Commit Graph

347111 Commits

Author SHA1 Message Date
Sandro
a2eb380988
Merge pull request #155289 from SuperSandro2000/python39Packages.google-api-core 2022-01-17 13:15:11 +01:00
Sandro
de5bf4f833
Merge pull request #155311 from cpcloud/bump-pulumi 2022-01-17 13:12:37 +01:00
Bobby Rong
02de14e258
Merge pull request #155018 from bbigras/kopia
kopia: 0.9.8 -> 0.10.0
2022-01-17 20:12:26 +08:00
Ryan Lahfa
dcdc03c7c1
python3Packages.socketio-client: init at 0.7.2 (#155269)
Co-authored-by: Fabian Affolter <mail@fabian-affolter.ch>
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-01-17 13:12:04 +01:00
Fabian Affolter
86e6b9170c
Merge pull request #155307 from fabaff/fix-gvm-tools
python3Packages.gvm-tools: disable failing tests
2022-01-17 13:06:40 +01:00
Fabian Affolter
0a534832f6
Merge pull request #155302 from fabaff/fix-build
python3Packages.build: ignore DeprecationWarning
2022-01-17 13:04:32 +01:00
Fabian Affolter
926271efca
Merge pull request #155301 from fabaff/fix-commoncode
python310Packages.commoncode: disable failing test
2022-01-17 13:02:00 +01:00
Fabian Affolter
73e71ed4cd
Merge pull request #155312 from fabaff/fix-demjson
python3Packages.demjson: only run tests on Python 2
2022-01-17 13:00:18 +01:00
Bobby Rong
262f5046c5
Merge pull request #155310 from 06kellyjac/deno
deno: 1.17.2 -> 1.17.3
2022-01-17 19:57:36 +08:00
talyz
95430e31f5
nixos/keycloak: Reformat the code with nixpkgs-fmt 2022-01-17 12:47:53 +01:00
talyz
21b1de2bcd
nixos/keycloak: Inherit library functions and builtins
Instead of referencing all library functions through `lib.` and
builtins through `builtins.` at every invocation, inherit them into
the appropriate scope.
2022-01-17 12:42:30 +01:00
Elis Hirwing
4f26cbfadb
Merge pull request #155122 from drupol/php/bump-to-7-4-27
php: 7.4.26 -> 7.4.27, 8.0.13 -> 8.0.14
2022-01-17 12:41:50 +01:00
Michal Sojka
a6f6108149 inkscape: fix line spacing problem
Inkscape does not work well with with Pango 1.49+ (nixpkgs has Pango
1.50.0). An upstream commit with the fix will be a part of upcomming
1.1.2 release due in a month. Until than, let's apply the fix in
nixpkgs.
2022-01-17 12:33:57 +01:00
Yarny0
756f45306b tsm-client: 8.1.13.2 -> 8.1.13.3
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6540692 (CVE-2021-44832)
2022-01-17 12:09:27 +01:00
Yarny0
be904af99c tsm-client: 8.1.13.1 -> 8.1.13.2
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6537640 (CVE-2021-45105, CVE-2021-45046)
2022-01-17 12:09:27 +01:00
Yarny0
4a42ca06c1 tsm-client: 8.1.13.0 -> 8.1.13.1
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6527080 (CVE-2021-44228)
2022-01-17 12:09:27 +01:00
Yarny0
66d068bf66 tsm-client: use rpm source instead of deb/Ubuntu
IBM publishes their IBM Spectrum Protect client
for Linux in two flavors:

* "Linux x86_64 client"
* "Linux x86_64 Ubuntu client"

Up to this commit, nixpkgs used the Ubuntu
flavor to build its `tsm-client` derivation.
However, the history of published archive files in

* https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/client/v8r1/Linux/
* https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/client/v8r1/Linux/

suggests that updates in the fourth level of
the version numbers (e.g. 8.1.13.0 -> 8.1.13.1)
do not get published as Ubuntu flavor.
It order to be able to always use the latest release,
this commit switches to the non-Ubuntu flavor.
The non-Ubuntu archive contains rpm files,
so this commit switches from `ar` to `rpmextract`.
Instead of unpacking all deb files,
the build recipe now unpacks all _but one_ rpm file:
The file `TIVsm-WEBGUI.x86_64.rpm` apparently
contains a plugin that is not included
in the Ubuntu version (see note below).
Comparing the old and the new derivation's output indicates
that this choice minimizes the difference between the results:

The output of the old (Ubuntu flavor) derivation contains:
* `commons-codec-1.6.jar`
* `share/` with changelog and copyright information
  for the packages `gskssl64` and `gskcrypt64`

The output of the new (non-Ubuntu flavor) derivation contains:
* `lib64`, symlink to `lib`
* `commons-codec-1.14.jar`
* `opt/tivoli/tsm/license/{api,baclient}/sm/`
  with license agreement files in many languages

Besides these differences, the outputs' file names are equal.

