with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
...but still allow for setting `dataDir` to a custom path. This gets
rid of the use of the deprecated option PermissionsStartOnly. Also, add
the ability to customize user and group, since that could be useful
with a custom `dataDir`.
Done with the help of https://github.com/Mindavi/nixpkgs-mark-broken
Tool is still WIP but this is one of the first results.
I manually audited the results and removed some results that were not valid.
Note that some of these packages maybe should have more constrained platforms set
instead of broken set, but I think not being perfectly correct is better than
just keep trying to build all these things and never succeeding.
Some observations:
- Some darwin builds require XCode tools
- aarch64-linux builds sometimes suffer from using gcc9
- gcc9 is getting older and misses some new libraries/features
- Sometimes tools try to do system detection or expect some explicit settings for
platforms that are not x86_64-linux
glibc's libcrypt is deprecated and since
ff30c899d8
is built by default without libcrypt, that's probably the point when `elasticsearch6`
started failing with
```
auto-patchelf: 3 dependencies could not be satisfied
error: auto-patchelf could not satisfy dependency libcrypt.so.1 wanted by /nix/store/nd0gn95yfnnmnnw8zk2jnafc9gj2qy91-elasticsearch-6.8.21/modules/x-pack-ml/platform/linux-x86_64/lib/liblog4cxx.so.10
error: auto-patchelf could not satisfy dependency libcrypt.so.1 wanted by /nix/store/nd0gn95yfnnmnnw8zk2jnafc9gj2qy91-elasticsearch-6.8.21/modules/x-pack-ml/platform/linux-x86_64/lib/libaprutil-1.so.0
error: auto-patchelf could not satisfy dependency libcrypt.so.1 wanted by /nix/store/nd0gn95yfnnmnnw8zk2jnafc9gj2qy91-elasticsearch-6.8.21/modules/x-pack-ml/platform/linux-x86_64/lib/libapr-1.so.0
```
Let's add libxcrypt dependency, also note that `elasticsearch6-oss` doesn't
seem to need it.
Should resolve https://github.com/NixOS/nixpkgs/issues/203467
Extra note is elk6 may get removed from nixpkgs soon in favor of elk7
https://github.com/NixOS/nixpkgs/pull/194420
The solr update in #161875 has gone nowhere sofar, while multiple CVEs
are lingering, which makes this a prime candidate to mark insecure.
The maintainer has indicated they wanted to remove themself, which has
not happened yet, so this takes care of that.
https://github.com/NixOS/nixpkgs/pull/161875#issuecomment-1058025102
* elk7: 7.11.1 -> 7.16.1
* nixosTests.elk: Improve reliability and compatibility with ELK 7.x
- Use comparisons in jq instead of grepping
- Match for `.hits.total.value` if version >= 7, otherwise it always
passes
- Make curl fail if requests fails
* nixos/filebeat: Add initial module and test
Filebeat is an open source file harvester, mostly used to fetch logs
files and feed them into logstash.
This module can be used instead of journalbeat if used with
`filebeat7` and configured with the `journald` input.
* python3Packages.parsedmarc.tests: Fix breakage
- Don't use the deprecated elasticsearch7-oss package
- Improve jq query robustness and add tracing
* rl-2205: Note the addition of the filebeat service
* elk6: 6.8.3 -> 6.8.21
The latest version includes a fix for CVE-2021-44228.
* nixos/journalbeat: Add a loose dependency on elasticsearch
Avoid unnecssary back-off when elasticsearch is running on the same
host.
Fixes dependency error while building search-guard:
Exception in thread "main" java.lang.IllegalArgumentException: Missing plugin [lang-painless], dependency of [search-guard-7]
The options as specified were not a coherent set. There were three
things to consider: autoPatchelfHook, the regular rpath
fixup (controlled by dontPatchELF) and the elf interpreter rewrite in
the postFixup hook.
The autoPatchelfHook will set the interpreter, so the explicit
invocation of patchelf to do so in postFixup should not be required.
The autoPatchelfHook will rewrite rpaths entirely, so disabling the
rpath minimizing via dontPatchELF should have no effect.
Rust 1.50.0 incorporated a Cargo change (rust-lang/cargo#8937) in
which cargo vendor erroneously changed permissions of vendored
crates. This was fixed in Rust
1.51.0 (rust-lang/cargo#9131). Unfortunately, this means that all
cargoSha256/cargoHashes produced during the Rust 1.50.0 cycle are
potentially broken.
This change updates cargoSha256/cargoHash tree-wide.
Fixes#121994.
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
