From 2ff91293374111a7a07345b912b5b4316d562a44 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Wed, 15 Jul 2015 12:19:38 +0200 Subject: [PATCH 01/14] xen: fixes (authored by michalpalka) Xen required a few changes in order to be usable: * Include xenfs module in initrd as loading it in the activation script was failing. * Include /etc/default/xendomains, which is needed by xen-domains service. * Create /var/log/xen and /var/lib/xen directories in the xen-store service, which are needed by the xl command. The directories could be created by any other script as long as they are guaranteed to exist before xl is called. * Fix a reference to /bin/ls in the xendomains script. --- nixos/modules/virtualisation/xen-dom0.nix | 10 +++++++++- pkgs/applications/virtualization/xen/generic.nix | 3 +++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix index c750286a3970..a0b2d5363eb2 100644 --- a/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixos/modules/virtualisation/xen-dom0.nix @@ -121,6 +121,10 @@ in "xenfs" ]; + # The xenfs module is needed in system.activationScripts.xen, but + # the modprobe command there fails silently. Include xenfs in the + # initrd as a work around. + boot.initrd.kernelModules = [ "xenfs" ]; # The radeonfb kernel module causes the screen to go black as soon # as it's loaded, so don't load it. @@ -182,6 +186,9 @@ in { source = "${pkgs.xen}/etc/xen/scripts"; target = "xen/scripts"; } + { source = "${pkgs.xen}/etc/default/xendomains"; + target = "default/xendomains"; + } ]; # Xen provides udev rules. @@ -199,7 +206,8 @@ in rm -f "$XENSTORED_ROOTDIR"/tdb* &>/dev/null mkdir -p /var/run - ${optionalString cfg.trace "mkdir -p /var/log/xen"} + mkdir -p /var/log/xen # Running xl requires /var/log/xen and /var/lib/xen, + mkdir -p /var/lib/xen # so we create them here unconditionally. grep -q control_d /proc/xen/capabilities ''; serviceConfig.ExecStart = '' diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 2c92a9834740..32e385635250 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -147,6 +147,9 @@ stdenv.mkDerivation { --replace /etc/xen/scripts/hotplugpath.sh $out/etc/xen/scripts/hotplugpath.sh \ --replace /bin/ls ls + substituteInPlace tools/hotplug/Linux/xendomains \ + --replace /bin/ls ls + # Xen's tools and firmares need various git repositories that it # usually checks out at time using git. We can't have that. ${flip concatMapStrings xenConfig.toolsGits (x: let src = fetchgit x.git; in '' From 47bb91194b251f54cf3ad48e62a828cfc4530d1c Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Fri, 31 Jul 2015 13:41:43 +0300 Subject: [PATCH 02/14] mumble: use our celt library --- pkgs/applications/networking/mumble/default.nix | 8 +++++--- pkgs/top-level/all-packages.nix | 1 + 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/mumble/default.nix b/pkgs/applications/networking/mumble/default.nix index aececbb6130b..afe27eb38149 100644 --- a/pkgs/applications/networking/mumble/default.nix +++ b/pkgs/applications/networking/mumble/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig -, avahi, boost, libopus, libsndfile, protobuf, qt4, speex +, avahi, boost, libopus, celt, libsndfile, protobuf, qt4, speex , jackSupport ? false, libjack2 ? null , speechdSupport ? false, speechd ? null , pulseSupport ? false, libpulseaudio ? null @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { "CONFIG+=no-update" "CONFIG+=no-server" "CONFIG+=no-embed-qt-translations" - "CONFIG+=bundled-celt" + "CONFIG+=no-bundled-celt" "CONFIG+=no-bundled-opus" "CONFIG+=no-bundled-speex" ] ++ optional (!speechdSupport) "CONFIG+=no-speechd" @@ -43,7 +43,9 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ avahi boost libopus libsndfile protobuf qt4 speex ] + NIX_CFLAGS_COMPILE = [ "-I${celt}/include/celt" ]; + + buildInputs = [ avahi boost libopus celt libsndfile protobuf qt4 speex ] ++ optional jackSupport libjack2 ++ optional speechdSupport speechd ++ optional pulseSupport libpulseaudio; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6bc69da5f287..a16083456214 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12124,6 +12124,7 @@ let avahi = avahi.override { withLibdnssdCompat = true; }; + celt = celt_0_7; jackSupport = config.mumble.jackSupport or false; speechdSupport = config.mumble.speechdSupport or false; pulseSupport = config.pulseaudio or false; From f769593e327db1fb88222c9d475cfe58b32a09f7 Mon Sep 17 00:00:00 2001 From: Tadas Barzdzius Date: Fri, 31 Jul 2015 21:20:19 +0300 Subject: [PATCH 03/14] minecraft-server: 1.8.1 -> 1.8.8 --- pkgs/games/minecraft-server/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/games/minecraft-server/default.nix b/pkgs/games/minecraft-server/default.nix index a30c0e174899..82f826556f52 100644 --- a/pkgs/games/minecraft-server/default.nix +++ b/pkgs/games/minecraft-server/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "minecraft-server-${version}"; - version = "1.8.1"; + version = "1.8.8"; src = fetchurl { url = "http://s3.amazonaws.com/Minecraft.Download/versions/${version}/minecraft_server.${version}.jar"; - sha256 = "0icqkcj28l69p618vh0aah9cnvpwgvwsqlw1n5cph23q38d5lpzg"; + sha256 = "07pkdb8cnfnn8zywnhplpcdh9lrxdx8nmsgjarplf2akvhhggbir"; }; installPhase = '' From 40061f66ce03bb6dcab62b27b3bdeb0450a09850 Mon Sep 17 00:00:00 2001 From: danbst Date: Fri, 31 Jul 2015 19:57:54 +0000 Subject: [PATCH 04/14] mercurial: bump 3.3.3 -> 3.4.2 --- pkgs/applications/version-management/mercurial/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/mercurial/default.nix b/pkgs/applications/version-management/mercurial/default.nix index 12f3c8f11d86..5026efb71751 100644 --- a/pkgs/applications/version-management/mercurial/default.nix +++ b/pkgs/applications/version-management/mercurial/default.nix @@ -3,7 +3,7 @@ , ApplicationServices }: let - version = "3.3.3"; + version = "3.4.2"; name = "mercurial-${version}"; in @@ -12,7 +12,7 @@ stdenv.mkDerivation { src = fetchurl { url = "http://mercurial.selenic.com/release/${name}.tar.gz"; - sha256 = "04xfzwb7jabzsfv2r18c3w6vwag7cjrl79xzg5i3mbyb1mzkcid4"; + sha256 = "1kcfznv990mj30y4yk59hz4wkd3050h0hg7iib69w53nhi50xjfw"; }; inherit python; # pass it so that the same version can be used in hg2git From b80df37494407b0d5410365fe2446f573dd0d83a Mon Sep 17 00:00:00 2001 From: Fabian Kirchner Date: Sat, 1 Aug 2015 11:03:40 +0200 Subject: [PATCH 05/14] Add monkeysphere package --- pkgs/tools/security/monkeysphere/default.nix | 43 +++++++++ .../security/monkeysphere/monkeysphere.patch | 92 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 3 files changed, 137 insertions(+) create mode 100644 pkgs/tools/security/monkeysphere/default.nix create mode 100644 pkgs/tools/security/monkeysphere/monkeysphere.patch diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix new file mode 100644 index 000000000000..99d25007723b --- /dev/null +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -0,0 +1,43 @@ +{ stdenv, fetchurl, perl, makeWrapper, perlPackages }: + +stdenv.mkDerivation rec { + name = "monkeysphere-${version}"; + version = "0.37"; + + src = fetchurl { + url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.37.orig.tar.gz"; + sha256 = "0nbfd220miflah5l2y20qlmgfpbqi0j8h7qgx1b06h7v2jjbh45m"; + }; + + buildInputs = [ makeWrapper perl ]; + + patches = [ ./monkeysphere.patch ]; + + makeFlags = '' + PREFIX=/ + DESTDIR=$(out) + ''; + + postInstall = '' + wrapProgram $out/bin/openpgp2ssh --prefix PERL5LIB : \ + "${with perlPackages; stdenv.lib.makePerlPath [ + CryptOpenSSLRSA + CryptOpenSSLBignum + ]}" + ''; + + meta = with stdenv.lib; { + homepage = http://web.monkeysphere.info/; + description = '' + The Monkeysphere project's goal is to extend OpenPGP's web of + trust to new areas of the Internet to help us securely identify + servers we connect to, as well as each other while we work online. + The suite of Monkeysphere utilities provides a framework to + transparently leverage the web of trust for authentication of + TLS/SSL communications through the normal use of tools you are + familiar with, such as your web browser0 or secure shell. + ''; + license = licenses.gpl3; + platforms = platforms.all; + }; +} diff --git a/pkgs/tools/security/monkeysphere/monkeysphere.patch b/pkgs/tools/security/monkeysphere/monkeysphere.patch new file mode 100644 index 000000000000..8b343b93454f --- /dev/null +++ b/pkgs/tools/security/monkeysphere/monkeysphere.patch @@ -0,0 +1,92 @@ +diff -rupN monkeysphere-0.37/Makefile monkeysphere-0.37-patched/Makefile +--- monkeysphere-0.37/Makefile 2014-08-06 19:27:38.000000000 +0200 ++++ monkeysphere-0.37-patched/Makefile 2015-07-31 19:51:57.539373097 +0200 +@@ -42,11 +42,11 @@ install: all installman + mkdir -p $(DESTDIR)$(PREFIX)/share/doc/monkeysphere + printf "Monkeysphere %s\n" $(MONKEYSPHERE_VERSION) > $(DESTDIR)$(PREFIX)/share/monkeysphere/VERSION + install src/monkeysphere $(DESTDIR)$(PREFIX)/bin +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/bin/monkeysphere ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/bin/monkeysphere + install src/monkeysphere-host $(DESTDIR)$(PREFIX)/sbin +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-host + install src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/sbin/monkeysphere-authentication + install src/monkeysphere-authentication-keys-for-user $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0755 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere + install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere +@@ -59,8 +59,8 @@ install: all installman + ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2pem + ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2spki + install -m 0744 src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23 +- sed -i 's:__SYSSHAREDIR_PREFIX__:$(PREFIX):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28 ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.23 ++ sed -i 's:__SYSSHAREDIR_PREFIX__:$(DESTDIR):' $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions/0.28 + install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions + install -m 0644 src/share/m/* $(DESTDIR)$(PREFIX)/share/monkeysphere/m + install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh +diff -rupN monkeysphere-0.37/src/share/checkperms monkeysphere-0.37-patched/src/share/checkperms +--- monkeysphere-0.37/src/share/checkperms 2014-08-06 19:27:38.000000000 +0200 ++++ monkeysphere-0.37-patched/src/share/checkperms 2015-07-31 19:52:18.170675985 +0200 +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -T ++#!