Note: I don't know what functionality
`TIVsm-WEBGUI.x86_64.rpm` actually provides.
Unpacking it with the other rpm files makes patchelf complain
about missing X11 libraries, so in order to include it here,
one would likely need to add those to `buildInputs`.
However, as the old (Ubuntu flavor) `tsm-client` package
did not contain this functionality and as I cannot test
or use it in any way, I opted to not include it now.
If we want to include this with a later commit,
we should add another package build option (like `enableGui`)
so that the default `tsm-client` package does not pull in
X11 libraries and its closure size therefore stays small.
2022-01-17 12:09:27 +01:00
Yarny0
f6dca95c5d tsm-client: add test derivation and a module test
The tsm-client needs a tsm-server to do anything useful.
Without a server, automated tests can just
check diagnostic outputs for plausibility.

The commit at hand adds two tests:

1.
The command line interface `dsmc` is called,
then it is verified that the program does

* report the correct client version,
* find its configuration file,
* report a connection error.

2.
To check the GUI (and the tsm-client nixos module), we add a
vm test which uses the module to install `tsm-client-withGui`.
To verify that the GUI's basic functionality is present,
we skip over all connection failure related error
messages and open the "Connection Information"
dialog from the main application window.
This dialog presents the node name and the client version;
both are verified by the test.

Note: Our `tsm-client` build recipe consists of two packages:
The "unwrapped" package and the final package.
This commit puts the unwrapped one into the final
package's `passthru` so that tests can access
the original version string that is needed to check
the client version reported by the application.
2022-01-17 12:09:27 +01:00
Yarny0
c2192ed77a nixos/tsm-{client,backup}: use new type nonEmptyStr
The module option type `nonEmptyStr` was introduced in commit

a3c5f0cba8

The tsm modules previously simply used
`strMatching ".+"` to prevent empty option strings,
but the new type is more thorough as
it also catches space-only strings.
2022-01-17 12:09:27 +01:00
Yarny0
c5effcaaea nixos/tsm-backup: enable most systemd sandboxing options
This enables some systemd sandboxing
options for the `tsm-backup.service`.
Those settings have been determined by expermentation.
This commit tries hard to protect the filesystem from
write access, but not to hide anything from read access,
so users can backup all files they choose to backup.
An exception are API filesystems (`/dev`, `/proc`, `/sys`):
As their "files" are not stored on persistent storage,
they are sandboxed away as much as possible.

Note that the service still has to run with root
privileges to reach files with limited access permissions.
The obvious alternative to use a dedicated user account and
the `CAP_DAC_READ_SEARCH` capability to permit system-wide
read access while blocking write access does not work.
Experiments have shown that `dsmc` verifies access permissions
for each file before attempting to open it for reading.
Hence `dsmc` refuses to copy files where the file permission
mode blocks read access -- even if process capabilities
would allow it to proceed irrespective of permissions.
2022-01-17 12:09:27 +01:00
Yarny0
3f6d1f5f60 nixos/tsm-{client,backup}: update links in module comments
IBM has changed the URL structures of their support web pages.
The commit at hand updates URLs in two comments
so they follow the new structure.
2022-01-17 12:09:27 +01:00
Yarny0
8fa6f90ad6 tsm-client: set mainProgram
The TSM command line client `dsmc` should be the
program that is usually invoked from this package.
However, if a user explicitely asks for the
package with GUI support (with `enableGui`,
available in the package `tsm-client-withGui`),
we set the mainProgram to the graphical application `dsmj`
as that's likely what the user is looking for.
2022-01-17 12:09:27 +01:00
Yarny0
7934926b2e tsm-client: makeWrapper buildInputs to nativeBuildInputs
Although I'm not sure if `tsm-client` will ever be
subject to cross-compiling, referencing makeWrapper
from native BuildInputs is The Right Thing.

