftdGc5Lvd0glL9Dr8GLX9pYMq6WRRUQwEk=";
|
||||
cargoSha256 = "sha256-MkLsQebQdqfUuARIdQZg47kMPudstJUgRQgUuovoLes=";
|
||||
|
||||
buildInputs = lib.optional stdenv.isDarwin libiconv;
|
||||
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "vultr-cli";
|
||||
version = "2.9.0";
|
||||
version = "2.11.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "vultr";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-xgp+hNNStyakfS8h72CqRTeJVTgA4p4CkoCoTFmFRyI=";
|
||||
sha256 = "sha256-v5RbStmQX7D+i+oyekilLPsl6lta5rkJV4Uf0mjIF8Y=";
|
||||
};
|
||||
|
||||
vendorSha256 = null;
|
||||
|
@ -4,20 +4,19 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "fheroes2";
|
||||
version = "0.9.9";
|
||||
version = "0.9.10";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ihhub";
|
||||
repo = "fheroes2";
|
||||
rev = version;
|
||||
sha256 = "sha256-vm9/jHRrG7qSP4GKksUrcK0qC3BW9LXlOnH4/pRyEww=";
|
||||
sha256 = "sha256-8HXFt4SsQ+qXu/VJmdAdYX7XoNjA4AHItnwS/nyY6H8=";
|
||||
};
|
||||
|
||||
buildInputs = [ gettext libpng SDL2 SDL2_image SDL2_mixer SDL2_ttf zlib ];
|
||||
|
||||
makeFlags = [
|
||||
"FHEROES2_STRICT_COMPILATION=1"
|
||||
"RELEASE=1"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
@ -3,11 +3,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cifs-utils";
|
||||
version = "6.13";
|
||||
version = "6.14";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://samba/pub/linux-cifs/cifs-utils/${pname}-${version}.tar.bz2";
|
||||
sha256 = "sha256-Q9h4bIYTysz6hJEwgcHWK8JAlXWFTPiVsFtIrwhj0FY=";
|
||||
sha256 = "sha256-ZgnoB0tUISlf8BKjHwLM2aBYQVxhnIE2Lrt4jb8HVrg=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook docutils pkg-config ];
|
||||
|
@ -6,11 +6,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cpuid";
|
||||
version = "20211129";
|
||||
version = "20211210";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://etallen.com/cpuid/${pname}-${version}.src.tar.gz";
|
||||
sha256 = "sha256-Iwdyu4jERzLmikLS7/Q7z/RtiTv06m4EFR1MtujIji8=";
|
||||
sha256 = "sha256-4CmJVwDeGm+DNgJSgEiSzVi1TR9f869Et7tq/kEOX0Q=";
|
||||
};
|
||||
|
||||
# For pod2man during the build process.
|
||||
|
190
pkgs/os-specific/linux/sgx/psw/default.nix
Normal file
190
pkgs/os-specific/linux/sgx/psw/default.nix
Normal file
@ -0,0 +1,190 @@
|
||||
{ stdenv
|
||||
, lib
|
||||
, fetchurl
|
||||
, cmake
|
||||
, coreutils
|
||||
, curl
|
||||
, file
|
||||
, glibc
|
||||
, makeWrapper
|
||||
, nixosTests
|
||||
, protobuf
|
||||
, python3
|
||||
, sgx-sdk
|
||||
, shadow
|
||||
, systemd
|
||||
, util-linux
|
||||
, which
|
||||
, debug ? false
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
inherit (sgx-sdk) version versionTag src;
|
||||
pname = "sgx-psw";
|
||||
|
||||
postUnpack =
|
||||
let
|
||||
ae.prebuilt = fetchurl {
|
||||
url = "https://download.01.org/intel-sgx/sgx-linux/${versionTag}/prebuilt_ae_${versionTag}.tar.gz";
|
||||
hash = "sha256-nGKZEpT2Mx0DLgqjv9qbZqBt1pQaSHcnA0K6nHma3sk";
|
||||
};
|
||||
dcap = rec {
|
||||
version = "1.11";
|
||||
filename = "prebuilt_dcap_${version}.tar.gz";
|
||||
prebuilt = fetchurl {
|
||||
url = "https://download.01.org/intel-sgx/sgx-dcap/${version}/linux/${filename}";
|
||||
hash = "sha256-ShGScS4yNLki04RNPxxLvqzGmy4U1L0gVETvfAo8w9M=";
|
||||
};
|
||||
};
|
||||
in
|
||||
sgx-sdk.postUnpack + ''
|
||||
