From b3b25bf6020c9bf2d48c91070228e707264d6ffb Mon Sep 17 00:00:00 2001 From: yuu Date: Wed, 17 Nov 2021 14:43:45 -0300 Subject: [PATCH 01/15] gitignore: add outputs/ and source/ In nix develop, When running unpackPhase, and installPhase in nixpkgs, the directories outputs/ and source/ are created. --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 1a41704c9be3..0e7cb19f2d19 100644 --- a/.gitignore +++ b/.gitignore @@ -3,8 +3,10 @@ .*.swp .*.swo .idea/ +outputs/ result result-* +source/ /doc/NEWS.html /doc/NEWS.txt /doc/manual.html From 33006357d1806f10b538e669316da90e60fe4fd5 Mon Sep 17 00:00:00 2001 From: polygon Date: Mon, 22 Nov 2021 15:54:22 +0100 Subject: [PATCH 02/15] cpplint: 1.5.1 -> 1.5.5 --- .../0001-Remove-pytest-runner-version-pin.patch | 16 ++++++++++++++++ .../tools/analysis/cpplint/default.nix | 6 ++++-- 2 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch diff --git a/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch b/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch new file mode 100644 index 000000000000..3b602421d100 --- /dev/null +++ b/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch @@ -0,0 +1,16 @@ +diff --git a/setup.py b/setup.py +index aef5c4e..030ea14 100755 +--- a/setup.py ++++ b/setup.py +@@ -73,7 +73,7 @@ setup(name='cpplint', + long_description=open('README.rst').read(), + license='BSD-3-Clause', + setup_requires=[ +- "pytest-runner==5.2" ++ "pytest-runner" + ], + tests_require=test_required, + # extras_require allow pip install .[dev] +-- +2.31.1 + diff --git a/pkgs/development/tools/analysis/cpplint/default.nix b/pkgs/development/tools/analysis/cpplint/default.nix index f880d8fa7b7f..2f665b8395ba 100644 --- a/pkgs/development/tools/analysis/cpplint/default.nix +++ b/pkgs/development/tools/analysis/cpplint/default.nix @@ -2,16 +2,18 @@ python3Packages.buildPythonApplication rec { pname = "cpplint"; - version = "1.5.1"; + version = "1.5.5"; # Fetch from github instead of pypi, since the test cases are not in the pypi archive src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "0k927mycj1k4l3fbxrk597bhcjl2nrpaas1imbjgk64cyq8dv7lh"; + sha256 = "sha256-JXz2Ufo7JSceZVqYwCRkuAsOR08znZlIUk8GCLAyiI4="; }; + patches = [ ./0001-Remove-pytest-runner-version-pin.patch ]; + postPatch = '' patchShebangs cpplint_unittest.py ''; From 6da3d9a7494f4df82891dd2fc82e8ebe5acd2518 Mon Sep 17 00:00:00 2001 From: YI Date: Fri, 26 Nov 2021 00:59:12 +0800 Subject: [PATCH 03/15] prometheus-node-exporter: 1.2.2 -> 1.3.0 --- pkgs/servers/monitoring/prometheus/node-exporter.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/monitoring/prometheus/node-exporter.nix b/pkgs/servers/monitoring/prometheus/node-exporter.nix index ea4a511f7222..3056037060cc 100644 --- a/pkgs/servers/monitoring/prometheus/node-exporter.nix +++ b/pkgs/servers/monitoring/prometheus/node-exporter.nix @@ -2,17 +2,17 @@ buildGoModule rec { pname = "node_exporter"; - version = "1.2.2"; + version = "1.3.0"; rev = "v${version}"; src = fetchFromGitHub { inherit rev; owner = "prometheus"; repo = "node_exporter"; - sha256 = "11xjbkws3vv5r4p6w6qfmm9wrmlhzwmvlx3vcgz99ylz34r19xvc"; + sha256 = "sha256-gfRnlKq8F4gfea0JOzRqQDDFVJpNSfUX/cvFE/rUU1Q="; }; - vendorSha256 = "0wwji220pidrmsjzd9c3n40v237680av750jf6hdvp0aqi63p9nr"; + vendorSha256 = "sha256-nAvODyy+PfkGFAaq+3hBhQaPji5GUMU7N8xcgbGQMeI="; # FIXME: tests fail due to read-only nix store doCheck = false; From 670599a05aa7e3a339d0920623dfa3dab8e77f42 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 26 Nov 2021 12:22:38 +0100 Subject: [PATCH 04/15] home-assistant: relax dependencies --- pkgs/servers/home-assistant/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index 0ee7fcd6b315..0ed30406b098 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -179,10 +179,13 @@ in with py.pkgs; buildPythonApplication rec { postPatch = '' substituteInPlace setup.py \ + --replace "async_timeout==3.0.1" "async_timeout" \ + --replace "awesomeversion==21.10.1" "awesomeversion" \ + --replace "aiohttp==3.7.4.post0" "aiohttp" \ --replace "bcrypt==3.1.7" "bcrypt" \ --replace "pip>=8.0.3,<20.3" "pip" \ --replace "pyyaml==6.0" "pyyaml" \ - --replace "yarl==1.6.3" "yarl==1.7.0" + --replace "yarl==1.6.3" "yarl" substituteInPlace tests/test_config.py --replace '"/usr"' '"/build/media"' ''; From 595543a3149b64a809da8fb4fdabbd6800d29ad4 Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Thu, 18 Nov 2021 20:44:29 +1300 Subject: [PATCH 05/15] tests: Verify /etc/pam.d/chfn file contents --- nixos/tests/all-tests.nix | 1 + nixos/tests/pam/default.nix | 25 +++++++++++++++++++++++++ nixos/tests/pam/test_chfn.py | 27 +++++++++++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 nixos/tests/pam/default.nix create mode 100644 nixos/tests/pam/test_chfn.py diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index b8219416dc42..fdd751c5516b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -343,6 +343,7 @@ in osrm-backend = handleTest ./osrm-backend.nix {}; overlayfs = handleTest ./overlayfs.nix {}; packagekit = handleTest ./packagekit.nix {}; + pam = handleTest ./pam/default.nix {}; pam-oath-login = handleTest ./pam-oath-login.nix {}; pam-u2f = handleTest ./pam-u2f.nix {}; pantalaimon = handleTest ./matrix/pantalaimon.nix {}; diff --git a/nixos/tests/pam/default.nix b/nixos/tests/pam/default.nix new file mode 100644 index 000000000000..86c61003aeb6 --- /dev/null +++ b/nixos/tests/pam/default.nix @@ -0,0 +1,25 @@ +let + name = "pam"; +in +import ../make-test-python.nix ({ pkgs, ... }: { + + nodes.machine = { ... }: { + imports = [ ../../modules/profiles/minimal.nix ]; + + krb5.enable = true; + + users = { + mutableUsers = false; + users = { + user = { + isNormalUser = true; + }; + }; + }; + }; + + testScript = builtins.replaceStrings + [ "@@pam_ccreds@@" "@@pam_krb5@@" ] + [ pkgs.pam_ccreds.outPath pkgs.pam_krb5.outPath ] + (builtins.readFile ./test_chfn.py); +}) diff --git a/nixos/tests/pam/test_chfn.py b/nixos/tests/pam/test_chfn.py new file mode 100644 index 000000000000..b108a9423caf --- /dev/null +++ b/nixos/tests/pam/test_chfn.py @@ -0,0 +1,27 @@ +expected_lines = { + "account required pam_unix.so", + "account sufficient @@pam_krb5@@/lib/security/pam_krb5.so", + "auth [default=die success=done] @@pam_ccreds@@/lib/security/pam_ccreds.so action=validate use_first_pass", + "auth [default=ignore success=1 service_err=reset] @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass", + "auth