JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into octoprint

Browse Source
This commit is contained in:
Gabriel Ebner 2020-05-03 11:37:52 +02:00
commit a4f60b72e9
12530 changed files with 147074 additions and 78854 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.github/CODEOWNERS vendored
View File

@ -55,9 +55,6 @@
# NixOS integration test driver
/nixos/lib/test-driver @tfc
# New NixOS modules
/nixos/modules/module-list.nix @Infinisil
# Python-related code and docs
/maintainers/scripts/update-python-libraries @FRidh
/pkgs/top-level/python-packages.nix @FRidh @jonringer
@ -67,7 +64,7 @@
# Haskell
/pkgs/development/compilers/ghc @cdepillabout
/pkgs/development/haskell-modules @cdepillabout @infinisil
/pkgs/development/haskell-modules @cdepillabout
/pkgs/development/haskell-modules/default.nix @cdepillabout
/pkgs/development/haskell-modules/generic-builder.nix @cdepillabout
/pkgs/development/haskell-modules/hoogle.nix @cdepillabout
@ -82,8 +79,8 @@
/pkgs/development/r-modules @peti
# Ruby
/pkgs/development/interpreters/ruby @alyssais @zimbatm
/pkgs/development/ruby-modules @alyssais @zimbatm
/pkgs/development/interpreters/ruby @alyssais
/pkgs/development/ruby-modules @alyssais
# Rust
/pkgs/development/compilers/rust @Mic92 @LnL7
@ -178,6 +175,8 @@
/nixos/tests/prometheus-exporters.nix @WilliButz
# PHP
/pkgs/development/interpreters/php @etu
/pkgs/top-level/php-packages.nix @etu
/pkgs/build-support/build-pecl.nix @etu
/doc/languages-frameworks/php.section.md @etu
/nixos/tests/php @etu
/pkgs/build-support/build-pecl.nix @etu
/pkgs/development/interpreters/php @etu
/pkgs/top-level/php-packages.nix @etu

11
.github/CONTRIBUTING.md vendored
View File

@ -50,12 +50,13 @@ For package version upgrades and such a one-line commit message is usually suffi
## Backporting changes
To [backport a change into a release branch](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches):
Follow these steps to backport a change into a release branch in compliance with the [commit policy](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches).
1. Take note of the commit in which the change was introduced into `master`.
2. Check out the target _release branch_, e.g. `release-19.09`. Do not use a _channel branch_ like `nixos-19.09` or `nixpkgs-19.09`.
3. Use `git cherry-pick -x <original commit>`.
4. Open your backport PR. Make sure to select the release branch (e.g. `release-19.09`) as the target branch of the PR, and link to the PR in which the original change was made to `master`.
1. Take note of the commits in which the change was introduced into `master` branch.
2. Check out the target _release branch_, e.g. `release-20.03`. Do not use a _channel branch_ like `nixos-20.03` or `nixpkgs-20.03`.
3. Create a branch for your change, e.g. `git checkout -b backport`.
4. When the reason to backport is not obvious from the original commit message, use `git cherry-pick -xe <original commit>` and add a reason. Otherwise use `git cherry-pick -x <original commit>`. That's fine for minor version updates that only include security and bug fixes, commits that fixes an otherwise broken package or similar.
5. Push to GitHub and open a backport pull request. Make sure to select the release branch (e.g. `release-20.03`) as the target branch of the pull request, and link to the pull request in which the original change was comitted to `master`. The pull request title should be the commit title with the release version as prefix, e.g. `[20.03]`.
## Reviewing contributions

6
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -25,6 +25,12 @@ If applicable, add screenshots to help explain your problem.
**Additional context**
Add any other context about the problem here.
**Notify maintainers**
<!--
Please @ people who are in the `meta.maintainers` list of the offending package or module.
If in doubt, check `git blame` for whoever last touched something.
-->
**Metadata**
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.