# Make sure we use the correct version of prebuilt DCAP
|
||||
grep -q 'ae_file_name=${dcap.filename}' "$src/external/dcap_source/QuoteGeneration/download_prebuilt.sh" \
|
||||
|| (echo "Could not find expected prebuilt DCAP ${dcap.filename} in linux-sgx source" >&2 && exit 1)
|
||||
|
||||
tar -zxf ${ae.prebuilt} -C $sourceRoot/
|
||||
tar -zxf ${dcap.prebuilt} -C $sourceRoot/external/dcap_source/QuoteGeneration/
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
file
|
||||
makeWrapper
|
||||
python3
|
||||
sgx-sdk
|
||||
which
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
curl
|
||||
protobuf
|
||||
];
|
||||
|
||||
hardeningDisable = lib.optionals debug [
|
||||
"fortify"
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# https://github.com/intel/linux-sgx/pull/730
|
||||
substituteInPlace buildenv.mk --replace '/bin/cp' 'cp'
|
||||
substituteInPlace psw/ae/aesm_service/source/CMakeLists.txt \
|
||||
--replace '/usr/bin/getconf' 'getconf'
|
||||
|
||||
# https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/205
|
||||
substituteInPlace ./external/dcap_source/QuoteGeneration/buildenv.mk \
|
||||
--replace '/bin/cp' 'cp'
|
||||
substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/Makefile \
|
||||
--replace '/bin/cp' 'cp'
|
||||
substituteInPlace external/dcap_source/tools/SGXPlatformRegistration/buildenv.mk \
|
||||
--replace '/bin/cp' 'cp'
|
||||
|
||||
patchShebangs \
|
||||
linux/installer/bin/build-installpkg.sh \
|
||||
linux/installer/common/psw/createTarball.sh \
|
||||
linux/installer/common/psw/install.sh
|
||||
'';
|
||||
|
||||
dontUseCmakeConfigure = true;
|
||||
|
||||
# Randomly fails if enabled
|
||||
enableParallelBuilding = false;
|
||||
|
||||
buildFlags = [
|
||||
"psw_install_pkg"
|
||||
] ++ lib.optionals debug [
|
||||
"DEBUG=1"
|
||||
];
|
||||
|
||||
installFlags = [
|
||||
"-C linux/installer/common/psw/output"
|
||||
"DESTDIR=$(TMPDIR)/install"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
installDir=$TMPDIR/install
|
||||
sgxPswDir=$installDir/opt/intel/sgxpsw
|
||||
|
||||
mv $installDir/usr/lib64/ $out/lib/
|
||||
ln -sr $out/lib $out/lib64
|
||||
|
||||
# Install udev rules to lib/udev/rules.d
|
||||
mv $sgxPswDir/udev/ $out/lib/
|
||||
|
||||
# Install example AESM config
|
||||
mkdir $out/etc/
|
||||
mv $sgxPswDir/aesm/conf/aesmd.conf $out/etc/
|
||||
rmdir $sgxPswDir/aesm/conf/
|
||||
|
||||
# Delete init service
|
||||
rm $sgxPswDir/aesm/aesmd.conf
|
||||
|
||||
# Move systemd services
|
||||
mkdir -p $out/lib/systemd/system/
|
||||
mv $sgxPswDir/aesm/aesmd.service $out/lib/systemd/system/
|
||||
mv $sgxPswDir/remount-dev-exec.service $out/lib/systemd/system/
|
||||
|
||||
# Move misc files
|
||||
mkdir $out/share/
|
||||
mv $sgxPswDir/licenses $out/share/
|
||||
|
||||
# Remove unnecessary files
|
||||
rm $sgxPswDir/{cleanup.sh,startup.sh}
|
||||
rm -r $sgxPswDir/scripts
|
||||
|
||||
mv $sgxPswDir/aesm/ $out/
|
||||
|
||||
mkdir $out/bin
|
||||
makeWrapper $out/aesm/aesm_service $out/bin/aesm_service \
|
||||
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ protobuf ]}:$out/aesm \
|
||||
--run "cd $out/aesm"
|
||||
|
||||
# Make sure we didn't forget to handle any files
|
||||
rmdir $sgxPswDir || (echo "Error: The directory $installDir still contains unhandled files: $(ls -A $installDir)" >&2 && exit 1)
|
||||
'';