required pam_deny.so", + "auth sufficient @@pam_ccreds@@/lib/security/pam_ccreds.so action=store use_first_pass", + "auth sufficient pam_rootok.so", + "auth sufficient pam_unix.so likeauth try_first_pass", + "password sufficient @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass", + "password sufficient pam_unix.so nullok sha512", + "session optional @@pam_krb5@@/lib/security/pam_krb5.so", + "session required pam_env.so conffile=/etc/pam/environment readenv=0", + "session required pam_unix.so", +} +actual_lines = set(machine.succeed("cat /etc/pam.d/chfn").splitlines()) + +missing_lines = expected_lines - actual_lines +extra_lines = actual_lines - expected_lines +non_functional_lines = set([line for line in extra_lines if (line == "" or line.startswith("#"))]) +unexpected_functional_lines = extra_lines - non_functional_lines + +with subtest("All expected lines are in the file"): + assert not missing_lines, f"Missing lines: {missing_lines}" + +with subtest("All remaining lines are empty or comments"): + assert not unexpected_functional_lines, f"Unexpected lines: {unexpected_functional_lines}" From 84730c9f5de7a14ff0a951541e4ec84233df393b Mon Sep 17 00:00:00 2001 From: Vikram Narayanan Date: Fri, 26 Nov 2021 21:56:05 -0800 Subject: [PATCH 06/15] janus-gateway: fix build --- pkgs/servers/janus-gateway/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/janus-gateway/default.nix b/pkgs/servers/janus-gateway/default.nix index 6c6d6759f329..0842b72f67f1 100644 --- a/pkgs/servers/janus-gateway/default.nix +++ b/pkgs/servers/janus-gateway/default.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; configureFlags = [ - "--enable-boringssl=${boringssl}" + "--enable-boringssl=${lib.getDev boringssl}" "--enable-libsrtp2" "--enable-turn-rest-api" "--enable-json-logger" @@ -42,6 +42,10 @@ stdenv.mkDerivation rec { "--enable-post-processing" ]; + makeFlagsArray = [ + "BORINGSSL_LIBS=-L${lib.getLib boringssl}/lib" + ]; + outputs = [ "out" "dev" "doc" "man" ]; postInstall = '' From 1cfecb636b14a88174d914cd0522b78ff3bf9f82 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sat, 27 Nov 2021 17:14:55 +0100 Subject: [PATCH 07/15] Revert "Merge pull request #141192 from helsinki-systems/feat/improved-socket-handling2" This reverts commit 57961d2b838cc31fa4ce89641b6a8db544a8471a, reversing changes made to b04f913afce4419f6b777fd64ac52315dbef3aaf. (I.e. this reverts PR #141192.) While well-intended, this change does unfortunately introduce very serious regressions that are especially disruptive/noticeable on desktop systems (e.g. users of Sway will loose their graphical session when running "nixos-rebuild switch"). Therefore, this change has to be reverted ASAP instead of trying to fix it in "production". Note: An updated version should be extensively discussed, reviewed, and tested before re-landing this change as an earlier version also had to be reverted for the exact same issues [0]. Fix: #146727 [0]: https://github.com/NixOS/nixpkgs/pull/73871#issuecomment-559783752 --- .../from_md/release-notes/rl-2111.section.xml | 9 - .../manual/release-notes/rl-2111.section.md | 2 - .../activation/switch-to-configuration.pl | 274 ++++--------- nixos/modules/system/activation/top-level.nix | 7 - nixos/tests/switch-test.nix | 386 +----------------- 5 files changed, 87 insertions(+), 591 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index f0e39471ecee..eb620a3e3edc 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -1860,15 +1860,6 @@ Superuser created successfully. encapsulation. - - - Changing systemd .socket units now restarts - them and stops the service that is activated by them. - Additionally, services with - stopOnChange = false don’t break anymore - when they are socket-activated. - - The virtualisation.libvirtd module has been diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 3bdda82c026f..c01514799038 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -520,8 +520,6 @@ In addition to numerous new and upgraded packages, this release has the followin - `networking.sits` now supports Foo-over-UDP encapsulation. -- Changing systemd `.socket` units now restarts them and stops the service that is activated by them. Additionally, services with `stopOnChange = false` don't break anymore when they are socket-activated. - - The `virtualisation.libvirtd` module has been refactored and updated with new options: - `virtualisation.libvirtd.qemu*` options (e.g.: `virtualisation.libvirtd.qemuRunAsRoot`) were moved to [`virtualisation.libvirtd.qemu`](options.html#opt-virtualisation.libvirtd.qemu) submodule, - software TPM1/TPM2 support (e.g.: Windows 11 guests) ([`virtualisation.libvirtd.qemu.swtpm`](options.html#opt-virtualisation.libvirtd.qemu.swtpm)), diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index e105502cf3a4..053496441d81 100644 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -11,6 +11,7 @@ use Cwd 'abs_path'; my $out = "@out@"; +# FIXME: maybe we should use /proc/1/exe to get the current systemd. my $curSystemd = abs_path("/run/current-system/sw/bin"); # To be robust against interruption, record what units need to be started etc. @@ -18,16 +19,13 @@ my $startListFile = "/run/nixos/start-list"; my $restartListFile = "/run/nixos/restart-list"; my $reloadListFile = "/run/nixos/reload-list"; -# Parse restart/reload requests by the activation script. -# Activation scripts may write newline-separated units to this -# file and switch-to-configuration will handle them. While -# `stopIfChanged = true` is ignored, switch-to-configuration will -# handle `restartIfChanged = false` and `reloadIfChanged = true`. -# This also works for socket-activated units. +# Parse restart/reload requests by the activation script my $restartByActivationFile = "/run/nixos/activation-restart-list"; +my $reloadByActivationFile = "/run/nixos/activation-reload-list"; my $dryRestartByActivationFile = "/run/nixos/dry-activation-restart-list"; +my $dryReloadByActivationFile = "/run/nixos/dry-activation-reload-list"; -make_path("/run/nixos", { mode => oct(755) }); +make_path("/run/nixos", { mode => 0755 }); my $action = shift @ARGV; @@ -149,92 +147,6 @@ sub fingerprintUnit { return abs_path($s) . (-f "${s}.d/overrides.conf" ? " " . abs_path "${s}.d/overrides.conf" : ""); } -sub handleModifiedUnit { - my ($unit, $baseName, $newUnitFile, $activePrev, $unitsToStop, $unitsToStart, $unitsToReload, $unitsToRestart, $unitsToSkip) = @_; - - if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target" || $unit =~ /\.slice$/ || $unit =~ /\.path$/) { - # Do nothing. These cannot be restarted directly. - # Slices and Paths don't have to be restarted since - # properties (resource limits and inotify watches) - # seem to get applied on daemon-reload. - } elsif ($unit =~ /\.mount$/) { - # Reload the changed mount unit to force a remount. - $unitsToReload->{$unit} = 1; - recordUnit($reloadListFile, $unit); - } else { - my $unitInfo = parseUnit($newUnitFile); - if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) { - $unitsToReload->{$unit} = 1; - recordUnit($reloadListFile, $unit); - } - elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) { - $unitsToSkip->{$unit} = 1; - } else { - # If this unit is socket-activated, then stop it instead - # of restarting it to make sure the new version of it is - # socket-activated. - my $socketActivated = 0; - if ($unit =~ /\.service$/) { - my @sockets = split / /, ($unitInfo->{Sockets} // ""); - if (scalar @sockets == 0) { - @sockets = ("$baseName.socket"); - } - foreach my $socket (@sockets) { - if (-e "$out/etc/systemd/system/$socket") { - $socketActivated = 1; - $unitsToStop->{$unit} = 1; - # If the socket was not running previously, - # start it now. - if (not defined $activePrev->{$socket}) { - $unitsToStart->{$socket} = 1; - } - } - } - } - - # Don't do the rest of this for socket-activated units - # because we handled these above where we stop the unit. - # Since only services can be socket-activated, the - # following condition always evaluates to `true` for - # non-service units. - if ($socketActivated) { - return; - } - - # If we are restarting a socket, also stop the corresponding - # service. This is required because restarting a socket - # when the service is already activated fails. - if ($unit =~ /\.socket$/) { - my $service = $unitInfo->{Service} // ""; - if ($service eq "") { - $service = "$baseName.service"; - } - if (defined $activePrev->{$service}) { - $unitsToStop->{$service} = 1; - } - $unitsToRestart->{$unit} = 1; - recordUnit($restartListFile, $unit); - } else { - # Always restart non-services instead of stopping and starting them - # because it doesn't make sense to stop them with a config from - # the old evaluation. - if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes") || $unit !~ /\.service$/) { - # This unit should be restarted instead of - # stopped and started. - $unitsToRestart->{$unit} = 1; - recordUnit($restartListFile, $unit); - } else { - # We write to a file to ensure that the - # service gets restarted if we're interrupted. - $unitsToStart->{$unit} = 1; - recordUnit($startListFile, $unit); - $unitsToStop->{$unit} = 1; - } - } - } - } -} - # Figure out what units need to be stopped, started, restarted or reloaded. my (%unitsToStop, %unitsToSkip, %unitsToStart, %unitsToRestart, %unitsToReload); @@ -307,7 +219,65 @@ while (my ($unit, $state) = each %{$activePrev}) { } elsif (fingerprintUnit($prevUnitFile) ne fingerprintUnit($newUnitFile)) { - handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToSkip); + if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") { + # Do nothing. These cannot be restarted directly. + } elsif ($unit =~ /\.mount$/) { + # Reload the changed mount unit to force a remount. + $unitsToReload{$unit} = 1; + recordUnit($reloadListFile, $unit); + } elsif ($unit =~ /\.socket$/ || $unit =~ /\.path$/ || $unit =~ /\.slice$/) { + # FIXME: do something? + } else { + my $unitInfo = parseUnit($newUnitFile); + if (boolIsTrue($unitInfo->{'X-ReloadIfChanged'} // "no")) { + $unitsToReload{$unit} = 1; + recordUnit($reloadListFile, $unit); + } + elsif (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes") || boolIsTrue($unitInfo->{'RefuseManualStop'} // "no") || boolIsTrue($unitInfo->{'X-OnlyManualStart'} // "no")) { + $unitsToSkip{$unit} = 1; + } else { + if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes")) { + # This unit should be restarted instead of + # stopped and started. + $unitsToRestart{$unit} = 1; + recordUnit($restartListFile, $unit); + } else { + # If this unit is socket-activated, then stop the + # socket unit(s) as well, and restart the + # socket(s) instead of the service. + my $socketActivated = 0; + if ($unit =~ /\.service$/) { + my @sockets = split / /, ($unitInfo->{Sockets} // ""); + if (scalar @sockets == 0) { + @sockets = ("$baseName.socket"); + } + foreach my $socket (@sockets) { + if (defined $activePrev->{$socket}) { + $unitsToStop{$socket} = 1; + # Only restart sockets that actually + # exist in new configuration: + if (-e "$out/etc/systemd/system/$socket") { + $unitsToStart{$socket} = 1; + recordUnit($startListFile, $socket); + $socketActivated = 1; + } + } + } + } + + # If the unit is not socket-activated, record + # that this unit needs to be started below. + # We write this to a file to ensure that the + # service gets restarted if we're interrupted. + if (!$socketActivated) { + $unitsToStart{$unit} = 1; + recordUnit($startListFile, $unit); + } + + $unitsToStop{$unit} = 1; + } + } + } } } } @@ -392,6 +362,8 @@ sub filterUnits { } my @unitsToStopFiltered = filterUnits(\%unitsToStop); +my @unitsToStartFiltered = filterUnits(\%unitsToStart); + # Show dry-run actions. if ($action eq "dry-activate") { @@ -403,44 +375,21 @@ if ($action eq "dry-activate") { print STDERR "would activate the configuration...\n"; system("$out/dry-activate", "$out"); - # Handle the activation script requesting the restart or reload of a unit. - my %unitsToAlsoStop; - my %unitsToAlsoSkip; - foreach (split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // "")) { - my $unit = $_; - my $baseUnit = $unit; - my $newUnitFile = "$out/etc/systemd/system/$baseUnit"; + $unitsToRestart{$_} = 1 foreach + split('\n', read_file($dryRestartByActivationFile, err_mode => 'quiet') // ""); - # Detect template instances. - if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) { - $baseUnit = "$1\@.$2"; - $newUnitFile = "$out/etc/systemd/system/$baseUnit"; - } - - my $baseName = $baseUnit; - $baseName =~ s/\.