Done with the help of https://github.com/Mindavi/nixpkgs-mark-broken
Tool is still WIP but this is one of the first results.
I manually audited the results and removed some results that were not valid.
Note that some of these packages maybe should have more constrained platforms set
instead of broken set, but I think not being perfectly correct is better than
just keep trying to build all these things and never succeeding.
Some observations:
- Some darwin builds require XCode tools
- aarch64-linux builds sometimes suffer from using gcc9
- gcc9 is getting older and misses some new libraries/features
- Sometimes tools try to do system detection or expect some explicit settings for
platforms that are not x86_64-linux
glibc's libcrypt is deprecated and since
ff30c899d8
is built by default without libcrypt, that's probably the point when `elasticsearch6`
started failing with
```
auto-patchelf: 3 dependencies could not be satisfied
error: auto-patchelf could not satisfy dependency libcrypt.so.1 wanted by /nix/store/nd0gn95yfnnmnnw8zk2jnafc9gj2qy91-elasticsearch-6.8.21/modules/x-pack-ml/platform/linux-x86_64/lib/liblog4cxx.so.10
error: auto-patchelf could not satisfy dependency libcrypt.so.1 wanted by /nix/store/nd0gn95yfnnmnnw8zk2jnafc9gj2qy91-elasticsearch-6.8.21/modules/x-pack-ml/platform/linux-x86_64/lib/libaprutil-1.so.0
error: auto-patchelf could not satisfy dependency libcrypt.so.1 wanted by /nix/store/nd0gn95yfnnmnnw8zk2jnafc9gj2qy91-elasticsearch-6.8.21/modules/x-pack-ml/platform/linux-x86_64/lib/libapr-1.so.0
```
Let's add libxcrypt dependency, also note that `elasticsearch6-oss` doesn't
seem to need it.
Should resolve https://github.com/NixOS/nixpkgs/issues/203467
Extra note is elk6 may get removed from nixpkgs soon in favor of elk7
https://github.com/NixOS/nixpkgs/pull/194420
The solr update in #161875 has gone nowhere sofar, while multiple CVEs
are lingering, which makes this a prime candidate to mark insecure.
The maintainer has indicated they wanted to remove themself, which has
not happened yet, so this takes care of that.
https://github.com/NixOS/nixpkgs/pull/161875#issuecomment-1058025102
* elk7: 7.11.1 -> 7.16.1
* nixosTests.elk: Improve reliability and compatibility with ELK 7.x
- Use comparisons in jq instead of grepping
- Match for `.hits.total.value` if version >= 7, otherwise it always
passes
- Make curl fail if requests fails
* nixos/filebeat: Add initial module and test
Filebeat is an open source file harvester, mostly used to fetch logs
files and feed them into logstash.
This module can be used instead of journalbeat if used with
`filebeat7` and configured with the `journald` input.
* python3Packages.parsedmarc.tests: Fix breakage
- Don't use the deprecated elasticsearch7-oss package
- Improve jq query robustness and add tracing
* rl-2205: Note the addition of the filebeat service
* elk6: 6.8.3 -> 6.8.21
The latest version includes a fix for CVE-2021-44228.
* nixos/journalbeat: Add a loose dependency on elasticsearch
Avoid unnecssary back-off when elasticsearch is running on the same
host.
Fixes dependency error while building search-guard:
Exception in thread "main" java.lang.IllegalArgumentException: Missing plugin [lang-painless], dependency of [search-guard-7]