Merge staging-next into staging

This commit is contained in:
github-actions[bot] 2022-05-24 18:02:00 +00:00 committed by GitHub
commit 6935cd110f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 507 additions and 67 deletions

View File

@ -15,6 +15,10 @@ stdenv.mkDerivation rec {
cp makefiles/makefile.defs.linux.pulse makefile.defs
'';
makeFlags = [
"AR=${stdenv.cc.targetPrefix}ar"
];
installPhase = ''
install -Dt $out/bin praat
'';

View File

@ -8,13 +8,13 @@
stdenv.mkDerivation rec {
pname = "pt2-clone";
version = "1.46";
version = "1.49";
src = fetchFromGitHub {
owner = "8bitbubsy";
repo = "pt2-clone";
rev = "v${version}";
sha256 = "sha256-xRq37hjuMiGxsWRnZ/ryXYLvQpjbfQEjQkMjjuqL7r8=";
sha256 = "sha256-mE7mcaQCJlMzFTec9/faTyIZ7aoA4ygn60wS5QgVF7k=";
};
nativeBuildInputs = [ cmake ];

View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "clifm";
version = "1.4";
version = "1.5.1";
src = fetchFromGitHub {
owner = "leo-arch";
repo = pname;
rev = "v${version}";
sha256 = "sha256-62WxvJsXkzvDqFGFpid9VDB1mARgllkKnb6mFC5pdl8=";
sha256 = "sha256-JdVRi5xHKpYjP8h7df4WdizSU1dy+CtPfOiPEK+MEOE=";
};
buildInputs = [ libcap acl file readline ];

View File

@ -1,22 +1,16 @@
{ lib, stdenv, fetchurl
, unzip
{ lib, stdenv, fetchzip
}:
stdenv.mkDerivation rec {
pname = "widevine";
version = "4.10.2449.0";
src = fetchurl {
src = fetchzip {
url = "https://dl.google.com/widevine-cdm/${version}-linux-x64.zip";
sha256 = "sha256-XZuXK3NCfqbaQ1tuMOXj/U4yJC18futqo1WjuMqMrRA=";
sha256 = "sha256-f2kAkP+s3fB+krEZsiujEoI4oznkzSyaIB/CRJZWlXE=";
stripRoot = false;
};
nativeBuildInputs = [ unzip ];
unpackPhase = ''
unzip $src
'';
installPhase = ''
install -vD manifest.json $out/share/google/chrome/WidevineCdm/manifest.json
install -vD LICENSE.txt $out/share/google/chrome/WidevineCdm/LICENSE.txt

View File

@ -46,7 +46,7 @@ let
version = {
aarch64-darwin = "5.10.4.6592";
x86_64-darwin = "5.10.4.6592";
x86_64-linux = "5.10.4.2845";
x86_64-linux = "5.10.6.3192";
}.${system} or throwSystem;
srcs = {
@ -60,7 +60,7 @@ let
};
x86_64-linux = fetchurl {
url = "https://zoom.us/client/${version}/zoom_x86_64.pkg.tar.xz";
sha256 = "9gspydrGaEjzAM0nK1u0XNm07HTupJ2wnPxCFWy+Nts=";
sha256 = "8QIkF5+875VFoGK6T0CROsqML6bJDG934c1gkuz8Klk=";
};
};

View File

@ -6,7 +6,7 @@
mkDerivation rec {
pname = "qgroundcontrol";
version = "4.2.0";
version = "4.2.1";
qtInputs = [
qtbase qtcharts qtlocation qtserialport qtsvg qtquickcontrols2
@ -64,7 +64,7 @@ mkDerivation rec {
owner = "mavlink";
repo = pname;
rev = "v${version}";
sha256 = "sha256-TBnJQKO9cwxP9q+bIB1CaGnm9npymJ3iEAD9kPJi9JA=";
sha256 = "sha256-7POrc6RUm3GVx3KuPUBNbKRUvUmA2UkEL7ezQVQt/yo=";
fetchSubmodules = true;
};