[a-z]*$//; - - handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToAlsoStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToAlsoSkip); - } - unlink($dryRestartByActivationFile); - - my @unitsToAlsoStopFiltered = filterUnits(\%unitsToAlsoStop); - if (scalar(keys %unitsToAlsoStop) > 0) { - print STDERR "would stop the following units as well: ", join(", ", @unitsToAlsoStopFiltered), "\n" - if scalar @unitsToAlsoStopFiltered; - } - - print STDERR "would NOT restart the following changed units as well: ", join(", ", sort(keys %unitsToAlsoSkip)), "\n" - if scalar(keys %unitsToAlsoSkip) > 0; + $unitsToReload{$_} = 1 foreach + split('\n', read_file($dryReloadByActivationFile, err_mode => 'quiet') // ""); print STDERR "would restart systemd\n" if $restartSystemd; - print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n" - if scalar(keys %unitsToReload) > 0; print STDERR "would restart the following units: ", join(", ", sort(keys %unitsToRestart)), "\n" if scalar(keys %unitsToRestart) > 0; - my @unitsToStartFiltered = filterUnits(\%unitsToStart); print STDERR "would start the following units: ", join(", ", @unitsToStartFiltered), "\n" if scalar @unitsToStartFiltered; + print STDERR "would reload the following units: ", join(", ", sort(keys %unitsToReload)), "\n" + if scalar(keys %unitsToReload) > 0; + unlink($dryRestartByActivationFile); + unlink($dryReloadByActivationFile); exit 0; } @@ -451,7 +400,7 @@ if (scalar (keys %unitsToStop) > 0) { print STDERR "stopping the following units: ", join(", ", @unitsToStopFiltered), "\n" if scalar @unitsToStopFiltered; # Use current version of systemctl binary before daemon is reexeced. - system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToStop)); + system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToStop)); # FIXME: ignore errors? } print STDERR "NOT restarting the following changed units: ", join(", ", sort(keys %unitsToSkip)), "\n" @@ -465,38 +414,12 @@ system("$out/activate", "$out") == 0 or $res = 2; # Handle the activation script requesting the restart or reload of a unit. # We can only restart and reload (not stop/start) because the units to be -# stopped are already stopped before the activation script is run. We do however -# make an exception for services that are socket-activated and that have to be stopped -# instead of being restarted. -my %unitsToAlsoStop; -my %unitsToAlsoSkip; -foreach (split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // "")) { - my $unit = $_; - my $baseUnit = $unit; - my $newUnitFile = "$out/etc/systemd/system/$baseUnit"; +# stopped are already stopped before the activation script is run. +$unitsToRestart{$_} = 1 foreach + split('\n', read_file($restartByActivationFile, err_mode => 'quiet') // ""); - # Detect template instances. - if (!-e $newUnitFile && $unit =~ /^(.*)@[^\.]*\.(.*)$/) { - $baseUnit = "$1\@.$2"; - $newUnitFile = "$out/etc/systemd/system/$baseUnit"; - } - - my $baseName = $baseUnit; - $baseName =~ s/\.[a-z]*$//; - - handleModifiedUnit($unit, $baseName, $newUnitFile, $activePrev, \%unitsToAlsoStop, \%unitsToStart, \%unitsToReload, \%unitsToRestart, %unitsToAlsoSkip); -} -unlink($restartByActivationFile); - -my @unitsToAlsoStopFiltered = filterUnits(\%unitsToAlsoStop); -if (scalar(keys %unitsToAlsoStop) > 0) { - print STDERR "stopping the following units as well: ", join(", ", @unitsToAlsoStopFiltered), "\n" - if scalar @unitsToAlsoStopFiltered; - system("$curSystemd/systemctl", "stop", "--", sort(keys %unitsToAlsoStop)); -} - -print STDERR "NOT restarting the following changed units as well: ", join(", ", sort(keys %unitsToAlsoSkip)), "\n" - if scalar(keys %unitsToAlsoSkip) > 0; +$unitsToReload{$_} = 1 foreach + split('\n', read_file($reloadByActivationFile, err_mode => 'quiet') // ""); # Restart systemd if necessary. Note that this is done using the # current version of systemd, just in case the new one has trouble @@ -537,40 +460,14 @@ if (scalar(keys %unitsToReload) > 0) { print STDERR "reloading the following units: ", join(", ", sort(keys %unitsToReload)), "\n"; system("@systemd@/bin/systemctl", "reload", "--", sort(keys %unitsToReload)) == 0 or $res = 4; unlink($reloadListFile); + unlink($reloadByActivationFile); } # Restart changed services (those that have to be restarted rather # than stopped and started). if (scalar(keys %unitsToRestart) > 0) { print STDERR "restarting the following units: ", join(", ", sort(keys %unitsToRestart)), "\n"; - - # We split the units to be restarted into sockets and non-sockets. - # This is because restarting sockets may fail which is not bad by - # itself but which will prevent changes on the sockets. We usually - # restart the socket and stop the service before that. Restarting - # the socket will fail however when the service was re-activated - # in the meantime. There is no proper way to prevent that from happening. - my @unitsWithErrorHandling = grep { $_ !~ /\.socket$/ } sort(keys %unitsToRestart); - my @unitsWithoutErrorHandling = grep { $_ =~ /\.socket$/ } sort(keys %unitsToRestart); - - if (scalar(@unitsWithErrorHandling) > 0) { - system("@systemd@/bin/systemctl", "restart", "--", @unitsWithErrorHandling) == 0 or $res = 4; - } - if (scalar(@unitsWithoutErrorHandling) > 0) { - # Don't print warnings from systemctl - no warnings 'once'; - open(OLDERR, ">&", \*STDERR); - close(STDERR); - - my $ret = system("@systemd@/bin/systemctl", "restart", "--", @unitsWithoutErrorHandling); - - # Print stderr again - open(STDERR, ">&OLDERR"); - - if ($ret ne 0) { - print STDERR "warning: some sockets failed to restart. Please check your journal (journalctl -eb) and act accordingly.\n"; - } - } + system("@systemd@/bin/systemctl", "restart", "--", sort(keys %unitsToRestart)) == 0 or $res = 4; unlink($restartListFile); unlink($restartByActivationFile); } @@ -581,7 +478,6 @@ if (scalar(keys %unitsToRestart) > 0) { # that are symlinks to other units. We shouldn't start both at the # same time because we'll get a "Failed to add path to set" error from # systemd. -my @unitsToStartFiltered = filterUnits(\%unitsToStart); print STDERR "starting the following units: ", join(", ", @unitsToStartFiltered), "\n" if scalar @unitsToStartFiltered; system("@systemd@/bin/systemctl", "start", "--", sort(keys %unitsToStart)) == 0 or $res = 4; @@ -589,7 +485,7 @@ unlink($startListFile); # Print failed and new units. -my (@failed, @new); +my (@failed, @new, @restarting); my $activeNew = getActiveUnits; while (my ($unit, $state) = each %{$activeNew}) { if ($state->{state} eq "failed") { @@ -605,9 +501,7 @@ while (my ($unit, $state) = each %{$activeNew}) { push @failed, $unit; } } - # Ignore scopes since they are not managed by this script but rather - # created and managed by third-party services via the systemd dbus API. - elsif ($state->{state} ne "failed" && !defined $activePrev->{$unit} && $unit !