11
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,4 +1,13 @@
<!-- Nixpkgs has a lot of new incoming Pull Requests, but not enough people to review this constant stream. Even if you aren't a committer, we would appreciate reviews of other PRs, especially simple ones like package updates. Just testing the relevant package/service and leaving a comment saying what you tested, how you tested it and whether it worked would be great. List of open PRs: <https://github.com/NixOS/nixpkgs/pulls>, for more about reviewing contributions: <https://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download/1/nixpkgs/manual.html#chap-reviewing-contributions>. Reviewing isn't mandatory, but it would help out a lot and reduce the average time-to-merge for all of us. Thanks a lot if you do! -->
<!--
To help with the large amounts of pull requests, we would appreciate your
reviews of other pull requests, especially simple package updates. Just leave a
comment describing what you have tested in the relevant package/service.
Reviewing helps to reduce the average time-to-merge for everyone.
Thanks a lot if you do!
List of open PRs: https://github.com/NixOS/nixpkgs/pulls
Reviewing guidelines: https://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download/1/nixpkgs/manual.html#chap-reviewing-contributions
-->
###### Motivation for this change

4
.gitignore vendored
View File

@ -11,7 +11,11 @@ result-*
.version-suffix
.DS_Store
.mypy_cache
/pkgs/development/libraries/qt-5/*/tmp/
/pkgs/desktops/kde-5/*/tmp/
/pkgs/development/mobile/androidenv/xml/*
# generated by pkgs/common-updater/update-script.nix
update-git-commits.txt

4
README.md
View File

@ -45,9 +45,9 @@ Nixpkgs and NixOS are built and tested by our continuous integration
system, [Hydra](https://hydra.nixos.org/).
* [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
* [Continuous package builds for the NixOS 19.09 release](https://hydra.nixos.org/jobset/nixos/release-19.09)
* [Continuous package builds for the NixOS 20.03 release](https://hydra.nixos.org/jobset/nixos/release-20.03)
* [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
* [Tests for the NixOS 19.09 release](https://hydra.nixos.org/job/nixos/release-19.09/tested#tabs-constituents)
* [Tests for the NixOS 20.03 release](https://hydra.nixos.org/job/nixos/release-20.03/tested#tabs-constituents)
Artifacts successfully built with Hydra are published to cache at
https://cache.nixos.org/. When successful build and test criteria are

2
doc/builders/images/appimagetools.xml
View File

@ -63,7 +63,7 @@ type2.AppImage: ELF 64-bit LSB executable, x86-64, version 1 (SYSV) (Lepton 3.x)
appimageTools.wrapType2 { # or wrapType1
name = "patchwork"; <co xml:id='ex-appimageTools-wrapping-1' />
src = fetchurl { <co xml:id='ex-appimageTools-wrapping-2' />
url = https://github.com/ssbc/patchwork/releases/download/v3.11.4/Patchwork-3.11.4-linux-x86_64.AppImage;
url = "https://github.com/ssbc/patchwork/releases/download/v3.11.4/Patchwork-3.11.4-linux-x86_64.AppImage";
sha256 = "1blsprpkvm0ws9b96gb36f0rbf8f5jgmw4x6dsb1kswr4ysf591s";
};
extraPkgs = pkgs: with pkgs; [ ]; <co xml:id='ex-appimageTools-wrapping-3' />