View File

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "gh";
version = "2.10.1";
version = "2.11.0";
src = fetchFromGitHub {
owner = "cli";
repo = "cli";
rev = "v${version}";
sha256 = "sha256-2lIHEO4+oW9+C7VSulmVwZJ1l6RYBbV6wlKMvdOGqi8=";
sha256 = "sha256-VWbkthOaq34tAiBkPlCXmz32RrJfO6dfVS+LLls39jA=";
};
vendorSha256 = "sha256-EFJfd6sUK5iquFW0kXaiH6tLiNqbZNe9awpIqmqhp7I=";
vendorSha256 = "sha256-soNQXtpQ217scP606UA05+r9WIrUAMOCDBsfLKrVD+Q=";
nativeBuildInputs = [ installShellFiles ];

View File

@ -2,10 +2,10 @@
, ncurses
, libX11, xorgproto, buildEnv
, fetchpatch
, useX11 ? stdenv.hostPlatform.isx86
}:
let
useX11 = stdenv.hostPlatform.isx86;
x11deps = [ libX11 xorgproto ];
inherit (lib) optionals;

View File

@ -6,11 +6,11 @@ rubyVersion = callPackage ../ruby/ruby-version.nix {} "2" "5" "7" "";
jruby = stdenv.mkDerivation rec {
pname = "jruby";
version = "9.3.3.0";
version = "9.3.4.0";
src = fetchurl {
url = "https://s3.amazonaws.com/jruby.org/downloads/${version}/jruby-bin-${version}.tar.gz";
sha256 = "sha256-Pagoy+KH1UaFB/HCxCvvbPNLxTYbzWpdmcIHshuf3Fw=";
sha256 = "sha256-UxVE0yeocVXYyATxU6LfPPBPAYJWHLLdLJNy9IYFtlw=";
};
nativeBuildInputs = [ makeWrapper ];

View File

@ -2,7 +2,7 @@
buildDunePackage rec {
pname = "linenoise";
version = "1.3.0";
version = "1.3.1";
useDune2 = true;
@ -12,7 +12,7 @@ buildDunePackage rec {
owner = "fxfactorial";
repo = "ocaml-${pname}";
rev = "v${version}";
sha256 = "0m9mm1arsawi5w5aqm57z41sy1wfxvhfgbdiw7hzy631i391144g";
sha256 = "sha256-5DlF56reh52Tvbi3wGK8ZrPBAYK0ZTBV3jz8qUsyKGk=";
};
propagatedBuildInputs = [ result ];

View File

@ -1,7 +1,13 @@
{ lib, buildPythonPackage, fetchPypi
, django-environ, mock, django
, pytest, pytest-runner, pytest-django
{ lib
, buildPythonPackage
, fetchPypi
, django-environ
, mock
, django
, pytestCheckHook
, pytest-django
}:
buildPythonPackage rec {
pname = "django-guardian";
version = "2.4.0";
@ -11,12 +17,21 @@ buildPythonPackage rec {
sha256 = "c58a68ae76922d33e6bdc0e69af1892097838de56e93e78a8361090bcd9f89a0";
};
checkInputs = [ pytest pytest-runner pytest-django django-environ mock ];
propagatedBuildInputs = [ django ];
checkInputs = [
django-environ
mock
pytestCheckHook
pytest-django
];
pythonImportsCheck = [ "guardian" ];
meta = with lib; {
description = "Per object permissions for Django";
homepage = "https://github.com/django-guardian/django-guardian";
license = [ licenses.mit licenses.bsd2 ];
license = with licenses; [ mit bsd2 ];
maintainers = with maintainers; [ SuperSandro2000 ];
};
}

View File

@ -1,26 +1,52 @@
{ lib, buildPythonPackage, fetchFromGitHub, django, pytz, isPy27 }:
{ lib
, buildPythonPackage
, fetchFromGitHub
, coreapi
, django
, django-guardian
, pythonOlder
, pytest-django
, pytestCheckHook
, pytz
, pyyaml
, uritemplate
}:
buildPythonPackage rec {
version = "3.12.4";
pname = "djangorestframework";
disabled = isPy27;
version = "3.13.1";
disabled = pythonOlder "3.6";
src = fetchFromGitHub {
owner = "encode";
repo = "django-rest-framework";
rev = version;
sha256 = "sha256-FjMRfVyLmm5J9uOUTLZpO3Pvge3RoYnqIRvzMng7wZo=";
sha256 = "sha256-XmX6DZBZYzVCe72GERplAWt5jIjV/cYercZGb0pYjoc=";
};
# Test settings are missing
doCheck = false;
propagatedBuildInputs = [ django pytz ];
propagatedBuildInputs = [
django
pytz
];
checkInputs = [
pytest-django
pytestCheckHook
# optional tests
coreapi
django-guardian
pyyaml
uritemplate
];
pythonImportsCheck = [ "rest_framework" ];
meta = with lib; {
description = "Web APIs for Django, made easy";
homepage = "https://www.django-rest-framework.org/";
maintainers = with maintainers; [ desiderius ];
maintainers = with maintainers; [ desiderius SuperSandro2000 ];
license = licenses.bsd2;
};
}