This is a kind of follow-up of
https://github.com/NixOS/nixpkgs/pull/112276
2022-01-17 12:09:26 +01:00
Yarny0
5ad0ecb901 tsm-client: 8.1.8.0 -> 8.1.13.0
tsm-client now links against openssl;
patchelf complains without it.

Links to IBM's "Authorized Program Analysis Report"s
(something like release notes),
to READMEs, and to Security Bulletins,
for all updates between 8.1.8.0 and 8.1.13.0:

* 8.1.9.x
  * APARs: https://www.ibm.com/support/pages/node/1077159
  * READMEs: https://www.ibm.com/support/pages/node/1108473
  * https://www.ibm.com/support/pages/node/1107261 (CVE-2018-2025)
  * https://www.ibm.com/support/pages/node/1107777 (CVE-2019-4406)

* 8.1.10.x
  * APARs: https://www.ibm.com/support/pages/node/6223098
  * READMEs: https://www.ibm.com/support/pages/node/6223388
  * https://www.ibm.com/support/pages/node/6221448 (CVE-2020-4494, CVE-2020-4406)
  * https://www.ibm.com/support/pages/node/6245356 (CVE-2020-2654)
  * https://www.ibm.com/support/pages/node/6245366 (CVE-2015-4000)

* 8.1.11.x
  * APARs: https://www.ibm.com/support/pages/node/6367203
  * READMEs: https://www.ibm.com/support/pages/node/6367205
  * https://www.ibm.com/support/pages/node/6371646
  * https://www.ibm.com/support/pages/node/6371650
  * https://www.ibm.com/support/pages/node/6371652

* 8.1.12.x
  * APARs: https://www.ibm.com/support/pages/node/6429561
  * READMEs: https://www.ibm.com/support/pages/node/6443671
  * https://www.ibm.com/support/pages/node/6445503 (CVE-2021-20532)
  * https://www.ibm.com/support/pages/node/6445497 (CVE-2021-29672, CVE-2021-20546)
  * https://www.ibm.com/support/pages/node/6445489 (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)
  * https://www.ibm.com/support/pages/node/6445483 (CVE-2020-27221, CVE-2020-14782)

* 8.1.13.x
  * APARs: https://www.ibm.com/support/pages/node/6524936
  * READMEs: https://www.ibm.com/support/pages/node/6524938
  * https://www.ibm.com/support/pages/node/6524706 (CVE-2021-39048)
  * https://www.ibm.com/support/pages/node/6524712 (CVE-2021-3712, CVE-2021-3711)
2022-01-17 12:09:26 +01:00
Yarny0
517ae2a288 tsm-client: update URL structure
IBM has changed the URL structures of their support web pages.
The commit at hand updates most URLs and
in particular the package update instructions
so they follow the new structure.
It also calculates the source download URL from the
version number, so package updates no longer have to
update the URL in addition to the version string.
2022-01-17 12:09:26 +01:00
Yarny0
6d134acc4a tsm-client: use explicit package option for Java GUI
The tsm-client package comes in two flavours:
command line only (`tsm-client`) and with a
Java-backed GUI (`tsm-client-withGui`).
To control which package is built,
the build recipe simply used to check if the
`jdk8` package was provided as package input.
This commit changes this mechanism:
The build recipe now accepts the explicit option `enableGui`,
which is set to `false` by default.

As the commit at hand touches the build recipe arguments,
it also changes argument sorting following
https://nixos.org/manual/nixpkgs/stable/#sec-syntax
2022-01-17 12:09:26 +01:00
Yarny0
ce6eea6002 tsm-client: add gnugrep to PATH
While testing the new version, I observed that
`dsmc` prints an error "sh: grep: command not found"
when executed with empty PATH.
Apparently, `dsmc` needs `grep` in its PATH.
2022-01-17 12:09:26 +01:00
Yarny0
6e157a481a tsm-client: fix lvm2 support
lvm2 support was broken when lvm2 got
converted to a multiple-output derivation:

https://github.com/NixOS/nixpkgs/pull/93024
d3a991d410

The `runtimeDependencies` attribute doesn't specifically
look for a `lib` output, so it uses the main `out` output
which no longer contains the library object files.

