From b3642388fe18aefb168d9d6cb7365ce17ca3a6da Mon Sep 17 00:00:00 2001 From: Simon Hauser Date: Fri, 5 Apr 2024 12:40:34 +0200 Subject: [PATCH] keydb: init at 6.3.4 --- maintainers/team-list.nix | 1 + nixos/modules/services/databases/redis.nix | 5 +- nixos/tests/redis.nix | 115 ++++++++++++++------- pkgs/by-name/ke/keydb/package.nix | 106 +++++++++++++++++++ pkgs/servers/nosql/redis/default.nix | 1 + 5 files changed, 190 insertions(+), 38 deletions(-) create mode 100644 pkgs/by-name/ke/keydb/package.nix diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix index 9380e1e2aa21..e61289f0fb8e 100644 --- a/maintainers/team-list.nix +++ b/maintainers/team-list.nix @@ -441,6 +441,7 @@ with lib.maintainers; { # Verify additions to this team with at least one already existing member of the team. members = [ das_j + conni2461 ]; scope = "Group registration for packages maintained by Helsinki Systems"; shortName = "Helsinki Systems employees"; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 2e644895a260..fe2d75fc53a9 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -338,7 +338,7 @@ in { after = [ "network.target" ]; serviceConfig = { - ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; + ExecStart = "${cfg.package}/bin/${cfg.package.serverBin or "redis-server"} /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let redisConfVar = "/var/lib/${redisName name}/redis.conf"; redisConfRun = "/run/${redisName name}/nixos.conf"; @@ -391,7 +391,8 @@ in { RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; LockPersonality = true; - MemoryDenyWriteExecute = true; + # we need to disable MemoryDenyWriteExecute for keydb + MemoryDenyWriteExecute = cfg.package.pname != "keydb"; RestrictRealtime = true; RestrictSUIDSGID = true; PrivateMounts = true; diff --git a/nixos/tests/redis.nix b/nixos/tests/redis.nix index 94b50d07be6d..6c84701c9c0a 100644 --- a/nixos/tests/redis.nix +++ b/nixos/tests/redis.nix @@ -1,44 +1,87 @@ -import ./make-test-python.nix ({ pkgs, lib, ... }: { - name = "redis"; - meta.maintainers = with lib.maintainers; [ flokli ]; + system ? builtins.currentSystem, + config ? { }, + pkgs ? import ../../.. { inherit system config; }, - nodes = { - machine = - { pkgs, lib, ... }: - - { - services.redis.servers."".enable = true; - services.redis.servers."test".enable = true; - - users.users = lib.listToAttrs (map (suffix: lib.nameValuePair "member${suffix}" { - createHome = false; - description = "A member of the redis${suffix} group"; - isNormalUser = true; - extraGroups = [ "redis${suffix}" ]; - }) ["" "-test"]); - }; + lib ? pkgs.lib, +}: +let + makeTest = import ./make-test-python.nix; + mkTestName = + pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}"; + redisPackages = { + inherit (pkgs) redis keydb; }; + makeRedisTest = + { + package, + name ? mkTestName package, + }: + makeTest { + inherit name; + meta.maintainers = [ + lib.maintainers.flokli + lib.teams.helsinki-systems.members + ]; - testScript = { nodes, ... }: let - inherit (nodes.machine.config.services) redis; - in '' - start_all() - machine.wait_for_unit("redis") - machine.wait_for_unit("redis-test") + nodes = { + machine = + { lib, ... }: - # The unnamed Redis server still opens a port for backward-compatibility - machine.wait_for_open_port(6379) + { + services = { + redis = { + inherit package; + servers."".enable = true; + servers."test".enable = true; + }; + }; - machine.wait_for_file("${redis.servers."".unixSocket}") - machine.wait_for_file("${redis.servers."test".unixSocket}") + users.users = lib.listToAttrs ( + map + ( + suffix: + lib.nameValuePair "member${suffix}" { + createHome = false; + description = "A member of the redis${suffix} group"; + isNormalUser = true; + extraGroups = [ "redis${suffix}" ]; + } + ) + [ + "" + "-test" + ] + ); + }; + }; - # The unix socket is accessible to the redis group - machine.succeed('su member -c "redis-cli ping | grep PONG"') - machine.succeed('su member-test -c "redis-cli ping | grep PONG"') + testScript = + { nodes, ... }: + let + inherit (nodes.machine.services) redis; + in + '' + start_all() + machine.wait_for_unit("redis") + machine.wait_for_unit("redis-test") - machine.succeed("redis-cli ping | grep