Merge master into staging-next

2021-04-07 18:14:53 +00:00 · 2021-04-07 18:14:53 +00:00 · 6e4d572602
commit 6e4d572602
parent 1d48804dab d1183f3dc4
14 changed files with 65 additions and 29 deletions
--- a/doc/builders/images/dockertools.section.md
+++ b/doc/builders/images/dockertools.section.md
@ -147,6 +147,10 @@ Create a Docker image with many of the store paths being on their own layer to i

 : Shell commands to run while building the final layer, without access to most of the layer contents. Changes to this layer are "on top" of all the other layers, so can create additional directories and files.

+`fakeRootCommands` _optional_
+
+: Shell commands to run while creating the archive for the final layer in a fakeroot environment. Unlike `extraCommands`, you can run `chown` to change the owners of the files in the archive, changing fakeroot's state instead of the real filesystem. The latter would require privileges that the build user does not have. Static binaries do not interact with the fakeroot environment. By default all files in the archive will be owned by root.
+
 ### Behavior of `contents` in the final image {#dockerTools-buildLayeredImage-arg-contents}

 Each path directly listed in `contents` will have a symlink in the root of the image.
--- a/nixos/modules/services/network-filesystems/samba.nix
+++ b/nixos/modules/services/network-filesystems/samba.nix
@ -156,7 +156,6 @@ in
      securityType = mkOption {
        type = types.str;
        default = "user";
-        example = "share";
        description = "Samba security type";
      };

--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@ -313,5 +313,13 @@ import ./make-test-python.nix ({ pkgs, ... }: {
        docker.succeed(
            "docker images --format '{{.Repository}}' | grep -F '${examples.prefixedLayeredImage.imageName}'"
        )
+
+    with subtest("buildLayeredImage supports running chown with fakeRootCommands"):
+        docker.succeed(
+            "docker load --input='${examples.layeredImageWithFakeRootCommands}'"
+        )
+        docker.succeed(
+            "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'"
+        )
  '';
 })
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@ -7,6 +7,7 @@
  coreutils,
  docker,
  e2fsprogs,
+  fakeroot,
  findutils,
  go,
  jq,
@ -740,6 +741,9 @@ rec {
    created ? "1970-01-01T00:00:01Z",
    # Optional bash script to run on the files prior to fixturizing the layer.
    extraCommands ? "",
+    # Optional bash script to run inside fakeroot environment.
+    # Could be used for changing ownership of files in customisation layer.
+    fakeRootCommands ? "",
    # We pick 100 to ensure there is plenty of room for extension. I
    # believe the actual maximum is 128.
    maxLayers ? 100
@ -765,19 +769,24 @@ rec {
      customisationLayer = symlinkJoin {
        name = "${baseName}-customisation-layer";
        paths = contentsList;
-        inherit extraCommands;
+        inherit extraCommands fakeRootCommands;
+        nativeBuildInputs = [ fakeroot ];
        postBuild = ''
          mv $out old_out
          (cd old_out; eval "$extraCommands" )

          mkdir $out

-          tar \
-            --sort name \
-            --owner 0 --group 0 --mtime "@$SOURCE_DATE_EPOCH" \
-            --hard-dereference \
-            -C old_out \
-            -cf $out/layer.tar .
+          fakeroot bash -c '
+            source $stdenv/setup
+            cd old_out
+            eval "$fakeRootCommands"
+            tar \
+              --sort name \
+              --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \
+              --hard-dereference \
+              -cf $out/layer.tar .
+          '

          sha256sum $out/layer.tar \
            | cut -f 1 -d ' ' \
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@ -484,4 +484,17 @@ rec {
    tag = "latest";
    config.Cmd = [ "${pkgs.hello}/bin/hello" ];
  };
+
+  # layered image with files owned by a user other than root
+  layeredImageWithFakeRootCommands = pkgs.dockerTools.buildLayeredImage {
+    name = "layered-image-with-fake-root-commands";
+    tag = "latest";
+    contents = [
+      pkgs.pkgsStatic.busybox
+    ];
+    fakeRootCommands = ''
+      mkdir -p ./home/jane
+      chown 1000 ./home/jane
+    '';
+  };
 }
--- a/pkgs/development/python-modules/bokeh/default.nix
+++ b/pkgs/development/python-modules/bokeh/default.nix
@ -33,11 +33,11 @@

 buildPythonPackage rec {
  pname = "bokeh";
-  version = "2.3.0";
+  version = "2.2.3";  # update together with panel which is not straightforward

  src = fetchPypi {
    inherit pname version;
-    sha256 = "dd417708f90702190222b1068a645acae99e66d4b58d7a336d545aeaa04e9b40";
+    sha256 = "c4a3f97afe5f525019dd58ee8c4e3d43f53fe1b1ac264ccaae9b02c07b2abc17";
  };

  patches = [
--- a/pkgs/development/python-modules/pychromecast/default.nix
+++ b/pkgs/development/python-modules/pychromecast/default.nix
@ -2,11 +2,11 @@

 buildPythonPackage rec {
  pname = "PyChromecast";
-  version = "9.1.1";
+  version = "9.1.2";

  src = fetchPypi {
    inherit pname version;
-    sha256 = "sha256-q52h0u9CSx/HVfZDb1RaVgVuxt4kB16T82nqyOuCGDc=";
+    sha256 = "sha256-kHZWzqRtOdDpPsgVl5V470+29lX9i/TojmQh/NeCToU=";
  };

  disabled = !isPy3k;
--- a/pkgs/development/python-modules/transitions/default.nix
+++ b/pkgs/development/python-modules/transitions/default.nix
@ -7,15 +7,16 @@
 , mock
 , graphviz
 , pycodestyle
+, fontconfig
 }:

 buildPythonPackage rec {
  pname = "transitions";
-  version = "0.8.7";
+  version = "0.8.8";

  src = fetchPypi {
    inherit pname version;
-    sha256 = "8c60ec0828cd037820726283cad5d4d77a5e31514e058b51250420e9873e9bc7";
+    sha256 = "sha256-56hrMaFhp2Ez8Ymzrp2tJ1WoDqTB4O7hgFZI0CH7Z30=";
  };

  propagatedBuildInputs = [
@ -30,10 +31,9 @@ buildPythonPackage rec {
    pycodestyle
  ];