48
doc/contributing/submitting-changes.xml
View File

@ -407,23 +407,47 @@ Additional information.
<section xml:id="submitting-changes-stable-release-branches">
<title>Stable release branches</title>
<itemizedlist>
<para>
For cherry-picking a commit to a stable release branch (<quote>backporting</quote>), use <literal>git cherry-pick -x &lt;original commit&gt;</literal> so that the original commit id is included in the commit.
</para>
<para>
Add a reason for the backport by using <literal>git cherry-pick -xe &lt;original commit&gt;</literal> instead when it is not obvious from the original commit message. It is not needed when its a minor version update that includes security and bug fixes but dont add new features or when the commit fixes an otherwise broken package.
</para>
<para>
Here is an example of a cherry-picked commit message with good reason description:
</para>
<screen>
zfs: Keep trying root import until it works
Works around #11003.
(cherry picked from commit 98b213a11041af39b39473906b595290e2a4e2f9)
Reason: several people cannot boot with ZFS on NVMe
</screen>
<para>
Other examples of reasons are:
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
If you're cherry-picking a commit to a stable release branch (“backporting”), always use <command>git cherry-pick -xe</command> and ensure the message contains a clear description about why this needs to be included in the stable branch.
Previously the build would fail due to, e.g., <literal>getaddrinfo</literal> not being defined
</para>
</listitem>
<listitem>
<para>
An example of a cherry-picked commit would look like this:
The previous download links were all broken
</para>
</listitem>
<listitem>
<para>
Crash when starting on some X11 systems
</para>
<screen>
nixos: Refactor the world.
The original commit message describing the reason why the world was torn apart.
(cherry picked from commit abcdef)
Reason: I just had a gut feeling that this would also be wanted by people from
the stone age.
</screen>
</listitem>
</itemizedlist>
</section>

4
doc/languages-frameworks/android.section.md
View File

@ -186,7 +186,7 @@ with import <nixpkgs> {};
androidenv.emulateApp {
name = "emulate-MyAndroidApp";
platformVersion = "28";
abiVersion = "x86_64"; # armeabi-v7a, mips, x86
abiVersion = "x86"; # armeabi-v7a, mips, x86_64
systemImageType = "google_apis_playstore";
}
```
@ -235,5 +235,5 @@ package manager uses. To update the expressions run the `generate.sh` script
that is stored in the `pkgs/development/mobile/androidenv/` sub directory:
```bash
sh ./generate.sh
./generate.sh
```

12
doc/languages-frameworks/haskell.section.md
View File

@ -101,17 +101,15 @@ to compile your Haskell packages with any GHC version you please. The following
command displays the complete list of available compilers:
```
$ nix-env -f "<nixpkgs>" -qaP -A haskell.compiler
haskell.compiler.ghc8101 ghc-8.10.0.20191210
haskell.compiler.integer-simple.ghc8101 ghc-8.10.0.20191210
haskell.compiler.ghcHEAD ghc-8.10.20191119
haskell.compiler.integer-simple.ghcHEAD ghc-8.10.20191119
haskell.compiler.ghc8101 ghc-8.10.1
haskell.compiler.integer-simple.ghc8101 ghc-8.10.1
haskell.compiler.ghcHEAD ghc-8.11.20200403
haskell.compiler.integer-simple.ghcHEAD ghc-8.11.20200403
haskell.compiler.ghc822Binary ghc-8.2.2-binary
haskell.compiler.ghc844 ghc-8.4.4
haskell.compiler.ghc863Binary ghc-8.6.3-binary
haskell.compiler.ghc865 ghc-8.6.5
haskell.compiler.integer-simple.ghc865 ghc-8.6.5
haskell.compiler.ghc881 ghc-8.8.1
haskell.compiler.integer-simple.ghc881 ghc-8.8.1
haskell.compiler.ghc882 ghc-8.8.2
haskell.compiler.integer-simple.ghc882 ghc-8.8.2
haskell.compiler.ghc883 ghc-8.8.3
@ -369,7 +367,7 @@ automatically select the right version of GHC and other build tools to build,
test and execute apps in an existing project downloaded from somewhere on the
Internet. Pass the `--nix` flag to any `stack` command to do so, e.g.
```shell
git clone --recursive https://github.com/yesodweb/wai
git clone --recurse-submodules https://github.com/yesodweb/wai.git
cd wai
stack --nix build
```