View File

@ -3,14 +3,14 @@
rustPlatform.buildRustPackage rec {
pname = "probe-run";
version = "0.3.2";
version = "0.3.3";
src = fetchCrate {
inherit pname version;
sha256 = "sha256-SXA77LXM1SuBJ8BH+ahwJl/3gWsCbdLXBiHZdJySWq0=";
sha256 = "sha256-7o0aRiCxWoDoMysXIPyiBqH/8TtFo87im6Y0OFL0cTA=";
};
cargoSha256 = "sha256-e9POSuA/I7IUKUOxMTfCWxNn0AicojpGQpxamzmHa7g=";
cargoSha256 = "sha256-vREz3FTZXMrc18LXIycJXX6SgW6IKGIgL/+79dMfNjk=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libusb1 ]

View File

@ -6,7 +6,7 @@
stdenv.mkDerivation rec {
pname = "black-hole-solver";
version = "1.10.1";
version = "1.12.0";
meta = with lib; {
homepage = "https://www.shlomifish.org/open-source/projects/black-hole-solitaire-solver/";
@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = "https://fc-solve.shlomifish.org/downloads/fc-solve/${pname}-${version}.tar.xz";
sha256 = "1qhihmk4fwz6n16c7bnxnh3v7jhbb7xhkc9wk9484bp0k4x9bq9n";
sha256 = "sha256-0y8yU291cykliPQbsNha5C1WE3bCGNxKtrrf5JBKN6c=";
};
nativeBuildInputs = [ cmake perl pkg-config python3 ];

View File

@ -1,15 +1,26 @@
{ lib, stdenv, fetchurl, qmake, qttools, qtsvg, mkDerivation }:
{ lib
, stdenv
, fetchurl
, cmake
, qttools
, wrapQtAppsHook
, qtsvg
}:
mkDerivation rec {
stdenv.mkDerivation rec {
pname = "cutemaze";
version = "1.3.0";
version = "1.3.1";
src = fetchurl {
url = "https://gottcode.org/cutemaze/${pname}-${version}-src.tar.bz2";
sha256 = "sha256-h7+H2E37ZVSnlPa6ID+lNEvFtU5PfdMSlBjqBumojoU=";
sha256 = "6944931cd39e9ef202c11483b7b2b7409a068c52fa5fd4419ff938b1158c72ab";
};
nativeBuildInputs = [ qmake qttools ];
nativeBuildInputs = [
cmake
qttools
wrapQtAppsHook
];
buildInputs = [ qtsvg ];

View File

@ -0,0 +1,84 @@
{ lib
, stdenv
, graphviz
, imagemagick
, linux_latest
, makeFontsConf
, perl
, python3
, sphinx
, which
}:
let
py = python3.override {
packageOverrides = final: prev: rec {
docutils_old = prev.docutils.overridePythonAttrs (oldAttrs: rec {
version = "0.16";
src = oldAttrs.src.override {
inherit version;
sha256 = "sha256-wt46YOnn0Hvia38rAMoDCcIH4GwQD5zCqUkx/HWkePw=";
};
});
sphinx = (prev.sphinx.override rec {
alabaster = prev.alabaster.override { inherit pygments; };
docutils = docutils_old;
pygments = prev.pygments.override { docutils = docutils_old; };
}).overridePythonAttrs {
# fails due to duplicated packages
doCheck = false;
};
sphinx_rtd_theme = prev.sphinx_rtd_theme.override {
inherit sphinx;
docutils = docutils_old;
};
};
};
in
stdenv.mkDerivation {
pname = "linux-kernel-latest-htmldocs";
inherit (linux_latest) version src;
postPatch = ''
patchShebangs \
Documentation/sphinx/parse-headers.pl \
scripts/{get_abi.pl,get_feat.pl,kernel-doc,sphinx-pre-install}
'';
FONTCONFIG_FILE = makeFontsConf {
fontDirectories = [ ];
};
nativeBuildInputs = [
graphviz
imagemagick
perl
py.pkgs.sphinx
py.pkgs.sphinx_rtd_theme
which
];
preBuild = ''
export XDG_CACHE_HOME="$(mktemp -d)"
'';
makeFlags = [ "htmldocs" ];
installPhase = ''
mkdir -p $out/share/doc
mv Documentation/output $out/share/doc/linux-doc
cp -r Documentation/* $out/share/doc/linux-doc/
'';
meta = with lib; {
description = "Linux kernel html documentation";
homepage = "https://www.kernel.org/doc/htmldocs/";
platforms = platforms.linux;
inherit (linux_latest.meta) license;
maintainers = with maintainers; [ SuperSandro2000 ];
};
}