|
||||
|
||||
# Most—if not all—of those fixups are not relevant for NixOS as we have our own
|
||||
# NixOS module which is based on those files without relying on them. Still, it
|
||||
# is helpful to have properly patched versions for non-NixOS distributions.
|
||||
postFixup = ''
|
||||
header "Fixing aesmd.service"
|
||||
substituteInPlace $out/lib/systemd/system/aesmd.service \
|
||||
--replace '@aesm_folder@' \
|
||||
"$out/aesm" \
|
||||
--replace 'Type=forking' \
|
||||
'Type=simple' \
|
||||
--replace "ExecStart=$out/aesm/aesm_service" \
|
||||
"ExecStart=$out/bin/aesm_service --no-daemon"\
|
||||
--replace "/bin/mkdir" \
|
||||
"${coreutils}/bin/mkdir" \
|
||||
--replace "/bin/chown" \
|
||||
"${coreutils}/bin/chown" \
|
||||
--replace "/bin/chmod" \
|
||||
"${coreutils}/bin/chmod" \
|
||||
--replace "/bin/kill" \
|
||||
"${coreutils}/bin/kill"
|
||||
|
||||
header "Fixing remount-dev-exec.service"
|
||||
substituteInPlace $out/lib/systemd/system/remount-dev-exec.service \
|
||||
--replace '/bin/mount' \
|
||||
"${util-linux}/bin/mount"
|
||||
|
||||
header "Fixing linksgx.sh"
|
||||
# https://github.com/intel/linux-sgx/pull/736
|
||||
substituteInPlace $out/aesm/linksgx.sh \
|
||||
--replace '/usr/bin/getent' \
|
||||
'${glibc.bin}/bin/getent' \
|
||||
--replace '/usr/sbin/usermod' \
|
||||
'${shadow}/bin/usermod'
|
||||
'';
|
||||
|
||||
passthru.tests = {
|
||||
service = nixosTests.aesmd;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "Intel SGX Architectural Enclave Service Manager";
|
||||
homepage = "https://github.com/intel/linux-sgx";
|
||||
maintainers = with maintainers; [ veehaitch citadelcore ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
license = with licenses; [ bsd3 ];
|
||||
};
|
||||
}
|
@ -21,13 +21,13 @@
|
||||
, validatePkgConfig
|
||||
, writeShellScript
|
||||
, writeText
|
||||
, debug ? false
|
||||
}:
|
||||
with lib;
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "sgx-sdk";
|
||||
version = "2.14.100.2";
|
||||
|
||||
versionTag = concatStringsSep "." (take 2 (splitVersion version));
|
||||
versionTag = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version));
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "intel";
|
||||
@ -140,6 +140,8 @@ stdenv.mkDerivation rec {
|
||||
|
||||
buildFlags = [
|
||||
"sdk_install_pkg"
|
||||
] ++ lib.optionals debug [
|
||||
"DEBUG=1"
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
@ -264,7 +266,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
passthru.tests = callPackage ./samples.nix { };
|
||||
|
||||
meta = {
|
||||
meta = with lib; {
|
||||
description = "Intel SGX SDK for Linux built with IPP Crypto Library";
|
||||
homepage = "https://github.com/intel/linux-sgx";
|
||||
maintainers = with maintainers; [ sbellem arturcygan veehaitch ];