123
doc/languages-frameworks/php.section.md Normal file
View File

@ -0,0 +1,123 @@
# PHP
## User Guide
### Using PHP
#### Overview
Several versions of PHP are available on Nix, each of which having a
wide variety of extensions and libraries available.
The different versions of PHP that nixpkgs provides are located under
attributes named based on major and minor version number; e.g.,
`php74` is PHP 7.4.
Only versions of PHP that are supported by upstream for the entirety
of a given NixOS release will be included in that release of
NixOS. See [PHP Supported
Versions](https://www.php.net/supported-versions.php).
The attribute `php` refers to the version of PHP considered most
stable and thoroughly tested in nixpkgs for any given release of
NixOS - not necessarily the latest major release from upstream.
All available PHP attributes are wrappers around their respective
binary PHP package and provide commonly used extensions this way. The
real PHP 7.4 package, i.e. the unwrapped one, is available as
`php74.unwrapped`; see the next section for more details.
Interactive tools built on PHP are put in `php.packages`; composer is
for example available at `php.packages.composer`.
Most extensions that come with PHP, as well as some popular
third-party ones, are available in `php.extensions`; for example, the
opcache extension shipped with PHP is available at
`php.extensions.opcache` and the third-party ImageMagick extension at
`php.extensions.imagick`.
#### Installing PHP with extensions
A PHP package with specific extensions enabled can be built using
`php.withExtensions`. This is a function which accepts an anonymous
function as its only argument; the function should accept two named
parameters: `enabled` - a list of currently enabled extensions and
`all` - the set of all extensions, and return a list of wanted
extensions. For example, a PHP package with all default extensions and
ImageMagick enabled:
```nix
php.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ])
```
To exclude some, but not all, of the default extensions, you can
filter the `enabled` list like this:
```nix
php.withExtensions ({ enabled, all }:
(lib.filter (e: e != php.extensions.opcache) enabled)
++ [ all.imagick ])
```
To build your list of extensions from the ground up, you can simply
ignore `enabled`:
```nix
php.withExtensions ({ all, ... }: with all; [ opcache imagick ])
```
`php.withExtensions` provides extensions by wrapping a minimal php
base package, providing a `php.ini` file listing all extensions to be
loaded. You can access this package through the `php.unwrapped`
attribute; useful if you, for example, need access to the `dev`
output. The generated `php.ini` file can be accessed through the
`php.phpIni` attribute.
If you want a PHP build with extra configuration in the `php.ini`
file, you can use `php.buildEnv`. This function takes two named and
optional parameters: `extensions` and `extraConfig`. `extensions`
takes an extension specification equivalent to that of
`php.withExtensions`, `extraConfig` a string of additional `php.ini`
configuration parameters. For example, a PHP package with the opcache
and ImageMagick extensions enabled, and `memory_limit` set to `256M`:
```nix
php.buildEnv {
extensions = { all, ... }: with all; [ imagick opcache ];
extraConfig = "memory_limit=256M";
}
```
##### Example setup for `phpfpm`
You can use the previous examples in a `phpfpm` pool called `foo` as
follows:
```nix
let
myPhp = php.withExtensions ({ all, ... }: with all; [ opcache imagick ]);
in {
services.phpfpm.pools."foo".phpPackage = myPhp;
};
```
```nix
let
myPhp = php.buildEnv {
extensions = { all, ... }: with all; [ imagick opcache ];
extraConfig = "memory_limit=256M";
};
in {
services.phpfpm.pools."foo".phpPackage = myPhp;
};
```
##### Example usage with `nix-shell`
This brings up a temporary environment that contains a PHP interpreter
with the extensions `imagick` and `opcache` enabled:
```sh
nix-shell -p 'php.withExtensions ({ all, ... }: with all; [ imagick opcache ])'
```

