Whenever we create scripts that are installed to $out, we must use runtimeShell
in order to get the shell that can be executed on the machine we create the
package for. This is relevant for cross-compiling. The only use case for
stdenv.shell are scripts that are executed as part of the build system.
Usages in checkPhase are borderline however to decrease the likelyhood
of people copying the wrong examples, I decided to use runtimeShell as well.
Rationale
---------
Currently, tests are hard to discover. For instance, someone updating
`dovecot` might not notice that the interaction of `dovecot` with
`opensmtpd` is handled in the `opensmtpd.nix` test.
And even for someone updating `opensmtpd`, it requires manual work to go
check in `nixos/tests` whether there is actually a test, especially
given not so many packages in `nixpkgs` have tests and this is thus most
of the time useless.
Finally, for the reviewer, it is much easier to check that the “Tested
via one or more NixOS test(s)” has been checked if the file modified
already includes the list of relevant tests.
Implementation
--------------
Currently, this commit only adds the metadata in the package. Each
element of the `meta.tests` attribute is a derivation that, when it
builds successfully, means the test has passed (ie. following the same
convention as NixOS tests).
Future Work
-----------
In the future, the tools could be made aware of this `meta.tests`
attribute, and for instance a `--with-tests` could be added to
`nix-build` so that it also builds all the tests. Or a `--without-tests`
to build without all the tests. @Profpatsch described in his NixCon talk
such systems.
Another thing that would help in the future would be the possibility to
reasonably easily have cross-derivation nix tests without the whole
NixOS VM stack. @7c6f434c already proposed such a system.
This RFC currently handles none of these concerns. Only the addition of
`meta.tests` as metadata to be used by maintainers to remember to run
relevant tests.
Ldap authentication is fairly common in any reasonable sized mail setup.
Our dovecot also comes with ldap support.
Other distributions like debian, archlinux, ubuntu and fedora also
provide ldap support along with there postfix server.
It might be also useful to have database support, but this is a different pull request.
Dovecot has its own SASL implementation,
but needs Cyrus SASL's headers to bind to an LDAP server using SASL.
This is useful to avoid the need to manage a dnpass= in dovecot-ldap.conf
by using the Unix socket to authenticate.
This is done with sasl_mech=EXTERNAL in dovecot-ldap.conf, and some olcAccess: with
by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
in the slapd's cn=config for the LDAP database queried by dovecot/auth (which runs as root).
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/exim/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exipick --help’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exiqsumm -h’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exiqsumm --help’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exiqsumm help’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exigrep -h’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exigrep --help’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exigrep help’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exiqgrep -h’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exiqgrep help’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exinext -h’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exinext --help’ got 0 exit code
- ran ‘/nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91/bin/exinext help’ got 0 exit code
- found 4.91 with grep in /nix/store/8dn8r8szcjvgkaanp35ml2ms31r92jrd-exim-4.91
- directory tree listing: https://gist.github.com/a7b6b20ca1752c6525abd8e6d0cef9cc
Semi-automatic update generated by https://github.com/ryantm/nix-update tools.
This update was made based on information from https://repology.org/metapackage/dovecot/versions.