|
@ -2,6 +2,7 @@
|
||||
|
||||
{ stdenv
|
||||
, lib
|
||||
, nixosTests
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, fetchzip
|
||||
@ -613,6 +614,10 @@ stdenv.mkDerivation {
|
||||
# runtime; otherwise we can't and we need to reboot.
|
||||
passthru.interfaceVersion = 2;
|
||||
|
||||
passthru.tests = {
|
||||
inherit (nixosTests) switchTest;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://www.freedesktop.org/wiki/Software/systemd/";
|
||||
description = "A system and service manager for Linux";
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ lib, stdenv, fetchurl, pkg-config, libseccomp, util-linux, qemu }:
|
||||
|
||||
let
|
||||
version = "0.6.8";
|
||||
version = "0.6.9";
|
||||
# list of all theoretically available targets
|
||||
targets = [
|
||||
"genode"
|
||||
@ -19,9 +19,8 @@ in stdenv.mkDerivation {
|
||||
buildInputs = lib.optional (stdenv.hostPlatform.isLinux) libseccomp;
|
||||
|
||||
src = fetchurl {
|
||||
url =
|
||||
"https://github.com/Solo5/solo5/releases/download/v${version}/solo5-v${version}.tar.gz";
|
||||
sha256 = "sha256-zrxNCXJIuEbtE3YNRK8Bxu2koHsQkcF+xItoIyhj9Uc=";
|
||||
url = "https://github.com/Solo5/solo5/releases/download/v${version}/solo5-v${version}.tar.gz";
|
||||
sha256 = "03lvk9mab3yxrmi73wrvvhykqcydjrsda0wj6aasnjm5lx9jycpr";
|
||||
};
|
||||
|
||||
hardeningEnable = [ "pie" ];
|
||||
|
@ -2,7 +2,7 @@
|
||||
# Do not edit!
|
||||
|
||||
{
|
||||
version = "2021.12.0";
|
||||
version = "2021.12.1";
|
||||
components = {
|
||||
"abode" = ps: with ps; [ abodepy ];
|
||||
"accuweather" = ps: with ps; [ accuweather ];
|
||||
|
@ -252,7 +252,7 @@ let
|
||||
extraBuildInputs = extraPackages py.pkgs;
|
||||
|
||||
# Don't forget to run parse-requirements.py after updating
|
||||
hassVersion = "2021.12.0";
|
||||
hassVersion = "2021.12.1";
|
||||
|
||||
in with py.pkgs; buildPythonApplication rec {
|
||||
pname = "homeassistant";
|
||||
@ -269,7 +269,7 @@ in with py.pkgs; buildPythonApplication rec {
|
||||
owner = "home-assistant";
|
||||
repo = "core";
|
||||
rev = version;
|
||||
hash = "sha256:00hi709pb06c4ki0zb42my6g9cifrp2pn04ygrn5i7q7sr6min71";
|
||||
hash = "sha256:11qlalfzykbq5ydn2cagkqcbvdjkmjcdpp6lgiys9lyrw1rxycnb";
|
||||
};
|
||||
|
||||
# leave this in, so users don't have to constantly update their downstream patch handling
|
||||
|
@ -4,11 +4,11 @@ buildPythonPackage rec {
|
||||
# the frontend version corresponding to a specific home-assistant version can be found here
|
||||
# https://github.com/home-assistant/home-assistant/blob/master/homeassistant/components/frontend/manifest.json
|
||||
pname = "home-assistant-frontend";
|
||||
version = "20211211.0";
|
||||
version = "20211212.0";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-+rUrNCWf7CBzTPGuK7m88c1ouApelGla/L3SBwxYqdQ=";
|
||||
sha256 = "sha256-cYh8xBUS8rb2koNAq8JwWtrOHSF1jC5v0lq+W1SwiXI=";
|
||||
};
|
||||
|
||||
# there is nothing to strip in this package
|
||||
|
@ -5,15 +5,15 @@
|
||||
, git, nix, nixfmt, jq, coreutils, gnused, curl, cacert }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "2021-12-07";
|
||||
version = "2021-12-13";
|
||||
pname = "oh-my-zsh";
|
||||
rev = "5b987e59d0fce1a74bcfd51750c6f52d7c29c647";
|
||||
rev = "9a3d853481645ae0f961e9cc8421fc5d84e2c3c3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
inherit rev;
|
||||
owner = "ohmyzsh";
|
||||
repo = "ohmyzsh";
|
||||
sha256 = "JNAuWsD03F8fbhHwwDnDh+2pPjJsyFnT/oboZIhk3rc=";
|
||||