31
doc/languages-frameworks/python.section.md
View File

@ -412,7 +412,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
homepage = http://hgomersall.github.com/pyFFTW;
homepage = "http://hgomersall.github.com/pyFFTW";
license = with licenses; [ bsd2 bsd3 ];
maintainers = with maintainers; [ fridh ];
};
@ -1290,32 +1290,9 @@ self: super: {
### How to use Intel's MKL with numpy and scipy?
A `site.cfg` is created that configures BLAS based on the `blas` parameter of
the `numpy` derivation. By passing in `mkl`, `numpy` and packages depending on
`numpy` will be built with `mkl`.
The following is an overlay that configures `numpy` to use `mkl`:
```nix
self: super: {
python37 = super.python37.override {
packageOverrides = python-self: python-super: {
numpy = python-super.numpy.override {
blas = super.pkgs.mkl;
};
};
};
}
```
`mkl` requires an `openmp` implementation when running with multiple processors.
By default, `mkl` will use Intel's `iomp` implementation if no other is
specified, but this is a runtime-only dependency and binary compatible with the
LLVM implementation. To use that one instead, Intel recommends users set it with
`LD_PRELOAD`.
Note that `mkl` is only available on `x86_64-{linux,darwin}` platforms;
moreover, Hydra is not building and distributing pre-compiled binaries using it.
MKL can be configured using an overlay. See the section “[Using
overlays to configure
alternatives](#sec-overlays-alternatives-blas-lapack)”.
### What inputs do `setup_requires`, `install_requires` and `tests_require` map to?

4
doc/languages-frameworks/ruby.xml
View File

@ -32,7 +32,7 @@ bundlerEnv rec {
meta = with lib; {
description = "A monitoring framework that aims to be simple, malleable, and scalable";
homepage = http://sensuapp.org/;
homepage = "http://sensuapp.org/";
license = with licenses; mit;
maintainers = with maintainers; [ theuni ];
platforms = platforms.unix;
@ -69,7 +69,7 @@ bundlerApp {
meta = with lib; {
description = "Tool and libraries for maintaining Ruby gems.";
homepage = https://github.com/nyarly/corundum;
homepage = "https://github.com/nyarly/corundum";
license = licenses.mit;
maintainers = [ maintainers.nyarly ];
platforms = platforms.unix;

6
doc/languages-frameworks/rust.section.md
View File

@ -60,9 +60,9 @@ Nix depends on this file, so if it missing you can use `cargoPatches` to apply
it in the `patchPhase`. Consider sending a PR upstream with a note to the
maintainer describing why it's important to include in the application.
Unless `legacyCargoFetcher` is set to `true`, the fetcher will also verify that
the `Cargo.lock` file is in sync with the `src` attribute, and will compress the
vendor directory into a tar.gz archive.
The fetcher will verify that the `Cargo.lock` file is in sync with the `src`
attribute, and fail the build if not. It will also will compress the vendor
directory into a tar.gz archive.
### Building a crate for a different target

27
doc/languages-frameworks/texlive.xml
View File

@ -149,31 +149,4 @@ EOF
]]></programlisting>
</para>
</section>
<section xml:id="sec-language-texlive-known-problems">
<title>Known problems</title>
<itemizedlist>
<listitem>
<para>
Some tools are still missing, e.g. luajittex;
</para>
</listitem>
<listitem>
<para>
some apps aren't packaged/tested yet (asymptote, biber, etc.);
</para>
</listitem>
<listitem>
<para>
feature/bug: when a package is rejected by <varname>pkgFilter</varname>, its dependencies are still propagated;
</para>
</listitem>
<listitem>
<para>
in case of any bugs or feature requests, file a github issue or better a pull request and /cc @vcunat.
</para>
</listitem>
</itemizedlist>
</section>
</section>