~ /\.scope$/) { + elsif ($state->{state} ne "failed" && !defined $activePrev->{$unit}) { push @new, $unit; } } diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 68da910d29cc..026fd1791d33 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -84,13 +84,6 @@ let export localeArchive="${config.i18n.glibcLocales}/lib/locale/locale-archive" substituteAll ${./switch-to-configuration.pl} $out/bin/switch-to-configuration chmod +x $out/bin/switch-to-configuration - ${optionalString (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) '' - if ! output=$($perl/bin/perl -c $out/bin/switch-to-configuration 2>&1); then - echo "switch-to-configuration syntax is not valid:" - echo "$output" - exit 1 - fi - ''} echo -n "${toString config.system.extraDependencies}" > $out/extra-dependencies diff --git a/nixos/tests/switch-test.nix b/nixos/tests/switch-test.nix index 7ea07a390b80..78adf7ffa7da 100644 --- a/nixos/tests/switch-test.nix +++ b/nixos/tests/switch-test.nix @@ -7,224 +7,15 @@ import ./make-test-python.nix ({ pkgs, ...} : { }; nodes = { - machine = { config, pkgs, lib, ... }: { - environment.systemPackages = [ pkgs.socat ]; # for the socket activation stuff + machine = { ... }: { users.mutableUsers = false; - - specialisation = { - # A system with a simple socket-activated unit - simple-socket.configuration = { - systemd.services.socket-activated.serviceConfig = { - ExecStart = pkgs.writeScript "socket-test.py" /* python */ '' - #!${pkgs.python3}/bin/python3 - - from socketserver import TCPServer, StreamRequestHandler - import socket - - class Handler(StreamRequestHandler): - def handle(self): - self.wfile.write("hello".encode("utf-8")) - - class Server(TCPServer): - def __init__(self, server_address, handler_cls): - # Invoke base but omit bind/listen steps (performed by systemd activation!) - TCPServer.__init__( - self, server_address, handler_cls, bind_and_activate=False) - # Override socket - self.socket = socket.fromfd(3, self.address_family, self.socket_type) - - if __name__ == "__main__": - server = Server(("localhost", 1234), Handler) - server.serve_forever() - ''; - }; - systemd.sockets.socket-activated = { - wantedBy = [ "sockets.target" ]; - listenStreams = [ "/run/test.sock" ]; - socketConfig.SocketMode = lib.mkDefault "0777"; - }; - }; - - # The same system but the socket is modified - modified-socket.configuration = { - imports = [ config.specialisation.simple-socket.configuration ]; - systemd.sockets.socket-activated.socketConfig.SocketMode = "0666"; - }; - - # The same system but the service is modified - modified-service.configuration = { - imports = [ config.specialisation.simple-socket.configuration ]; - systemd.services.socket-activated.serviceConfig.X-Test = "test"; - }; - - # The same system but both service and socket are modified - modified-service-and-socket.configuration = { - imports = [ config.specialisation.simple-socket.configuration ]; - systemd.services.socket-activated.serviceConfig.X-Test = "some_value"; - systemd.sockets.socket-activated.socketConfig.SocketMode = "0444"; - }; - - # A system with a socket-activated service and some simple services - service-and-socket.configuration = { - imports = [ config.specialisation.simple-socket.configuration ]; - systemd.services.simple-service = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - }; - }; - - systemd.services.simple-restart-service = { - stopIfChanged = false; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - }; - }; - - systemd.services.simple-reload-service = { - reloadIfChanged = true; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - ExecReload = "${pkgs.coreutils}/bin/true"; - }; - }; - - systemd.services.no-restart-service = { - restartIfChanged = false; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - }; - }; - }; - - # The same system but with an activation script that restarts all services - restart-and-reload-by-activation-script.configuration = { - imports = [ config.specialisation.service-and-socket.configuration ]; - system.activationScripts.restart-and-reload-test = { - supportsDryActivation = true; - deps = []; - text = '' - if [ "$NIXOS_ACTION" = dry-activate ]; then - f=/run/nixos/dry-activation-restart-list - else - f=/run/nixos/activation-restart-list - fi - cat <> "$f" - simple-service.service - simple-restart-service.service - simple-reload-service.service - no-restart-service.service - socket-activated.service - EOF - ''; - }; - }; - - # A system with a timer - with-timer.configuration = { - systemd.timers.test-timer = { - wantedBy = [ "timers.target" ]; - timerConfig.OnCalendar = "@1395716396"; # chosen by fair dice roll - }; - systemd.services.test-timer = { - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.coreutils}/bin/true"; - }; - }; - }; - - # The same system but with another time - with-timer-modified.configuration = { - imports = [ config.specialisation.with-timer.configuration ]; - systemd.timers.test-timer.timerConfig.OnCalendar = lib.mkForce "Fri 2012-11-23 16:00:00"; - }; - - # A system with a systemd mount - with-mount.configuration = { - systemd.mounts = [ - { - description = "Testmount"; - what = "tmpfs"; - type = "tmpfs"; - where = "/testmount"; - options = "size=1M"; - wantedBy = [ "local-fs.target" ]; - } - ]; - }; - - # The same system but with another time - with-mount-modified.configuration = { - systemd.mounts = [ - { - description = "Testmount"; - what = "tmpfs"; - type = "tmpfs"; - where = "/testmount"; - options = "size=10M"; - wantedBy = [ "local-fs.target" ]; - } - ]; - }; - - # A system with a path unit - with-path.configuration = { - systemd.paths.test-watch = { - wantedBy = [ "paths.target" ]; - pathConfig.PathExists = "/testpath"; - }; - systemd.services.test-watch = { - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.coreutils}/bin/touch /testpath-modified"; - }; - }; - }; - - # The same system but watching another file - with-path-modified.configuration = { - imports = [ config.specialisation.with-path.configuration ]; - systemd.paths.test-watch.pathConfig.PathExists = lib.mkForce "/testpath2"; - }; - - # A system with a slice - with-slice.configuration = { - systemd.slices.testslice.sliceConfig.MemoryMax = "1"; # don't allow memory allocation - systemd.services.testservice = { - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.coreutils}/bin/true"; - Slice = "testslice.slice"; - }; - }; - }; - - # The same system but the slice allows to allocate memory - with-slice-non-crashing.configuration = { - imports = [ config.specialisation.with-slice.configuration ]; - systemd.slices.testslice.sliceConfig.MemoryMax = lib.mkForce null; - }; - }; }; other = { ... }: { users.mutableUsers = true; }; }; - testScript = { nodes, ... }: let + testScript = {nodes, ...