sha256 = "TFktV7xBm3KaRfW+cUGdwIZZD7TfU0gaq4J8cKBjtMM=";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
@ -5,16 +5,16 @@
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "trivy";
|
||||
version = "0.21.1";
|
||||
version = "0.21.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aquasecurity";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-KxGG59H5EzIcYigvbQlrwpZLP4zMqErO3vDKhBOPc3w=";
|
||||
sha256 = "sha256-k8bjwKoAXt9XFQX7rHhdrcu3FoaU31Ra78PQHNVCfq0=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-lITzqPMsZk/G2nG4LcUdyTb3gE3rtlXET/c2UaYODvU=";
|
||||
vendorSha256 = "sha256-rJvmY0557QOb8D1/LhN8w64ds3HwqolLmGdntS5CJPQ=";
|
||||
|
||||
excludedPackages = "misc";
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "tarlz";
|
||||
version = "0.11";
|
||||
version = "0.21";
|
||||
outputs = [ "out" "man" "info" ];
|
||||
|
||||
nativeBuildInputs = [ lzip texinfo ];
|
||||
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://savannah/lzip/${pname}/${pname}-${version}.tar.lz";
|
||||
sha256 = "sha256-PalRMerepfYDSaDs4irck+1v5Gy/vlB9CyU6omWUXlk=";
|
||||
sha256 = "sha256-D5chEt0/Emo5TVoEEHaVzLu55gPnsZM2e9FxRgfgrfQ=";
|
||||
};
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "unrar";
|
||||
version = "6.1.2";
|
||||
version = "6.1.3";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.rarlab.com/rar/unrarsrc-${version}.tar.gz";
|
||||
sha256 = "sha256-PpZCH1aOQ4r23NrvcXxI65O4JdlwWOvLFzub/FeAe+M=";
|
||||
sha256 = "sha256-0FAiRCAJICp5LliL7FiSHBI/8Eb8dV9/InKHGlvXljY=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "abcMIDI";
|
||||
version = "2021.12.05";
|
||||
version = "2021.12.10";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://ifdo.ca/~seymour/runabc/${pname}-${version}.zip";
|
||||
hash = "sha256-q3iyIheV7g6l2S6CSKqt9VQKa9i8xg5RKOO3JfFXuLI=";
|
||||
hash = "sha256-Jvj7gOrIT0IXihPkPDH9n80bg4xllvPTKxIWA3wX5B0=";
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "graylog";
|
||||
version = "3.3.14";
|
||||
version = "3.3.15";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://packages.graylog2.org/releases/graylog/graylog-${version}.tgz";
|
||||
sha256 = "04dslbvgrraacsw7wydbiv8jc753as2g54wn9sgh3lsryvzrfqfa";
|
||||
sha256 = "sha256-/ECHhgLhmLoZ9fjpwGQrGuOW5PBtkB3JUCC9Bgvxr30=";
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
@ -12,16 +12,16 @@
|
||||
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "zellij";
|
||||
version = "0.21.0";
|
||||
version = "0.22.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "zellij-org";
|
||||
repo = "zellij";
|
||||
rev = "v${version}";
|
||||
sha256 = "1n033qvidahpfsp4k3x30sav3asldhjlsbydb23vg0v7bxjl2c2q";
|
||||
sha256 = "sha256-bia1q2IPrlVeSLsD/HGkWwAUW8THAuzXQR2Iw0v8TKM=";
|
||||
};
|
||||
|
||||
cargoSha256 = "1pjmlwx966pgri58xx2zqr84wili0bzpl9gzhjdkvcx0j1f66anb";
|
||||
cargoSha256 = "sha256-ptM0QrrWFy9rb/CpLYuzRE48Wr429lcE9xnV8uA8mGs=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
installShellFiles
|
||||
|
@ -2,13 +2,13 @@
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bgpq4";
|
||||
version = "1.2";
|
||||
version = "1.4";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "bgp";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "sha256-8r70tetbTq8GxxtFe71gDYy+wg8yBwYpl1gsu5aAHTA=";
|
||||
sha256 = "sha256-EFxINRFrcNXGtXpNqvBIN6pE1kG3OdeDIHYOsG2celI=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ lib, stdenv, fetchFromGitHub, nodejs, which, python27, util-linux, nixosTests }:
|
||||