7
doc/languages-frameworks/vim.section.md
View File

@ -261,12 +261,7 @@ deoplete-fish = super.deoplete-fish.overrideAttrs(old: {
Sometimes plugins require an override that must be changed when the plugin is updated. This can cause issues when Vim plugins are auto-updated but the associated override isn't updated. For these plugins, the override should be written so that it specifies all information required to install the plugin, and running `./update.py` doesn't change the derivation for the plugin. Manually updating the override is required to update these types of plugins. An example of such a plugin is `LanguageClient-neovim`.
To add a new plugin:
1. run `./update.py` and create a commit named "vimPlugins: Update",
2. add the new plugin to [vim-plugin-names](/pkgs/misc/vim-plugins/vim-plugin-names) and add overrides if required to [overrides.nix](/pkgs/misc/vim-plugins/overrides.nix),
3. run `./update.py` again and create a commit named "vimPlugins.[name]: init at [version]" (where `name` and `version` can be found in [generated.nix](/pkgs/misc/vim-plugins/generated.nix)), and
4. create a pull request.
To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This script automatically commits to your git repository. Be sure to check out a fresh branch before running.
## Important repositories

4
doc/old/cross.txt
View File

@ -60,7 +60,7 @@ stdenv.mkDerivation {
name = "binutils-2.16.1-arm";
builder = ./builder.sh;
src = fetchurl {
url = http://ftp.nluug.nl/gnu/binutils/binutils-2.16.1.tar.bz2;
url = "http://ftp.nluug.nl/gnu/binutils/binutils-2.16.1.tar.bz2";
sha256 = "1ian3kwh2vg6hr3ymrv48s04gijs539vzrq62xr76bxbhbwnz2np";
};
inherit noSysDirs;
@ -84,7 +84,7 @@ stdenv.mkDerivation {
name = "linux-headers-2.6.13.1-arm";
builder = ./builder.sh;
src = fetchurl {
url = http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.1.tar.bz2;
url = "http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.1.tar.bz2";
sha256 = "12qxmc827fjhaz53kjy7vyrzsaqcg78amiqsb3qm20z26w705lma";
};
}

2
doc/preface.chapter.md
View File

@ -37,7 +37,7 @@ security updates. More up to date packages and modules are available via the
Both `nixos-unstable` and `nixpkgs` follow the `master` branch of the Nixpkgs
repository, although both do lag the `master` branch by generally
[a couple of days](https://howoldis.herokuapp.com/). Updates to a channel are
[a couple of days](https://status.nixos.org/). Updates to a channel are
distributed as soon as all tests for that channel pass, e.g.
[this table](https://hydra.nixos.org/job/nixpkgs/trunk/unstable#tabs-constituents)
shows the status of tests for the `nixpkgs` channel.

2
doc/release-notes.xml
View File

@ -190,7 +190,7 @@ preConfigure = "configureFlagsArray=(\"CFLAGS=-O0 -g\")";</programlisting>
The function <function>fetchurl</function> now has support for two different kinds of mirroring of files. First, it has support for <emphasis>content-addressable mirrors</emphasis>. For example, given the <function>fetchurl</function> call
<programlisting>
fetchurl {
url = http://releases.mozilla.org/<replaceable>...</replaceable>/firefox-2.0.0.6-source.tar.bz2;
url = "http://releases.mozilla.org/<replaceable>...</replaceable>/firefox-2.0.0.6-source.tar.bz2";
sha1 = "eb72f55e4a8bf08e8c6ef227c0ade3d068ba1082";
}</programlisting>
<function>fetchurl</function> will first try to download this file from <link

2
doc/stdenv/multiple-output.xml
View File

@ -106,7 +106,7 @@
</para>
<para>
The reason for why <literal>glibc</literal> deviates from the convention is because referencing a library provided by <literal>glibc</literal> is a very common operation among Nix packages. For instance, third-party executables packaged by Nix are typically patched and relinked with the relevant version of <literal>glibc</literal> libraries from Nix packages (please see the documentation on <link xlink:href="https://nixos.org/patchelf.html">patchelf</link> for more details).
The reason for why <literal>glibc</literal> deviates from the convention is because referencing a library provided by <literal>glibc</literal> is a very common operation among Nix packages. For instance, third-party executables packaged by Nix are typically patched and relinked with the relevant version of <literal>glibc</literal> libraries from Nix packages (please see the documentation on <link xlink:href="https://github.com/NixOS/patchelf/blob/master/README">patchelf</link> for more details).
</para>
</section>