-  disabledTests = [
-    # Fontconfig error: Cannot load default config file
-    "test_diagram"
-  ];
+  preCheck = ''
+    export FONTCONFIG_FILE=${fontconfig.out}/etc/fonts/fonts.conf
+  '';

  meta = with lib; {
    homepage = "https://github.com/pytransitions/transitions";
--- a/pkgs/development/tools/documentation/gi-docgen/default.nix
+++ b/pkgs/development/tools/documentation/gi-docgen/default.nix
@ -24,7 +24,7 @@ python3.pkgs.buildPythonApplication rec {
    # Add pkg-config file so that Meson projects can find this.
    # https://gitlab.gnome.org/ebassi/gi-docgen/merge_requests/26
    (fetchpatch {
-      url = "https://gitlab.gnome.org/ebassi/gi-docgen/commit/d65ed2e4827c4129d26e3c1df9a48054b4e72c50.patch";
+      url = "https://gitlab.gnome.org/jtojnar/gi-docgen/commit/d65ed2e4827c4129d26e3c1df9a48054b4e72c50.patch";
      sha256 = "BEefcHiAd/HTW5zo39J2WtfQjGXUkNFB6MDJj8/Ge80=";
    })

--- a/pkgs/development/tools/ginkgo/default.nix
+++ b/pkgs/development/tools/ginkgo/default.nix
@ -2,13 +2,13 @@

 buildGoModule rec {
  pname = "ginkgo";
-  version = "1.16.0";
+  version = "1.16.1";

  src = fetchFromGitHub {
    owner = "onsi";
    repo = "ginkgo";
    rev = "v${version}";
-    sha256 = "sha256-phVpOKgMhebkVQlMDO/9IrETe72hXTgyGJtlKipKgv0=";
+    sha256 = "sha256-nlNft9jOp8V8ks32LOb4wUTkRrXJ5K49gbHuRmCKz/0=";
  };
  vendorSha256 = "sha256-tS8YCGVOsfQp02vY6brmE3pxi70GG9DYcp1JDkcVG9Y=";
  doCheck = false;
--- a/pkgs/development/web/nodejs/v15.nix
+++ b/pkgs/development/web/nodejs/v15.nix
@ -8,6 +8,6 @@ let
 in
  buildNodejs {
    inherit enableNpm;
-    version = "15.13.0";
-    sha256 = "1wd859bxd8j97xl98k61g0vwcmy83wvjj04fgway38aapk9abp4h";
+    version = "15.14.0";
+    sha256 = "0vm6jdazqjd1plqsgngzvjrafv2d3mdahk6il4ray02gx97dq8l1";
  }
--- a/pkgs/servers/home-assistant/default.nix
+++ b/pkgs/servers/home-assistant/default.nix
@ -189,6 +189,7 @@ in with py.pkgs; buildPythonApplication rec {
    "caldav"
    "calendar"
    "camera"
+    "cast"
    "climate"
    "cloud"
    "command_line"
--- a/pkgs/servers/zigbee2mqtt/default.nix
+++ b/pkgs/servers/zigbee2mqtt/default.nix
@ -3,6 +3,8 @@ let
  package = (import ./node.nix { inherit pkgs system; }).package;
 in
 package.override rec {
+  # don't upgrade! Newer versions cause stack overflows and fail trunk-combined
+  # see https://github.com/NixOS/nixpkgs/pull/118400
  version = "1.16.2";
  reconstructLock = true;

--- a/pkgs/tools/admin/nomachine-client/default.nix
+++ b/pkgs/tools/admin/nomachine-client/default.nix
@ -1,10 +1,10 @@
 { lib, stdenv, file, fetchurl, makeWrapper,
  autoPatchelfHook, jsoncpp, libpulseaudio }:
 let
-  versionMajor = "7.2";
-  versionMinor = "3";
-  versionBuild_x86_64 = "8";
-  versionBuild_i686 = "8";
+  versionMajor = "7.4";
+  versionMinor = "1";
+  versionBuild_x86_64 = "1";
+  versionBuild_i686 = "1";
 in
  stdenv.mkDerivation rec {
    pname = "nomachine-client";
@ -14,12 +14,12 @@ in
      if stdenv.hostPlatform.system == "x86_64-linux" then
        fetchurl {
          url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_${versionBuild_x86_64}_x86_64.tar.gz";
-          sha256 = "1x60vmngq4927qvy6ljmyvwlz5lapilld3495w3y3jdllwd3dxp4";
+          sha256 = "1qir9ii0h5ali87mjzjl72dm1ky626d7y59jfpglakqxzqhjamdz";
        }
      else if stdenv.hostPlatform.system == "i686-linux" then
        fetchurl {
          url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_${versionBuild_i686}_i686.tar.gz";
-          sha256 = "0dx921g6w3gk0x4p771qqxbbi16vl11hmdzzwhfczrq90pgzrhks";
+          sha256 = "1gxiysc09k3jz1pkkyfqgw2fygcnmrnskk6b9vn4fjnvsab4py60";
        }
      else
        throw "NoMachine client is not supported on ${stdenv.hostPlatform.system}";