Since TSM loads the `libdevmapper.so` library
dynamically (likely with `dlfcn.h` functions),
the breakage couldn't be detected at build time.

The commit at hand simply uses
`getLib` to pick the correct output.
2022-01-17 12:09:23 +01:00
talyz
5010f4fff9
nixos/keycloak: Use LoadCredential to load secrets
Use systemd's LoadCredential mechanism to make the secret files
available to the service.

This gets rid of the privileged part of the ExecPreStart script which
only served to copy these files and assign the correct
permissions. There's been issues with this approach when used in
combination with DynamicUser, where sometimes the user isn't created
before the ExecPreStart script runs, causing the error

install: invalid user ‘keycloak’

This should fix that issue.

Unfortunately, all of the ExecPreStart script had to be moved to
ExecStart, since credentials aren't provided to ExecPreStart. See
https://github.com/systemd/systemd/issues/19604.
2022-01-17 11:46:51 +01:00
misuzu
1ea75adb02 git-workspace: 0.8.0 -> 0.9.0 2022-01-17 11:41:26 +01:00
Tom Fitzhenry
f32154da14 spot: 0.2.2 -> 0.3.0
https://github.com/xou816/spot/releases/tag/0.3.0
2022-01-17 21:31:23 +11:00
Timo Kaufmann
e3b041ac07
Merge pull request #145767 from midchildan/fix/noto-cjk
noto-fonts-cjk: add missing serif font
2022-01-17 11:23:40 +01:00
afreakk
9f0ec3ed16 yaml-merge: unstable- 2016-02-16 -> 2022-01-12 2022-01-17 11:11:55 +01:00
Sandro
1f82dc8d9b
Merge pull request #155139 from ivankovnatsky/patch-24 2022-01-17 11:06:24 +01:00
Renaud
0448ee08a4
Merge pull request #153260 from r-ryantm/auto-update/klibc
klibc: 2.0.9 -> 2.0.10
2022-01-17 11:02:38 +01:00
Sandro
fd180ee549
Merge pull request #140265 from McSinyx/blackshades-2.4.0 2022-01-17 10:58:06 +01:00
Sandro
44e6704c37
Merge pull request #150169 from bew/init-rofi-wayland 2022-01-17 10:53:33 +01:00
Fabian Affolter
7a41423022 python3Packages.demjson: only run tests on Python 2 2022-01-17 10:52:53 +01:00
Sandro
b50dfc5e6a
Merge pull request #155306 from cameronfyfe/add-vscode-language-packs 2022-01-17 10:51:07 +01:00
Phillip Cloud
fd6f913af5
chore(pulumi): regenerate data.nix after version bump 2022-01-17 04:40:11 -05:00
Phillip Cloud
d30fe4b438
pulumi: 3.21.0 -> 3.22.1 2022-01-17 04:40:10 -05:00
github-actions[bot]
5883bf6728 terraform-providers: update 2022-01-17 2022-01-17 19:36:58 +10:00
Sandro
2cc9cae45d
Merge pull request #155281 from SuperSandro2000/yle-dl 2022-01-17 10:33:21 +01:00
Sandro
d3fb6ebc75
Merge pull request #155308 from datafoo/vscode-extensions.streetsidesoftware.code-spell-checker 2022-01-17 10:30:45 +01:00
Sandro
fe9ab85ac4
Merge pull request #155305 from datafoo/vscode-extensions.stkb.rewrap 2022-01-17 10:29:23 +01:00
06kellyjac
1e75a13d8e deno: 1.17.2 -> 1.17.3 2022-01-17 09:29:14 +00:00
cameronfyfe
2eaa8d8bbf vscode: add non-english language packs 2022-01-17 02:17:34 -07:00
datafoo
e8242572da vscode-extensions.streetsidesoftware.code-spell-checker: 2.0.14 -> 2.1.4 2022-01-17 10:15:49 +01:00
Fabian Affolter
c7b528d3ad python3Packages.gvm-tools: disable failing tests 2022-01-17 10:15:35 +01:00
Fabian Affolter
e00e384be4
Merge pull request #155288 from SuperSandro2000/python39Packages.google-cloud-bigquery
python39Packages.google-cloud-bigquery: 2.31.0 -> 2.32.0
2022-01-17 10:14:04 +01:00