14
doc/stdenv/stdenv.xml
View File

@ -14,7 +14,7 @@
stdenv.mkDerivation {
name = "libfoo-1.2.3";
src = fetchurl {
url = http://example.org/libfoo-1.2.3.tar.bz2;
url = "http://example.org/libfoo-1.2.3.tar.bz2";
sha256 = "0x2g1jqygyr5wiwg4ma1nd7w4ydpy82z9gkcv8vh2v8dn3y58v5m";
};
}</programlisting>
@ -727,6 +727,16 @@ passthru.updateScript = [ ../../update.sh pname "--requested-release=unstable" ]
<variablelist>
<title>Variables controlling the patch phase</title>
<varlistentry>
<term>
<varname>dontPatch</varname>
</term>
<listitem>
<para>
Set to true to skip the patch phase.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<varname>patches</varname>
@ -1295,7 +1305,7 @@ installTargets = "install-bin install-doc";</programlisting>
</term>
<listitem>
<para>
List of directories to search for libraries and executables from which only debugging-related symbols should be stripped. It defaults to <literal>lib bin sbin</literal>.
List of directories to search for libraries and executables from which only debugging-related symbols should be stripped. It defaults to <literal>lib lib32 lib64 libexec bin sbin</literal>.
</para>
</listitem>
</varlistentry>