View File

@ -0,0 +1,25 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "go-camo";
version = "2.4.0";
src = fetchFromGitHub {
owner = "cactus";
repo = pname;
rev = "v${version}";
sha256 = "1Wzy5EHFJAPnxusUBvNoJnXyVAx/LiiTgIQZE9r01Lw=";
};
vendorSha256 = "31B6LXCutIdPwxqMFTMUfxAaCuYW14py8Vu1EycBydE=";
ldflags = [ "-s" "-w" "-X=main.ServerVersion=${version}" ];
meta = with lib; {
description = "A camo server is a special type of image proxy that proxies non-secure images over SSL/TLS";
homepage = "https://github.com/cactus/go-camo";
changelog = "https://github.com/cactus/go-camo/releases/tag/v${version}";
license = licenses.mit;
maintainers = with maintainers; [ viraptor ];
};
}

View File

@ -2,7 +2,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
, nginx-doc
, nixosTests
, substituteAll, gd, geoip, perl
, substituteAll, removeReferencesTo, gd, geoip, perl
, withDebug ? false
, withKTLS ? false
, withStream ? true
@ -22,7 +22,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
, extraPatches ? []
, fixPatch ? p: p
, preConfigure ? ""
, postInstall ? null
, postInstall ? ""
, meta ? null
, nginx-doc ? outer.nginx-doc
, passthru ? { tests = {}; }
@ -158,9 +158,14 @@ stdenv.mkDerivation {
cp -r ${nginx-doc}/* $doc
'';
postInstall = if postInstall != null then postInstall else ''
mv $out/sbin $out/bin
'';
nativeBuildInputs = [ removeReferencesTo ];
disallowedReferences = map (m: m.src) modules;
postInstall =
let
noSourceRefs = lib.concatMapStrings (m: "remove-references-to -t ${m.src} $out/sbin/nginx\n") modules;
in noSourceRefs + postInstall;
passthru = {
modules = modules;

View File

@ -2,8 +2,6 @@
, stdenv
, buildGoModule
, fetchFromGitHub
, CoreFoundation
, Security
}:
buildGoModule rec {
@ -20,16 +18,13 @@ buildGoModule rec {
excludedPackages = "misc";
buildInputs = lib.optionals (stdenv.isDarwin && stdenv.isx86_64)
[ CoreFoundation Security ];
ldflags = [
"-s"
"-w"
"-X main.version=v${version}"
];
# Tests requires network access
# Tests require network access
doCheck = false;
doInstallCheck = true;
@ -54,5 +49,8 @@ buildGoModule rec {
'';
license = licenses.asl20;
maintainers = with maintainers; [ jk ];
# Need updated macOS SDK
# https://github.com/NixOS/nixpkgs/issues/101229
broken = (stdenv.isDarwin && stdenv.isx86_64);
};
}

View File

@ -2,16 +2,23 @@
buildGoModule rec {
pname = "cni-plugin-flannel";
version = "1.0.0";
version = "1.1.0";
src = fetchFromGitHub {
owner = "flannel-io";
repo = "cni-plugin";
rev = "v${version}";
sha256 = "sha256-zWxw4LZIlkT88yGTnxdupq7cUSacNRxPzzp01O9USDw=";
sha256 = "sha256-Rq1hVZazeF39YGiuuWC8adff3AhPsSLnnfVpGCaMqgc=";
};
vendorSha256 = "sha256-zteMlrvRTVxOFlBy+z/qfiSii8+c8PMapwIsdbN+Aig=";
vendorSha256 = "sha256-ddwNJZzdyO/wEdy0C7Z8IoOWXY4jggcgIHxmRUGGf9s=";
ldflags = [
"-s" "-w"
"-X main.Version=${version}"
"-X main.Commit=${version}"
"-X main.Program=flannel"
];
postInstall = ''
mv $out/bin/cni-plugin $out/bin/flannel
@ -22,7 +29,7 @@ buildGoModule rec {
installCheckPhase = ''
runHook preInstallCheck
$out/bin/flannel 2>&1 | fgrep -q v$version
$out/bin/flannel 2>&1 | fgrep -q $version
runHook postInstallCheck
'';