These checks were done:
- built on NixOS
- ran `/nix/store/c20ip7wyymd39l7zisx38ky3bxp1sybv-dovecot-2.3.1/bin/dovecot --help` got 0 exit code
- ran `/nix/store/c20ip7wyymd39l7zisx38ky3bxp1sybv-dovecot-2.3.1/bin/dovecot --version` and found version 2.3.1
- found 2.3.1 with grep in /nix/store/c20ip7wyymd39l7zisx38ky3bxp1sybv-dovecot-2.3.1
- directory tree listing: https://gist.github.com/6d90467ee7649d7efc0a48eeacfc42c8
Semi-automatic update. These checks were done:
- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 3.3.0 with grep in /nix/store/8h882s0l773xiwgwf6flkig4yskagi3b-postfix-3.3.0
- found 3.3.0 in filename of file in /nix/store/8h882s0l773xiwgwf6flkig4yskagi3b-postfix-3.3.0
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamd -h` got 0 exit code
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamd --help` got 0 exit code
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamd -v` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamd --version` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamd -h` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamd --help` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamc --help` got 0 exit code
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamc help` got 0 exit code
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamc --help` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamadm -h` got 0 exit code
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamadm --help` got 0 exit code
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamadm help` got 0 exit code
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamadm -v` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamadm --version` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamadm -h` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamadm --help` and found version 1.6.6
- ran `/nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6/bin/rspamadm help` and found version 1.6.6
- found 1.6.6 with grep in /nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6
- found 1.6.6 in filename of file in /nix/store/9amnrkqxnjyf4fj463dglp0cvkf5wh52-rspamd-1.6.6
cc "@avnik @fpletz"
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/axvpmnbhi27rca2476cj66mv1xk92w2f-postgrey-1.37/bin/postgrey --version` and found version 1.37
- found 1.37 with grep in /nix/store/axvpmnbhi27rca2476cj66mv1xk92w2f-postgrey-1.37
- found 1.37 in filename of file in /nix/store/axvpmnbhi27rca2476cj66mv1xk92w2f-postgrey-1.37
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-send -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-send --help` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-send -V` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-send -h` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-send --help` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-receive -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-receive --help` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-receive -V` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-receive -h` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-receive --help` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-process -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-process --help` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-process -V` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-process -h` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-process --help` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-sub -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-sub --help` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-sub -V` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-sub -h` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-sub --help` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-unsub -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-unsub --help` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-unsub -V` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-unsub -h` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-unsub --help` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-bounce -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-bounce --help` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-bounce -V` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-bounce -h` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-bounce --help` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-maintd -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-maintd --help` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-maintd -V` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-maintd -h` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-maintd --help` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-list -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-list --help` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-list -V` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-list -h` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-list --help` and found version 1.3.0
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-make-ml -h` got 0 exit code
- ran `/nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0/bin/mlmmj-make-ml -h` and found version 1.3.0
- found 1.3.0 with grep in /nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0
- found 1.3.0 in filename of file in /nix/store/a9ndyb3f81ssfkxhiyls76nqcba3rlnn-mlmmj-1.3.0
cc "@edwtjo"
* pkgs: refactor needless quoting of homepage meta attribute
A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.
* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit
* Fixed some instances
* dkimproxy: init at 1.4.1
* dkimproxy: simplify by using mkDerivation
* dkimproxy: set ekleog as maintainer
* dkimproxy: style fix
* dkimproxy: also work without the right PERL5LIB environment variable
Also change to https src.url.
Changelog at https://www.opensmtpd.org/announces/release-6.0.0.txt
In particular, note that
- logging format has been reworked so scripts that consume opensmtpd
logs may need updating
- dhparams option has been removed
In line with the Nixpkgs manual.
A mechanical change, done with this command:
find pkgs -name "*.nix" | \
while read f; do \
sed -e 's/description\s*=\s*"\([a-z]\)/description = "\u\1/' -i "$f"; \
done
I manually skipped some:
* Descriptions starting with an abbreviation, a user name or package name
* Frequently generated expressions (haskell-packages.nix)
unpriviledged_smtpctl_encrypt (defaults to true) -- lets you invoke
smtpctl encrypt without being root
tag_char -- lets you override the + as in user+tag@domain.tld
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
Make top level /var/lib/postfix as root:root 0755
After generating custom configs in /var/lib/postfix/conf,
`postfix set-permissions` called, to perform all required tricks
related to queue handling (postfix use file mode bits to keep
some internal statuses, so `chmod -R` not recommended by authors,
see comments in $out/libexec/postfix/post-install for details)
Also post-install script was patched, to skip permission check/update
for files inside $out, as well as symlinks following to $NIX_STORE.
Config file `main.cf` extended with all default directory locations,
to prevent post-install script from guessing and overwrite them.
And finally all actions in activation script snippets performed
by postmap/postalias/postfix tools from current build, not random one
from paths.
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
This reverts commit cd52c04456 and
others.
Managing certificates (including revoking certificates and adding
custom certificates) becomes extremely painful if every package in the
system potentially depends on a different copy of cacert. Also, it
makes updating cacert rather expensive.