PostgreSQL with JIT support enabled doesn't work with plv8. Hence, we'd
get an evaluation failure for each
`nixosTests.postgresql.postgresql.postgresql_jit_X`.
This should be restructured in the future (less VM tests for custom
extensions, but a single VM test for this case to cover). For now, we
should get this fix out and this is a good-enough approach.
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
This will be EOL at the end of November, so there's little reason to
keep it in 24.11[1]. As discussed, we'd like to keep it for as long as
possible to make sure there's a state in nixpkgs that has the latest
minor of postgresql_12 available with the most recent CVEs fixed for
people who cannot upgrade[2].
This aspect has been made explicit in the manual now for the next .11
release.
During the discussions it has been brought up that if people just do
`services.postgresql.enable = true;` and let the code decide the
postgresql version based on `system.stateVersion`, there's a chance that
such EOL dates will be missed. To make this harder, a warning will now
be raised when using the stateVersion-condition and the oldest still
available major is selected.
Additionally regrouped the postgresql things in the release notes to
make sure these are all shown consecutively. Otherwise it's a little
hard to keep track of all the changes made to postgresql in 24.11.
[1] https://endoflife.date/postgresql
[2] https://github.com/NixOS/nixpkgs/pull/353158#issuecomment-2453056692
The test previously violated the Kubernetes version skew policy by
deploying a kubelet of hte most recent version in a cluster with an
older apiserver.
This was intended for quite some time already, but ever since enableJIT
was changed to be the source of truth of JIT-iness for the PostgreSQL
module, this hasn't worked for the tests anymore.
There is no need to fire up a whole VM just to run a two line test of
creating the extension. We can use postgresqlTestExtension for that.
This has the advantage that it runs with postgresqlTestHook, so without
a VM, making it more portable.
Manually importing postgresql packages from the /pkgs/ folder or
manually importing the test from /nixos/tests/ in generic.nix is not
only ugly, but also forbidden should we ever move to pkgs/by-name.
We can achieve almost the same with a slightly different setup. We allow
overriding the postgresql package for the test via passthru.override, to
make sure that each postgresql_xx.tests.postgresql-wal-receiver is
properly teted with the right version.
Addresses
The -k option will be deprecated. Please use the --set-key-file option
instead.
This isn't causing any problems _yet_, but it seems easy enough to fix it now
already.
There now is a "Refresh Hardware Keys" icon since 2.7.7, which we have to skip.
I also needed to add more explicit handling of the intermediate file dialog to
get the test to pass.
git v2.47.0 made changes to trace2's nesting.
trace2.eventNesting (GIT_TRACE2_EVENT_NESTING) defaults to 2, but the
nested region we are after gained a level and is now at level 3 instead
of 2.
eventNesting describes the maximum nesting level to be logged.
So to make it log the negotated-version in connect.c again, we increase
the default by one, from 2 to 3.
Previously, the base system had grub in `systemPackages` but the
specialisations did not. This is because of a few factors:
- Grub was enabled in the nixos config
- Specialisations set `grub.device = "nodev"` (see: system/activation/no-clone.nix)
- Grub is added to `systemPackages` depending on whether `devices == ["nodev"]`
This meant that switching between the base system and a specialisation
always changed `system-path.drv`, which is a reload trigger for
dbus. With grub disabled in this test, this no longer happens.
Reverts #344407
This has broken nixos-rebuild switch so that it no longer updates the profile, which has bad consequences including not updating the systemd-boot menu with new generations.
bitcoind v28 made a breaking change that affects lnd. This setting
reverts bitcoind to old behavior until lnd is updated to be compatible
with bitcoind v28.