View File

@ -1,6 +1,7 @@
{ stdenv
, lib
, fetchFromGitHub
, fetchpatch
, asciidoc
, cmake
, docbook_xsl
@ -23,6 +24,16 @@ stdenv.mkDerivation rec {
sha256 = "168jg8kjbylfgalhicn0llbykd7kdc9id2989gg0nxlgmnvzl58a";
};
patches = [
# Pull fix pending upstream inclusion for -fno-common toolchains:
# https://github.com/lastpass/lastpass-cli/pull/576
(fetchpatch {
name = "fno-common.patch";
url = "https://github.com/lastpass/lastpass-cli/commit/e3311cebdb29a3267843cf656a32f01c5062897e.patch";
sha256 = "1yjx2p98nb3n8ywc9lhf2zal5fswawb5i6lgnicdin23zngff5l8";
})
];
nativeBuildInputs = [ asciidoc cmake docbook_xsl pkg-config ];
buildInputs = [

View File

@ -0,0 +1,13 @@
diff --git a/Makefile b/Makefile
index d5cd754..db1c1d3 100644
--- a/Makefile
+++ b/Makefile
@@ -411,7 +411,7 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \
$(TRACEE_EBPF_OBJ_CORE_HEADERS)
#
$(MAKE) $(OUTPUT_DIR)/tracee.bpf
- $(CMD_CLANG) \
+ $(CMD_CLANG_BPF) \
-D__TARGET_ARCH_$(LINUX_ARCH) \
-D__BPF_TRACING__ \
-DCORE \

View File

@ -0,0 +1,113 @@
{ lib
, buildGoModule
, fetchFromGitHub
, llvmPackages_13
, pkg-config
, zlib
, libelf
}:
let
inherit (llvmPackages_13) clang;
clang-with-bpf =
(clang.overrideAttrs (o: { pname = o.pname + "-with-bpf"; })).override (o: {
extraBuildCommands = o.extraBuildCommands + ''
# make a separate wrapped clang we can target at bpf
cp $out/bin/clang $out/bin/clang-bpf
# extra flags to append after the cc-cflags
echo '-target bpf -fno-stack-protector' > $out/nix-support/cc-cflags-bpf
# use sed to attach the cc-cflags-bpf after cc-cflags
sed -i -E "s@^(extraAfter=\(\\$\NIX_CFLAGS_COMPILE_.*)(\))\$@\1 $(cat $out/nix-support/cc-cflags-bpf)\2@" $out/bin/clang-bpf
'';
});
in
buildGoModule rec {
pname = "tracee";
version = "0.7.0";
src = fetchFromGitHub {
owner = "aquasecurity";
repo = pname;
rev = "v${version}";
sha256 = "sha256-Y++FWxADnj1W5S3VrAlJAnotFYb6biCPJ6dpQ0Nin8o=";
# Once libbpf hits 1.0 we will migrate to the nixpkgs libbpf rather than the
# pinned copy in submodules
fetchSubmodules = true;
};
vendorSha256 = "sha256-C2RExp67qax8+zJIgyMJ18sBtn/xEYj4tAvGCCpBssQ=";
patches = [
# bpf-core can't be compiled with wrapped clang since it forces the target
# we need to be able to replace it with another wrapped clang that has
# it's target as bpf
./bpf-core-clang-bpf.patch
# add -s to ldflags for smaller binaries
./disable-go-symbol-table.patch
];
enableParallelBuilding = true;
strictDeps = true;
nativeBuildInputs = [ pkg-config clang-with-bpf ];
buildInputs = [ zlib libelf ];
makeFlags = [
"VERSION=v${version}"
"CMD_CLANG_BPF=clang-bpf"
# don't actually need git but the Makefile checks for it
"CMD_GIT=echo"
];
buildPhase = ''
runHook preBuild
make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES}
runHook postBuild
'';
doCheck = false;
installPhase = ''
runHook preInstall
mkdir -p $out/{bin,share/tracee}
cp ./dist/tracee-ebpf $out/bin
cp ./dist/tracee-rules $out/bin
cp -r ./dist/rules $out/share/tracee/
cp -r ./cmd/tracee-rules/templates $out/share/tracee/
runHook postInstall
'';
doInstallCheck = true;
installCheckPhase = ''
runHook preInstallCheck
$out/bin/tracee-ebpf --help
$out/bin/tracee-ebpf --version | grep "v${version}"
$out/bin/tracee-rules --help
runHook postInstallCheck
'';
meta = with lib; {
homepage = "https://aquasecurity.github.io/tracee/latest/";
changelog = "https://github.com/aquasecurity/tracee/releases/tag/v${version}";
description = "Linux Runtime Security and Forensics using eBPF";
longDescription = ''
Tracee is a Runtime Security and forensics tool for Linux. It is using
Linux eBPF technology to trace your system and applications at runtime,
and analyze collected events to detect suspicious behavioral patterns. It
is delivered as a Docker image that monitors the OS and detects suspicious
behavior based on a pre-defined set of behavioral patterns.
'';
license = licenses.asl20;
maintainers = with maintainers; [ jk ];
platforms = [ "x86_64-linux" ];
};
}