PONG") - machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") - machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG") - ''; -}) + # The unnamed Redis server still opens a port for backward-compatibility + machine.wait_for_open_port(6379) + + machine.wait_for_file("${redis.servers."".unixSocket}") + machine.wait_for_file("${redis.servers."test".unixSocket}") + + # The unix socket is accessible to the redis group + machine.succeed('su member -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') + machine.succeed('su member-test -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') + + machine.succeed("${pkgs.redis}/bin/redis-cli ping | grep PONG") + machine.succeed("${pkgs.redis}/bin/redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") + machine.succeed("${pkgs.redis}/bin/redis-cli -s ${ + redis.servers."test".unixSocket + } ping | grep PONG") + ''; + }; +in +lib.mapAttrs (_: package: makeRedisTest { inherit package; }) redisPackages diff --git a/pkgs/by-name/ke/keydb/package.nix b/pkgs/by-name/ke/keydb/package.nix new file mode 100644 index 000000000000..3fc085b40ad9 --- /dev/null +++ b/pkgs/by-name/ke/keydb/package.nix @@ -0,0 +1,106 @@ +{ + stdenv, + lib, + fetchFromGitHub, + libuuid, + curl, + pkg-config, + withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, + systemd, + tlsSupport ? !stdenv.hostPlatform.isStatic, + openssl, + jemalloc, + which, + tcl, + tcltls, + ps, + getconf, + nixosTests, +}: + +stdenv.mkDerivation rec { + pname = "keydb"; + version = "6.3.4"; + + src = fetchFromGitHub { + owner = "snapchat"; + repo = "keydb"; + rev = "v${version}"; + hash = "sha256-j6qgK6P3Fv+b6k9jwKQ5zW7XLkKbXXcmHKBCQYvwEIU="; + }; + + postPatch = '' + substituteInPlace deps/lua/src/Makefile \ + --replace-fail "ar rcu" "${stdenv.cc.targetPrefix}ar rcu" + substituteInPlace src/Makefile \ + --replace-fail "as --64 -g" "${stdenv.cc.targetPrefix}as --64 -g" + ''; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ + jemalloc + curl + libuuid + ] ++ lib.optionals tlsSupport [ openssl ] ++ lib.optionals withSystemd [ systemd ]; + + makeFlags = + [ + "PREFIX=${placeholder "out"}" + "AR=${stdenv.cc.targetPrefix}ar" + "RANLIB=${stdenv.cc.targetPrefix}ranlib" + "USEASM=${if stdenv.isx86_64 then "true" else "false"}" + ] + ++ lib.optionals (!tlsSupport) [ "BUILD_TLS=no" ] + ++ lib.optionals withSystemd [ "USE_SYSTEMD=yes" ] + ++ lib.optionals (!stdenv.isx86_64) [ "MALLOC=libc" ]; + + enableParallelBuilding = true; + + hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ]; + + # darwin currently lacks a pure `pgrep` which is extensively used here + doCheck = !stdenv.isDarwin; + nativeCheckInputs = [ + which + tcl + ps + ] ++ lib.optionals stdenv.hostPlatform.isStatic [ getconf ] ++ lib.optionals tlsSupport [ tcltls ]; + checkPhase = '' + runHook preCheck + + # disable test "Connect multiple replicas at the same time": even + # upstream find this test too timing-sensitive + substituteInPlace tests/integration/replication.tcl \ + --replace-fail 'foreach mdl {no yes}' 'foreach mdl {}' + + substituteInPlace tests/support/server.tcl \ + --replace-fail 'exec /usr/bin/env' 'exec env' + + sed -i '/^proc wait_load_handlers_disconnected/{n ; s/wait_for_condition 50 100/wait_for_condition 50 500/; }' \ + tests/support/util.tcl + + patchShebangs ./utils/gen-test-certs.sh + ${if tlsSupport then "./utils/gen-test-certs.sh" else ""} + + ./runtest \ + --no-latency \ + --timeout 2000 \ + --clients $NIX_BUILD_CORES \ + --tags -leaks ${if tlsSupport then "--tls" else ""} + + runHook postCheck + ''; + + passthru.tests.redis = nixosTests.redis; + passthru.serverBin = "keydb-server"; + + meta = with lib; { + homepage = "https://keydb.dev"; + description = "A Multithreaded Fork of Redis"; + license = licenses.bsd3; + platforms = platforms.all; + changelog = "https://github.com/Snapchat/KeyDB/raw/v${version}/00-RELEASENOTES"; + maintainers = teams.helsinki-systems.members; + mainProgram = "keydb-cli"; + }; +} diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix index 923de9126b5f..750b943eff0b 100644 --- a/pkgs/servers/nosql/redis/default.nix +++ b/pkgs/servers/nosql/redis/default.nix @@ -85,6 +85,7 @@ stdenv.mkDerivation (finalAttrs: { ''; passthru.tests.redis = nixosTests.redis; + passthru.serverBin = "redis-server"; meta = with lib; { homepage = "https://redis.io";