}: let originalSystem = nodes.machine.config.system.build.toplevel; otherSystem = nodes.other.config.system.build.toplevel; @@ -236,183 +27,12 @@ import ./make-test-python.nix ({ pkgs, ...} : { set -o pipefail exec env -i "$@" | tee /dev/stderr ''; - in /* python */ '' - def switch_to_specialisation(name, action="test"): - out = machine.succeed(f"${originalSystem}/specialisation/{name}/bin/switch-to-configuration {action} 2>&1") - assert_lacks(out, "switch-to-configuration line") # Perl warnings - return out - - def assert_contains(haystack, needle): - if needle not in haystack: - print("The haystack that will cause the following exception is:") - print("---") - print(haystack) - print("---") - raise Exception(f"Expected string '{needle}' was not found") - - def assert_lacks(haystack, needle): - if needle in haystack: - print("The haystack that will cause the following exception is:") - print("---") - print(haystack, end="") - print("---") - raise Exception(f"Unexpected string '{needle}' was found") - - + in '' machine.succeed( "${stderrRunner} ${originalSystem}/bin/switch-to-configuration test" ) machine.succeed( "${stderrRunner} ${otherSystem}/bin/switch-to-configuration test" ) - - with subtest("systemd sockets"): - machine.succeed("${originalSystem}/bin/switch-to-configuration test") - - # Simple socket is created - out = switch_to_specialisation("simple-socket") - assert_lacks(out, "stopping the following units:") - # not checking for reload because dbus gets reloaded - assert_lacks(out, "restarting the following units:") - assert_lacks(out, "\nstarting the following units:") - assert_contains(out, "the following new units were started: socket-activated.socket\n") - assert_lacks(out, "as well:") - machine.succeed("[ $(stat -c%a /run/test.sock) = 777 ]") - - # Changing the socket restarts it - out = switch_to_specialisation("modified-socket") - assert_lacks(out, "stopping the following units:") - #assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: socket-activated.socket\n") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - machine.succeed("[ $(stat -c%a /run/test.sock) = 666 ]") # change was applied - - # The unit is properly activated when the socket is accessed - if machine.succeed("socat - UNIX-CONNECT:/run/test.sock") != "hello": - raise Exception("Socket was not properly activated") - - # Changing the socket restarts it and ignores the active service - out = switch_to_specialisation("simple-socket") - assert_contains(out, "stopping the following units: socket-activated.service\n") - assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: socket-activated.socket\n") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - machine.succeed("[ $(stat -c%a /run/test.sock) = 777 ]") # change was applied - - # Changing the service does nothing when the service is not active - out = switch_to_specialisation("modified-service") - assert_lacks(out, "stopping the following units:") - assert_lacks(out, "reloading the following units:") - assert_lacks(out, "restarting the following units:") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - - # Activating the service and modifying it stops it but leaves the socket untouched - machine.succeed("socat - UNIX-CONNECT:/run/test.sock") - out = switch_to_specialisation("simple-socket") - assert_contains(out, "stopping the following units: socket-activated.service\n") - assert_lacks(out, "reloading the following units:") - assert_lacks(out, "restarting the following units:") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - - # Activating the service and both the service and the socket stops the service and restarts the socket - machine.succeed("socat - UNIX-CONNECT:/run/test.sock") - out = switch_to_specialisation("modified-service-and-socket") - assert_contains(out, "stopping the following units: socket-activated.service\n") - assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: socket-activated.socket\n") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - - with subtest("restart and reload by activation file"): - out = switch_to_specialisation("service-and-socket") - # Switch to a system where the example services get restarted - # by the activation script - out = switch_to_specialisation("restart-and-reload-by-activation-script") - assert_lacks(out, "stopping the following units:") - assert_contains(out, "stopping the following units as well: simple-service.service, socket-activated.service\n") - assert_contains(out, "reloading the following units: simple-reload-service.service\n") - assert_contains(out, "restarting the following units: simple-restart-service.service\n") - assert_contains(out, "\nstarting the following units: simple-service.service") - - # The same, but in dry mode - switch_to_specialisation("service-and-socket") - out = switch_to_specialisation("restart-and-reload-by-activation-script", action="dry-activate") - assert_lacks(out, "would stop the following units:") - assert_contains(out, "would stop the following units as well: simple-service.service, socket-activated.service\n") - assert_contains(out, "would reload the following units: simple-reload-service.service\n") - assert_contains(out, "would restart the following units: simple-restart-service.service\n") - assert_contains(out, "\nwould start the following units: simple-service.service") - - with subtest("mounts"): - switch_to_specialisation("with-mount") - out = machine.succeed("mount | grep 'on /testmount'") - assert_contains(out, "size=1024k") - - out = switch_to_specialisation("with-mount-modified") - assert_lacks(out, "stopping the following units:") - assert_contains(out, "reloading the following units: testmount.mount\n") - assert_lacks(out, "restarting the following units:") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - # It changed - out = machine.succeed("mount | grep 'on /testmount'") - assert_contains(out, "size=10240k") - - with subtest("timers"): - switch_to_specialisation("with-timer") - out = machine.succeed("systemctl show test-timer.timer") - assert_contains(out, "OnCalendar=2014-03-25 02:59:56 UTC") - - out = switch_to_specialisation("with-timer-modified") - assert_lacks(out, "stopping the following units:") - assert_lacks(out, "reloading the following units:") - assert_contains(out, "restarting the following units: test-timer.timer\n") - assert_lacks(out, "\nstarting the following units:") - assert_lacks(out, "the following new units were started:") - assert_lacks(out, "as well:") - # It changed - out = machine.succeed("systemctl show test-timer.timer") - assert_contains(out, "OnCalendar=Fri 2012-11-23 16:00:00") - - with subtest("paths"): - switch_to_specialisation("with-path") - machine.fail("test -f /testpath-modified") - - # touch the file, unit should be triggered - machine.succeed("touch /testpath") - machine.wait_until_succeeds("test -f /testpath-modified") - - machine.succeed("rm /testpath") - machine.succeed("rm /testpath-modified") - switch_to_specialisation("with-path-modified") - - machine.succeed("touch /testpath") - machine.fail("test -f /testpath-modified") - machine.succeed("touch /testpath2") - machine.wait_until_succeeds("test -f /testpath-modified") - - # This test ensures that changes to slice configuration get applied. - # We test this by having a slice that allows no memory allocation at - # all and starting a service within it. If the service crashes, the slice - # is applied and if we modify the slice to allow memory allocation, the - # service should successfully start. - with subtest("slices"): - machine.succeed("echo 0 > /proc/sys/vm/panic_on_oom") # allow OOMing - out = switch_to_specialisation("with-slice") - machine.fail("systemctl start testservice.service") - out = switch_to_specialisation("with-slice-non-crashing") - machine.succeed("systemctl start testservice.service") - machine.succeed("echo 1 > /proc/sys/vm/panic_on_oom") # disallow OOMing - ''; }) From 609ab2cdc478bf1147cf90ba49b2c20108342139 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 27 Nov 2021 18:58:49 +0100 Subject: [PATCH 08/15] btop: 1.1.0 -> 1.1.2 --- pkgs/tools/system/btop/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/system/btop/default.nix b/pkgs/tools/system/btop/default.nix index 131b5a8af106..4e093bdc2d85 100644 --- a/pkgs/tools/system/btop/default.nix +++ b/pkgs/tools/system/btop/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "btop"; - version = "1.1.0"; + version = "1.1.2"; src = fetchFromGitHub { owner = "aristocratos"; repo = pname; rev = "v${version}"; - sha256 = "sha256-VA5n2gIFRUUsp4jBG1j5dqH5/tP5VAChm5kqexdD24k="; + sha256 = "sha256-+z6bWX2mgvH6nW7SamDzAexeCn/i3+RaPF8RfoikR2k="; }; installFlags = [ "PREFIX=$(out)" ]; From 3b2e6e72faff6255230b17991eb545824b00630f Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Sat, 27 Nov 2021 21:04:28 +1300 Subject: [PATCH 09/15] tests: Move all PAM tests into a separate directory As per . --- nixos/tests/all-tests.nix | 6 +++--- nixos/tests/pam/{default.nix => pam-file-contents.nix} | 0 nixos/tests/{ => pam}/pam-oath-login.nix | 2 +- nixos/tests/{ => pam}/pam-u2f.nix | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) rename nixos/tests/pam/{default.nix => pam-file-contents.nix} (100%) rename nixos/tests/{ => pam}/pam-oath-login.nix (98%) rename nixos/tests/{ => pam}/pam-u2f.nix (91%) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index fdd751c5516b..5afe05c1b727 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -343,9 +343,9 @@ in osrm-backend = handleTest ./osrm-backend.nix {}; overlayfs = handleTest ./overlayfs.nix {}; packagekit = handleTest ./packagekit.nix {}; - pam = handleTest ./pam/default.nix {}; - pam-oath-login = handleTest ./pam-oath-login.nix {}; - pam-u2f = handleTest ./pam-u2f.nix {}; + pam-file-contents = handleTest ./pam/pam-file-contents.nix {}; + pam-oath-login = handleTest ./pam/pam-oath-login.nix {}; + pam-u2f = handleTest ./pam/pam-u2f.nix {}; pantalaimon = handleTest ./matrix/pantalaimon.nix {}; pantheon = handleTest ./pantheon.nix {}; paperless-ng = handleTest ./paperless-ng.nix {}; diff --git a/nixos/tests/pam/default.nix b/nixos/tests/pam/pam-file-contents.nix similarity index 100% rename from nixos/tests/pam/default.nix rename to nixos/tests/pam/pam-file-contents.nix diff --git a/nixos/tests/pam-oath-login.nix b/nixos/tests/pam/pam-oath-login.nix similarity index 98% rename from nixos/tests/pam-oath-login.nix rename to nixos/tests/pam/pam-oath-login.nix index 6d48199eda97..597596b211b1 100644 --- a/nixos/tests/pam-oath-login.nix +++ b/nixos/tests/pam/pam-oath-login.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ ... }: +import ../make-test-python.nix ({ ... }: let oathSnakeoilSecret = "cdd4083ef8ff1fa9178c6d46bfb1a3"; diff --git a/nixos/tests/pam-u2f.nix b/nixos/tests/pam/pam-u2f.nix similarity index 91% rename from nixos/tests/pam-u2f.nix rename to nixos/tests/pam/pam-u2f.nix index f492baa9e139..0ac6ac17be82 100644 --- a/nixos/tests/pam-u2f.nix +++ b/nixos/tests/pam/pam-u2f.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ ... }: +import ../make-test-python.nix ({ ... }: { name = "pam-u2f"; From dcb941f3ede938c01b82ea6be4aa148eb479a413 Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Sat, 27 Nov 2021 21:13:53 +1300 Subject: [PATCH 10/15] security/pam: Document test location --- nixos/modules/security/pam.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 70bce783a90b..b03bf290fd23 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -401,6 +401,9 @@ let }; + # The resulting /etc/pam.d/* file contents are verified in + # nixos/tests/pam/pam-file-contents.nix. Please update tests there when + # changing the derivation. config = { name = mkDefault name; setLoginUid = mkDefault cfg.startSession; From f622890f9b8b1fd0b00e7381171c39ee882cfa6d Mon Sep 17 00:00:00 2001 From: mingmingrr <12855406+mingmingrr@users.noreply.github.com> Date: Sat, 27 Nov 2021 14:19:26 -0500 Subject: [PATCH 11/15] xonsh: 0.10.1 -> 0.11.0 --- pkgs/shells/xonsh/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/shells/xonsh/default.nix b/pkgs/shells/xonsh/default.nix index 28f87685166d..4fa5d9b087be 100644 --- a/pkgs/shells/xonsh/default.nix +++ b/pkgs/shells/xonsh/default.nix @@ -8,14 +8,14 @@ python3Packages.buildPythonApplication rec { pname = "xonsh"; - version = "0.10.1"; + version = "0.11.0"; # fetch from github because the pypi package ships incomplete