View File

@ -0,0 +1,22 @@
diff --git a/Makefile b/Makefile
index d5cd754..0b74a79 100644
--- a/Makefile
+++ b/Makefile
@@ -471,7 +471,7 @@ ifeq ($(BTFHUB), 1)
endif
$(GO_ENV_EBPF) $(CMD_GO) build \
-tags $(GO_TAGS_EBPF) \
- -ldflags="-w \
+ -ldflags="-s -w \
-extldflags \"$(CGO_EXT_LDFLAGS_EBPF)\" \
-X main.version=\"$(VERSION)\" \
" \
@@ -552,7 +552,7 @@ $(OUTPUT_DIR)/tracee-rules: \
#
$(GO_ENV_RULES) $(CMD_GO) build \
-tags $(GO_TAGS_RULES) \
- -ldflags="-w \
+ -ldflags="-s -w \
-extldflags \"$(CGO_EXT_LDFLAGS_RULES)\" \
" \
-v -o $@ \

View File

@ -0,0 +1,12 @@
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 8601eb9..57088d2 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -149,6 +149,7 @@ func checkUidzero(t *testing.T, gotOutput *bytes.Buffer) {
// only capture pids of 1
func checkPidOne(t *testing.T, gotOutput *bytes.Buffer) {
+ t.Skip("Not compatible with systemd init")
_, _ = exec.Command("init", "q").CombinedOutput()
waitForTraceeOutput(gotOutput, time.Now())

View File

@ -0,0 +1,12 @@
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 8601eb9..a8a3eed 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -75,6 +75,7 @@ func waitForTraceeOutput(gotOutput *bytes.Buffer, now time.Time) {
// small set of actions to trigger a magic write event
func checkMagicwrite(t *testing.T, gotOutput *bytes.Buffer) {
+ t.Skip()
// create a temp dir for testing
d, err := ioutil.TempDir("", "Test_MagicWrite-dir-*")
require.NoError(t, err)

View File

@ -0,0 +1,41 @@
{ pkgs ? import ../../../../. { } }:
# manually run `nix-build ./pkgs/tools/security/tracee/test.nix` to test
pkgs.nixosTest ({
name = "tracee-test";
nodes = {
machine = { config, pkgs, ... }: {
environment.systemPackages = [
pkgs.tracee
# build the go integration tests as a binary
(pkgs.tracee.overrideAttrs (oa: {
pname = oa.pname + "-integration";
patches = oa.patches or [] ++ [
# skip test that runs `init -q` which is incompatible with systemd init
./skip-init-test.patch
# skip magic_write test that currently fails
./skip-magic_write-test.patch
];
# just build the static lib we need for the go test binary
makeFlags = oa.makeFlags ++ [ "./dist/libbpf/libbpf.a" ];
postBuild = ''
# by default the tests are disabled and this is intended to be commented out
sed -i '/t.Skip("This test requires root privileges")/d' ./tests/integration/integration_test.go
CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags ebpf,integration -c -o $GOPATH/tracee-integration ./tests/integration
'';
doCheck = false;
installPhase = ''
mkdir -p $out/bin
cp $GOPATH/tracee-integration $out/bin
'';
doInstallCheck = false;
}))
];
};
};
testScript = ''
with subtest("run integration tests"):
print(machine.succeed('TRC_BIN="$(which tracee-ebpf)" tracee-integration -test.v -test.run "Test_Events"'))
'';
})