{ lib, stdenv, fetchFromGitHub, nodejs, which, python3, util-linux, nixosTests }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cjdns";
|
||||
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "NOmk+vMZ8i0E2MjrUzksk+tkJ9XVVNEXlE5OOTNa+Y0=";
|
||||
};
|
||||
|
||||
buildInputs = [ which python27 nodejs ] ++
|
||||
buildInputs = [ which python3 nodejs ] ++
|
||||
# for flock
|
||||
lib.optional stdenv.isLinux util-linux;
|
||||
|
||||
@ -21,12 +21,8 @@ stdenv.mkDerivation rec {
|
||||
+ "bash do";
|
||||
installPhase = ''
|
||||
install -Dt "$out/bin/" cjdroute makekeys privatetopublic publictoip6
|
||||
sed -i 's,/usr/bin/env node,'$(type -P node), \
|
||||
$(find contrib -name "*.js")
|
||||
sed -i 's,/usr/bin/env python,'$(type -P python), \
|
||||
$(find contrib -type f)
|
||||
mkdir -p $out/share/cjdns
|
||||
cp -R contrib tools node_build node_modules $out/share/cjdns/
|
||||
cp -R tools node_build node_modules $out/share/cjdns/
|
||||
'';
|
||||
|
||||
passthru.tests.basic = nixosTests.cjdns;
|
||||
|
37
pkgs/tools/security/arsenal/default.nix
Normal file
37
pkgs/tools/security/arsenal/default.nix
Normal file
@ -0,0 +1,37 @@
|
||||
{ lib
|
||||
, fetchFromGitHub
|
||||
, python3
|
||||
}:
|
||||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "arsenal";
|
||||
version = "1.0.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Orange-Cyberdefense";
|
||||
repo = "arsenal";
|
||||
rev = version;
|
||||
sha256 = "sha256-RZxGSrtEa3hAtowD2lUb9BgwpSWlYo90fU9nDvUfoAk=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
libtmux
|
||||
docutils
|
||||
pyperclip
|
||||
];
|
||||
|
||||
# Project has no tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"arsenal"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Tool to generate commands for security and network tools";
|
||||
homepage = "https://github.com/Orange-Cyberdefense/arsenal";
|
||||
license = with licenses; [ gpl3Only ];
|
||||
maintainers = with maintainers; [ fab ];
|
||||
mainProgram = "arsenal";
|
||||
};
|
||||
}
|
@ -1,31 +1,40 @@
|
||||
{ lib, fetchFromGitHub, python3 }:
|
||||
{ lib
|
||||
, fetchFromGitHub
|
||||
, python3
|
||||
}:
|
||||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
pname = "fierce";
|
||||
version = "1.4.0";
|
||||
version = "1.5.0";
|
||||
format = "setuptools";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mschwager";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "11yaz8ap9swx95j3wpqh0b6jhw6spqgfnsyn1liw9zqi4jwgiax7";
|
||||
sha256 = "sha256-9VTPD5i203BTl2nADjq131W9elgnaHNIWGIUuCiYlHg=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace requirements.txt --replace 'dnspython==1.16.0' 'dnspython'
|
||||
'';
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
dnspython
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [ python3.pkgs.dnspython ];
|
||||
postPatch = ''
|
||||
substituteInPlace requirements.txt \
|
||||
--replace 'dnspython==1.16.0' 'dnspython'
|
||||
'';
|
||||
|
||||
# tests require network access
|
||||
doCheck = false;
|
||||
pythonImportsCheck = [ "fierce" ];
|
||||
|
||||
pythonImportsCheck = [
|
||||
"fierce"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/mschwager/fierce";
|
||||
description = "DNS reconnaissance tool for locating non-contiguous IP space";
|
||||
homepage = "https://github.com/mschwager/fierce";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ c0bw3b ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
}
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user