tests src = fetchFromGitHub { owner = "xonsh"; repo = "xonsh"; rev = version; - sha256 = "03ahay2rl98a9k4pqkxksmj6mcg554jnbhw9jh8cyvjrygrpcpch"; + sha256 = "sha256-jfxQMEVABTOhx679V0iGVX9RisuY42lSdztYXMLwdcw="; }; LC_ALL = "en_US.UTF-8"; @@ -68,7 +68,8 @@ python3Packages.buildPythonApplication rec { HOME=$TMPDIR ''; - checkInputs = [ glibcLocales git ] ++ (with python3Packages; [ pytestCheckHook pytest-subprocess ]); + checkInputs = [ glibcLocales git ] ++ + (with python3Packages; [ pyte pytestCheckHook pytest-mock pytest-subprocess ]); propagatedBuildInputs = with python3Packages; [ ply prompt-toolkit pygments ]; From 66236eeb4bb0c8ef1b61e4ffe2d829acbbd2ffaf Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Sat, 27 Nov 2021 14:39:33 -0300 Subject: [PATCH 12/15] flam3: 3.1.1 -> 3.1.1+date=2018-04-12 --- pkgs/tools/graphics/flam3/default.nix | 36 ++++++++++++++++++++------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/pkgs/tools/graphics/flam3/default.nix b/pkgs/tools/graphics/flam3/default.nix index bd959e3227e7..01e3693259a5 100644 --- a/pkgs/tools/graphics/flam3/default.nix +++ b/pkgs/tools/graphics/flam3/default.nix @@ -1,24 +1,42 @@ -{lib, stdenv, fetchFromGitHub, zlib, libpng, libxml2, libjpeg }: +{ lib +, stdenv +, fetchFromGitHub +, libjpeg +, libpng +, libxml2 +, zlib +}: stdenv.mkDerivation rec { pname = "flam3"; - version = "3.1.1-${lib.strings.substring 0 7 rev}"; - rev = "e0801543538451234d7a8a240ba3b417cbda5b21"; + version = "3.1.1+date=2018-04-12"; src = fetchFromGitHub { - inherit rev; owner = "scottdraves"; repo = pname; - sha256 = "18iyj16k0sn3fs52fj23lj31xi4avlddhbib6kk309576nlxp17w"; + rev = "7fb50c82e90e051f00efcc3123d0e06de26594b2"; + hash = "sha256-cKRfmTcyWY2LyxqojTzxD2wnxu5eh3emHi51bhS3gYg="; }; - buildInputs = [ zlib libpng libxml2 libjpeg ]; + buildInputs = [ + libjpeg + libpng + libxml2 + zlib + ]; meta = with lib; { - description = "Cosmic recursive fractal flames"; homepage = "https://flam3.com/"; - maintainers = with maintainers; [ ]; - platforms = platforms.linux; + description = "Cosmic recursive fractal flames"; + longDescription = '' + Flames are algorithmically generated images and animations. The software + was originally written in 1992 and released as open source, aka free + software. Over the years it has been greatly expanded, and is now widely + used to create art and special effects. The shape and color of each image + is specified by a long string of numbers - a genetic code of sorts. + ''; license = licenses.gpl3Plus; + maintainers = with maintainers; [ AndersonTorres ]; + platforms = platforms.linux; }; } From fc66ea690a8eb88734af58cd1c533935dc9ec4f4 Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Sat, 27 Nov 2021 14:14:30 -0300 Subject: [PATCH 13/15] aaphoto: init at 0.43.1 --- pkgs/tools/graphics/aaphoto/default.nix | 49 +++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 51 insertions(+) create mode 100644 pkgs/tools/graphics/aaphoto/default.nix diff --git a/pkgs/tools/graphics/aaphoto/default.nix b/pkgs/tools/graphics/aaphoto/default.nix new file mode 100644 index 000000000000..1d0900759320 --- /dev/null +++ b/pkgs/tools/graphics/aaphoto/default.nix @@ -0,0 +1,49 @@ +{ lib +, stdenv +, fetchFromGitHub +, jasper +, libpng +, libjpeg +, zlib +}: + +stdenv.mkDerivation rec { + pname = "aaphoto"; + version = "0.43.1"; + + src = fetchFromGitHub { + owner = "log69"; + repo = pname; + rev = "v${version}"; + hash = "sha256-qngWWqV2vLm1gO0KJ0uHOCf2IoEAs1oiygpJtDvt3s8="; + }; + + buildInputs = [ + jasper + libpng + libjpeg + zlib + ]; + + postInstall = '' + install -Dm644 NEWS README REMARKS TODO -t $out/share/doc/${pname} + ''; + + meta = with lib; { + homepage = "http://log69.com/aaphoto_en.html"; + description = "Free and open source automatic photo adjusting software"; + longDescription = '' + Auto Adjust Photo tries to give a solution for the automatic color + correction of photos. This means setting the contrast, color balance, + saturation and gamma levels of the image by analization. + + This can be a solution for those kind of users who are not able to manage + and correct images with complicated graphical softwares, or just simply + don't intend to spend a lot of time with manually correcting the images + one-by-one. + ''; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ AndersonTorres ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 404b07db8a81..dc5728ac01ed 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -32227,6 +32227,8 @@ with pkgs; electricsheep = callPackage ../misc/screensavers/electricsheep { }; + aaphoto = callPackage ../tools/graphics/aaphoto {}; + flam3 = callPackage ../tools/graphics/flam3 { }; glee = callPackage ../tools/graphics/glee { }; From 9440449acbf32742850395c22345efe2e69ee322 Mon Sep 17 00:00:00 2001 From: AndersonTorres Date: Sat, 27 Nov 2021 17:10:39 -0300 Subject: [PATCH 14/15] aaphoto: set meta.broken to true in Darwin It fails detecting OpenMP libraries. --- pkgs/tools/graphics/aaphoto/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/tools/graphics/aaphoto/default.nix b/pkgs/tools/graphics/aaphoto/default.nix index 1d0900759320..1487f9eac435 100644 --- a/pkgs/tools/graphics/aaphoto/default.nix +++ b/pkgs/tools/graphics/aaphoto/default.nix @@ -45,5 +45,6 @@ stdenv.mkDerivation rec { license = licenses.gpl3Plus; maintainers = with maintainers; [ AndersonTorres ]; platforms = platforms.unix; + broken = stdenv.isDarwin; # aaphoto.c:237:10: fatal error: 'omp.h' file not found }; } From 8fb36866b8be4ebad0c160845774008a1d3f851d Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Sun, 28 Nov 2021 00:04:47 +0100 Subject: [PATCH 15/15] octopus: 11.2 -> 11.3 --- pkgs/applications/science/chemistry/octopus/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/science/chemistry/octopus/default.nix b/pkgs/applications/science/chemistry/octopus/default.nix index 0434bfe120c8..86addd5bd696 100644 --- a/pkgs/applications/science/chemistry/octopus/default.nix +++ b/pkgs/applications/science/chemistry/octopus/default.nix @@ -11,13 +11,13 @@ assert (!blas.isILP64) && (!lapack.isILP64); stdenv.mkDerivation rec { pname = "octopus"; - version = "11.2"; + version = "11.3"; src = fetchFromGitLab { owner = "octopus-code"; repo = "octopus"; rev = version; - sha256 = "sha256-leEcUSjpiP13l65K9WKN2GXTtTa8vvK/MFxR2zH6Xno="; + sha256 = "0n04yvnc0rg3lvnkkdpbwkfl6zg544260p3s65vwkc5dflrhk34r"; }; nativeBuildInputs = [