/usr/bin/perl + + # checkperms: ensure as best we can that a given file can only be + # modified by the given user (or the superuser, naturally). This +diff -rupN monkeysphere-0.37/src/share/keytrans monkeysphere-0.37-patched/src/share/keytrans +--- monkeysphere-0.37/src/share/keytrans 2014-08-06 19:27:38.000000000 +0200 ++++ monkeysphere-0.37-patched/src/share/keytrans 2015-07-31 20:13:36.664514290 +0200 +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -T ++#!/usr/bin/perl + + # keytrans: this is an RSA key translation utility; it is capable of + # transforming RSA keys (both public keys and secret keys) between +@@ -1069,7 +1069,7 @@ sub packetwalk { + + + for (basename($0)) { +- if (/^pem2openpgp$/) { ++ if (/pem2openpgp/) { + my $rsa; + my $stdin; + +@@ -1107,7 +1107,7 @@ for (basename($0)) { + } + ); + } +- elsif (/^openpgp2ssh$/) { ++ elsif (/openpgp2ssh/) { + my $fpr = shift; + my $instream; + open($instream,'-'); +@@ -1123,7 +1123,7 @@ for (basename($0)) { + die "No matching key found.\n"; + } + } +- elsif (/^openpgp2pem$/) { ++ elsif (/openpgp2pem/) { + my $fpr = shift; + my $instream; + open($instream,'-'); +@@ -1139,7 +1139,7 @@ for (basename($0)) { + die "No matching key found.\n"; + } + } +- elsif (/^openpgp2spki$/) { ++ elsif (/openpgp2spki/) { + my $fpr = shift; + my $instream; + open($instream,'-'); +@@ -1151,7 +1151,7 @@ for (basename($0)) { + die "No matching key found.\n"; + } + } +- elsif (/^keytrans$/) { ++ elsif (/keytrans/) { + # subcommands when keytrans is invoked directly are UNSUPPORTED, + # UNDOCUMENTED, and WILL NOT BE MAINTAINED. + my $subcommand = shift; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dda7224cb394..b4a14978e386 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -12042,6 +12042,8 @@ let monkeysAudio = callPackage ../applications/audio/monkeys-audio { }; + monkeysphere = callPackage ../tools/security/monkeysphere { }; + monodevelop = callPackage ../applications/editors/monodevelop {}; monotone = callPackage ../applications/version-management/monotone { From b6160fa7362ab62f7ad40477d63350827307e2d8 Mon Sep 17 00:00:00 2001 From: Arseniy Seroka Date: Sat, 1 Aug 2015 13:28:41 +0300 Subject: [PATCH 06/14] monkeysphere: fix description --- pkgs/tools/security/monkeysphere/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix index 99d25007723b..f0d3a870676c 100644 --- a/pkgs/tools/security/monkeysphere/default.nix +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -28,7 +28,8 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = http://web.monkeysphere.info/; - description = '' + description = "Leverage the OpenPGP web of trust for SSH and TLS authentication"; + longDescription = '' The Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify servers we connect to, as well as each other while we work online. From aa63d4299ff3236f8a47d7b20434be7785902d40 Mon Sep 17 00:00:00 2001 From: Thomas Strobel Date: Sat, 1 Aug 2015 16:56:06 +0200 Subject: [PATCH 07/14] tcsd module: expose firmwarePCRs and kernelPCRs --- nixos/modules/services/hardware/tcsd.nix | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/hardware/tcsd.nix b/nixos/modules/services/hardware/tcsd.nix index 220b154bd97a..ced2d49c1e15 100644 --- a/nixos/modules/services/hardware/tcsd.nix +++ b/nixos/modules/services/hardware/tcsd.nix @@ -17,8 +17,8 @@ let # what is available directly from the PCR registers. firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements - #firmware_pcrs = 0,1,2,3,4,5,6,7 - #kernel_pcrs = 10,11 + firmware_pcrs = ${cfg.firmwarePCRs} + kernel_pcrs = ${cfg.kernelPCRs} platform_cred = ${cfg.platformCred} conformance_cred = ${cfg.conformanceCred} endorsement_cred = ${cfg.endorsementCred} @@ -60,20 +60,32 @@ in }; stateDir = mkOption { - default = "/var/lib/tpm"; + default = "/var/lib/tpm"; type = types.path; - description = '' + description = '' The location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots. - ''; + ''; + }; + + firmwarePCRs = mkOption { + default = "0,1,2,3,4,5,6,7"; + type = types.string; + description = "PCR indices used in the TPM for firmware measurements."; + }; + + kernelPCRs = mkOption { + default = "10,11"; + type = types.string; + description = "PCR indices used in the TPM for kernel measurements."; }; platformCred = mkOption { default = "${cfg.stateDir}/platform.cert"; type = types.path; description = '' - Path to the platform credential for your TPM. Your TPM + Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, From abaedd5de57ba75c9c022169a8901913a3f25573 Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Sat, 1 Aug 2015 13:32:32 -0400 Subject: [PATCH 08/14] makemkv: 1.9.4 -> 1.9.5 --- pkgs/applications/video/makemkv/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/video/makemkv/default.nix b/pkgs/applications/video/makemkv/default.nix index 7d604101f4b1..040f74c16ff8 100644 --- a/pkgs/applications/video/makemkv/default.nix +++ b/pkgs/applications/video/makemkv/default.nix @@ -4,17 +4,17 @@ stdenv.mkDerivation rec { name = "makemkv-${ver}"; - ver = "1.9.4"; + ver = "1.9.5"; builder = ./builder.sh; src_bin = fetchurl { url = "http://www.makemkv.com/download/makemkv-bin-${ver}.tar.gz"; - sha256 = "0xr5bfbpzd1s9fyxbwj0crpgi57hm4wrm1dybx13lv4n6xdj2ww0"; + sha256 = "1qzkdrij89s748rvmibx083g1irfm8dqx257skr45i2gsg2qqijp"; }; src_oss = fetchurl { url = "http://www.makemkv.com/download/makemkv-oss-${ver}.tar.gz"; - sha256 = "0gpmyp2g44piaj47a52ik5i3sk5flbs8kqlqmjxnqkv16s01vfra"; + sha256 = "1immnlx1rld8iw89fxgq2sk2l050sa8h046ka8mdwg8682d75lfg"; }; buildInputs = [openssl qt4 mesa zlib pkgconfig libav]; From 9cac20afa856b4ebd648239fb836a6c0ae679cfb Mon Sep 17 00:00:00 2001 From: Pascal Wittmann Date: Sat, 1 Aug 2015 21:11:58 +0200 Subject: [PATCH 09/14] cv: update from 0.7.1 to 0.8 --- pkgs/tools/misc/cv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/cv/default.nix b/pkgs/tools/misc/cv/default.nix index 5b54ed1d4cf7..a92bfcdb35d3 100644 --- a/pkgs/tools/misc/cv/default.nix +++ b/pkgs/tools/misc/cv/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "cv-${version}"; - version = "0.7.1"; + version = "0.8"; src = fetchFromGitHub { owner = "Xfennec"; repo = "cv"; rev = "v${version}"; - sha256 = "1dcq45mz443mzzf344ap5dgsazhcrn3aislxs57jqbg4p5bbmh1b"; + sha256 = "17vfcv0n1ib4rh1hdl126aid7cnnk94avzlk9yp7y855iml8xzs4"; }; buildInputs = [ ncurses ]; From 4739848cbaef02f95eff820fc3eadf653f0fb378 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sat, 1 Aug 2015 18:04:40 -0700 Subject: [PATCH 10/14] libs3: 2015-01-09 -> 2015-04-23 --- pkgs/development/libraries/libs3/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/libs3/default.nix b/pkgs/development/libraries/libs3/default.nix index 62970b719048..f5c4683e7308 100644 --- a/pkgs/development/libraries/libs3/default.nix +++ b/pkgs/development/libraries/libs3/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchFromGitHub, curl, libxml2 }: stdenv.mkDerivation { - name = "libs3-2015-01-09"; + name = "libs3-2015-04-23"; src = fetchFromGitHub { owner = "bji"; repo = "libs3"; - rev = "4d21fdc0857b88c964649b321057d7105d1e4da3"; - sha256 = "1c33h8lzlpmsbkymd2dac9g8hqhd6j6yzdjrhha8bcqyys6vcpy3"; + rev = "11a4e976c28ba525e7d61fbc3867c345a2af1519"; + sha256 = "0xjjwyw14sk9am6s2m25hxi55vmsrc2yiawd6ln2lvg59xjcr48i"; }; buildInputs = [ curl libxml2 ]; @@ -17,7 +17,7 @@ stdenv.mkDerivation { meta = with stdenv.lib; { homepage = https://github.com/bji/libs3; description = "A library for interfacing with amazon s3"; - license = licenses.gpl3; + license = licenses.lgpl3; platforms = platforms.unix; }; } From dd41013dbace43cfe0ac6159c82cb193ef788355 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sat, 1 Aug 2015 18:05:18 -0700 Subject: [PATCH 11/14] ceph: Remove leaveDotGit as it is non-deterministic --- pkgs/tools/filesystems/ceph/0.80.nix | 3 +-- pkgs/tools/filesystems/ceph/0.94.nix | 3 +-- pkgs/tools/filesystems/ceph/dev.nix | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/filesystems/ceph/0.80.nix b/pkgs/tools/filesystems/ceph/0.80.nix index 3e859626ee8d..ffb52f3fa5b1 100644 --- a/pkgs/tools/filesystems/ceph/0.80.nix +++ b/pkgs/tools/filesystems/ceph/0.80.nix @@ -6,8 +6,7 @@ callPackage ./generic.nix (args // rec { src = fetchgit { url = "git://github.com/ceph/ceph.git"; rev = "refs/tags/v${version}"; - leaveDotGit = true; - sha256 = "0s81j6yj8y27hlx1hid9maz0l7bhjjskjxzxlhsikzmdc1j27m4r"; + sha256 = "1arajccczjdqp7igs17569xlq5cj4azcm5wwixg6ryypjr2grcbl"; }; patches = [ diff --git a/pkgs/tools/filesystems/ceph/0.94.nix b/pkgs/tools/filesystems/ceph/0.94.nix index 3947cd70f56b..4dca90e5f273 100644 --- a/pkgs/tools/filesystems/ceph/0.94.nix +++ b/pkgs/tools/filesystems/ceph/0.94.nix @@ -6,8 +6,7 @@ callPackage ./generic.nix (args // rec { src = fetchgit { url = "https://github.com/ceph/ceph.git"; rev = "refs/tags/v${version}"; - leaveDotGit = true; - sha256 = "094f9knxgx8vb9fb1yzld9ib4m0wpqwqgqjl3xqf0dzm48nxqd73"; + sha256 = "1nhqzmxv7bz93b8rbd88wgmw9icm2lhmc94dfscgh23kfpipyd6l"; }; patches = [ diff --git a/pkgs/tools/filesystems/ceph/dev.nix b/pkgs/tools/filesystems/ceph/dev.nix index c57bc200f24c..5cc183d1053c 100644 --- a/pkgs/tools/filesystems/ceph/dev.nix +++ b/pkgs/tools/filesystems/ceph/dev.nix @@ -6,8 +6,7 @@ callPackage ./generic.nix (args // rec { src = fetchgit { url = "https://github.com/ceph/ceph.git"; rev = "refs/tags/v${version}"; - leaveDotGit = true; - sha256 = "13iyv53kq2ka5py759cdiw0wmzpsycskvhmyr74qkpxmw9g6177y"; + sha256 = "0kydjyvb1566mh33p6dlljfx1r4cfdj8ic4i19h5r9vavkc46nf0"; }; patches = [ ./fix-pythonpath.patch ]; From 1b20c87d1f9cb9e3a90fb3077d746a9f41dbb58e Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sat, 1 Aug 2015 18:05:40 -0700 Subject: [PATCH 12/14] ceph-git: 2015-07-29 -> 2015-07-31 --- pkgs/tools/filesystems/ceph/generic.nix | 7 ++++--- pkgs/tools/filesystems/ceph/git.nix | 7 +++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/tools/filesystems/ceph/generic.nix b/pkgs/tools/filesystems/ceph/generic.nix index 51e304bec216..1130772ccd85 100644 --- a/pkgs/tools/filesystems/ceph/generic.nix +++ b/pkgs/tools/filesystems/ceph/generic.nix @@ -56,7 +56,7 @@ let optLibatomic_ops = shouldUsePkg libatomic_ops; optKinetic-cpp-client = shouldUsePkg kinetic-cpp-client; optRocksdb = shouldUsePkg rocksdb; - optLibs3 = shouldUsePkg libs3; + optLibs3 = if versionAtLeast version "10.0.0" then null else shouldUsePkg libs3; optJemalloc = shouldUsePkg jemalloc; optGperftools = shouldUsePkg gperftools; @@ -195,8 +195,6 @@ stdenv.mkDerivation { (mkWith hasKinetic "kinetic" null) (mkWith hasRocksdb "librocksdb" null) (mkWith false "librocksdb-static" null) - (mkWith (optLibs3 != null) "system-libs3" null) - (mkWith true "rest-bench" null) ] ++ optional stdenv.isLinux [ (mkWith (optLibaio != null) "libaio" null) (mkWith (optLibxfs != null) "libxfs" null) @@ -207,6 +205,9 @@ stdenv.mkDerivation { ] ++ optional (versionAtLeast version "9.0.2") [ (mkWith true "man-pages" null) (mkWith true "systemd-libexec-dir" "\${TMPDIR}") + ] ++ optional (versionOlder version "10.0.0") [ + (mkWith (optLibs3 != null) "system-libs3" null) + (mkWith true "rest-bench" null) ]; preBuild = optionalString (versionAtLeast version "9.0.0") '' diff --git a/pkgs/tools/filesystems/ceph/git.nix b/pkgs/tools/filesystems/ceph/git.nix index 8534c2fdba38..913901a0f801 100644 --- a/pkgs/tools/filesystems/ceph/git.nix +++ b/pkgs/tools/filesystems/ceph/git.nix @@ -1,13 +1,12 @@ { callPackage, fetchgit, ... } @ args: callPackage ./generic.nix (args // rec { - version = "2015-07-29"; + version = "2015-07-31"; src = fetchgit { url = "git://github.com/ceph/ceph.git"; - rev = "338ead0f498238fd1b5b7f18d86ad407de6f347b"; - leaveDotGit = true; - sha256 = "0ip62l4qkcmszbczwdnqhn93glnpgy0fhymf627x0vf49dgv3a6i"; + rev = "ef86e29259d0e863e62115926bf67287dc9a7e41"; + sha256 = "14h387ngx3fmdm0b0sgl0l743j3d22gnp3lv68ah59yc4crfgdcx"; }; patches = [ ./fix-pythonpath.patch ]; From 58d1a1b07385c99a62361577ea9d16c4e3c96972 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sat, 1 Aug 2015 18:45:23 -0700 Subject: [PATCH 13/14] ceph: Make python fixes more reliable --- pkgs/tools/filesystems/ceph/generic.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/filesystems/ceph/generic.nix b/pkgs/tools/filesystems/ceph/generic.nix index 1130772ccd85..dca6d9300206 100644 --- a/pkgs/tools/filesystems/ceph/generic.nix +++ b/pkgs/tools/filesystems/ceph/generic.nix @@ -235,15 +235,24 @@ stdenv.mkDerivation { for PY in $(find $lib/lib -name \*.py); do LIBS="$(sed -n "s/.*find_library('\([^)]*\)').*/\1/p" "$PY")" + # Delete any calls to find_library + sed -i '/find_library/d' "$PY" + # Fix each find_library call for LIB in $LIBS; do REALLIB="$lib/lib/lib$LIB.so" - sed -i "s,find_library('$LIB'),'$REALLIB',g" "$PY" + sed -i "s,\(lib$LIB = CDLL(\).*,\1'$REALLIB'),g" "$PY" done # Reapply compilation optimizations NAME=$(basename -s .py "$PY") - (cd "$(dirname $PY)"; python -c "import $NAME"; python -O -c "import $NAME") + rm -f "$PY"{c,o} + pushd "$(dirname $PY)" + python -c "import $NAME" + python -O -c "import $NAME" + popd + test -f "$PY"c + test -f "$PY"o done ''; From da76816b0ccf503ab36e9e2b541315d296e5191b Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sat, 1 Aug 2015 19:11:07 -0700 Subject: [PATCH 14/14] nghttp2: 1.1.1 -> 1.1.2 --- pkgs/development/libraries/nghttp2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/nghttp2/default.nix b/pkgs/development/libraries/nghttp2/default.nix index 129a65d3203b..9681c4d7eeed 100644 --- a/pkgs/development/libraries/nghttp2/default.nix +++ b/pkgs/development/libraries/nghttp2/default.nix @@ -34,12 +34,12 @@ let in stdenv.mkDerivation rec { name = "${prefix}nghttp2-${version}"; - version = "1.1.1"; + version = "1.1.2"; # Don't use fetchFromGitHub since this needs a bootstrap curl src = fetchurl { url = "http://pub.wak.io/nixos/tarballs/nghttp2-${version}.tar.bz2"; - sha256 = "9659e8598c8481f1bf8e63ba4f828f5283053df62a51fa8324cb55ea7a51b80c"; + sha256 = "5b218a0d27eeaa6898eb0757b6bbcc643ada2148696d864f185b3123c392904b"; }; # Configure script searches for a symbol which does not exist in jemalloc on Darwin