View File

@ -0,0 +1,39 @@
{ lib
, rustPlatform
, fetchFromGitHub
, linux-doc
, xorg
}:
rustPlatform.buildRustPackage rec {
pname = "systeroid";
version = "0.1.1";
src = fetchFromGitHub {
owner = "orhun";
repo = pname;
rev = "v${version}";
sha256 = "0xf81wyp5qg67r0vyqg0209pcabx70vvxx4nrg2y7qa0mhvf6p94";
};
postPatch = ''
substituteInPlace systeroid-core/src/parsers.rs \
--replace '"/usr/share/doc/kernel-doc-*/Documentation/*",' '"${linux-doc}/share/doc/linux-doc/*",'
'';
cargoSha256 = "sha256-D/sSeMR1Zg3OH1fdSVKdxdIcoP4OLp3T8mwQ28O8rfk=";
buildInputs = [
xorg.libxcb
];
# tries to access /sys/
doCheck = false;
meta = with lib; {
description = "More powerful alternative to sysctl(8) with a terminal user interface";
homepage = "https://github.com/orhun/systeroid";
license = licenses.asl20;
maintainers = with maintainers; [ SuperSandro2000 ];
};
}

View File

@ -1176,6 +1176,8 @@ with pkgs;
sx-go = callPackage ../tools/security/sx-go { };
systeroid = callPackage ../tools/system/systeroid { };
tauon = callPackage ../applications/audio/tauon { };
termusic = callPackage ../applications/audio/termusic { };
@ -5456,7 +5458,6 @@ with pkgs;
trivy = callPackage ../tools/admin/trivy {
buildGoModule = buildGo118Module;
inherit (darwin.apple_sdk.frameworks) CoreFoundation Security;
};
trompeloeil = callPackage ../development/libraries/trompeloeil { };
@ -11014,6 +11015,8 @@ with pkgs;
tracebox = callPackage ../tools/networking/tracebox { };
tracee = callPackage ../tools/security/tracee { };
tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { };
tracefilesim = callPackage ../development/tools/analysis/garcosim/tracefilesim { };
@ -21742,6 +21745,8 @@ with pkgs;
nats-server = callPackage ../servers/nats-server { };
go-camo = callPackage ../servers/http/go-camo { };
gofish = callPackage ../servers/gopher/gofish { };
grafana = callPackage ../servers/monitoring/grafana { };
@ -23262,6 +23267,8 @@ with pkgs;
linuxPackages_xanmod_latest = linuxKernel.packages.linux_xanmod_latest;
linux_xanmod_latest = linuxKernel.kernels.linux_xanmod_latest;
linux-doc = callPackage ../os-specific/linux/kernel/htmldocs.nix { };
cryptodev = linuxKernel.packages.linux_4_9.cryptodev;
dpdk = callPackage ../os-specific/linux/dpdk {
@ -31552,7 +31559,7 @@ with pkgs;
curseofwar = callPackage ../games/curseofwar { SDL = null; };
curseofwar-sdl = callPackage ../games/curseofwar { ncurses = null; };
cutemaze = libsForQt5.callPackage ../games/cutemaze { };
cutemaze = qt6Packages.callPackage ../games/cutemaze { };
cuyo = callPackage ../games/cuyo { };

View File

@ -58,6 +58,7 @@ mapAliases ({
django_appconf = django-appconf; # added 2022-03-03
django_environ = django-environ; # added 2021-12-25
django_extensions = django-extensions; # added 2022-01-09
django_guardian = django-guardian; # added 2022-05-19
django_modelcluster = django-modelcluster; # added 2022-04-02
django_redis = django-redis; # added 2021-10-11
django_taggit = django-taggit; # added 2021-10-11

View File

@ -2329,7 +2329,7 @@ in {
django-gravatar2 = callPackage ../development/python-modules/django-gravatar2 { };
django_guardian = callPackage ../development/python-modules/django_guardian { };
django-guardian = callPackage ../development/python-modules/django-guardian { };
django-haystack = callPackage ../development/python-modules/django-haystack { };