125
doc/using/overlays.xml
View File

@ -137,4 +137,129 @@ self: super:
Overlays are similar to other methods for customizing Nixpkgs, in particular the <literal>packageOverrides</literal> attribute described in <xref linkend="sec-modify-via-packageOverrides"/>. Indeed, <literal>packageOverrides</literal> acts as an overlay with only the <varname>super</varname> argument. It is therefore appropriate for basic use, but overlays are more powerful and easier to distribute.
</para>
</section>
<section xml:id="sec-overlays-alternatives">
<title>Using overlays to configure alternatives</title>
<para>
Certain software packages have different implementations of the
same interface. Other distributions have functionality to switch
between these. For example, Debian provides <link
xlink:href="https://wiki.debian.org/DebianAlternatives">DebianAlternatives</link>.
Nixpkgs has what we call <literal>alternatives</literal>, which
are configured through overlays.
</para>
<section xml:id="sec-overlays-alternatives-blas-lapack">
<title>BLAS/LAPACK</title>
<para>
In Nixpkgs, we have multiple implementations of the BLAS/LAPACK
numerical linear algebra interfaces. They are:
</para>
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://www.openblas.net/">OpenBLAS</link>
</para>
<para>
The Nixpkgs attribute is <literal>openblas</literal> for
ILP64 (integer width = 64 bits) and
<literal>openblasCompat</literal> for LP64 (integer width =
32 bits). <literal>openblasCompat</literal> is the default.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="http://www.netlib.org/lapack/">LAPACK
reference</link> (also provides BLAS)
</para>
<para>
The Nixpkgs attribute is <literal>lapack-reference</literal>.
</para>
</listitem>
<listitem>
<para>
<link
xlink:href="https://software.intel.com/en-us/mkl">Intel
MKL</link> (only works on x86 architecture, unfree)
</para>
<para>
The Nixpkgs attribute is <literal>mkl</literal>.
</para>
</listitem>
</itemizedlist>
<para>
Introduced in <link
xlink:href="https://github.com/NixOS/nixpkgs/pull/83888">PR
#83888</link>, we are able to override the blas and lapack
packages to use different implementations, through the
blasProvider and lapackProvider argument. This can be used
to select a different provider. BLAS providers will have
symlinks in <literal>$out/lib/libblas.so.3</literal> and
<literal>$out/lib/libcblas.so.3</literal> to their respective
BLAS libraries. Likewise, LAPACK providers will have symlinks
in <literal>$out/lib/liblapack.so.3</literal> and
<literal>$out/lib/liblapacke.so.3</literal> to their respective
LAPCK libraries. For example, Intel MKL is both a BLAS and
LAPACK provider. An overlay can be created to use Intel MKL
that looks like:
</para>
<programlisting>
self: super:
{
blas = super.blas.override {
blasProvider = self.mkl;
}
lapack = super.lapack.override {
lapackProvider = self.mkl;
}
}
</programlisting>
<para>
This overlay uses Intels MKL library for both BLAS and LAPACK
interfaces. Note that the same can be accomplished at runtime
using <literal>LD_LIBRARY_PATH</literal> of libblas.so.3 and
liblapack.so.3. For instance:
</para>
<programlisting>
$ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib:$LD_LIBRARY_PATH nix-shell -p octave --run octave
</programlisting>
<para>
Intel MKL requires an <literal>openmp</literal> implementation
when running with multiple processors. By default,
<literal>mkl</literal> will use Intels <literal>iomp</literal>
implementation if no other is specified, but this is a
runtime-only dependency and binary compatible with the LLVM
implementation. To use that one instead, Intel recommends users
set it with <literal>LD_PRELOAD</literal>. Note that
<literal>mkl</literal> is only available on
<literal>x86_64-linux</literal> and
<literal>x86_64-darwin</literal>. Moreover, Hydra is not
building and distributing pre-compiled binaries using it.
</para>
<para>
For BLAS/LAPACK switching to work correctly, all packages must
depend on <literal>blas</literal> or <literal>lapack</literal>.
This ensures that only one BLAS/LAPACK library is used at one
time. There are two versions versions of BLAS/LAPACK currently
in the wild, <literal>LP64</literal> (integer size = 32 bits)
and <literal>ILP64</literal> (integer size = 64 bits). Some
software needs special flags or patches to work with
<literal>ILP64</literal>. You can check if
<literal>ILP64</literal> is used in Nixpkgs with
<varname>blas.isILP64</varname> and
<varname>lapack.isILP64</varname>. Some software does NOT work
with <literal>ILP64</literal>, and derivations need to specify
an assertion to prevent this. You can prevent
<literal>ILP64</literal> from being used with the following:
</para>
<programlisting>
{ stdenv, blas, lapack, ... }:
assert (!blas.isILP64) &amp;&amp; (!lapack.isILP64);
stdenv.mkDerivation {
...
}
</programlisting>
</section>
</section>
</chapter>

2
flake.nix
View File

@ -25,7 +25,7 @@
import ./nixos/lib/eval-config.nix (args // {
modules = modules ++
[ { system.nixos.versionSuffix =
".${lib.substring 0 8 self.lastModified}.${self.shortRev or "dirty"}";
".${lib.substring 0 8 (self.lastModifiedDate or self.lastModified)}.${self.shortRev or "dirty"}";
system.nixos.revision = lib.mkIf (self ? rev) self.rev;
}
];

4
lib/attrsets.nix
View File

@ -4,7 +4,7 @@
let
inherit (builtins) head tail length;
inherit (lib.trivial) and;
inherit (lib.strings) concatStringsSep;
inherit (lib.strings) concatStringsSep sanitizeDerivationName;
inherit (lib.lists) fold concatMap concatLists;
in
@ -310,7 +310,7 @@ rec {
path' = builtins.storePath path;
res =
{ type = "derivation";
name = builtins.unsafeDiscardStringContext (builtins.substring 33 (-1) (baseNameOf path'));
name = sanitizeDerivationName (builtins.substring 33 (-1) (baseNameOf path'));
outPath = path';
outputs = [ "out" ];
out = res;

2
lib/default.nix
View File

@ -141,7 +141,7 @@ let
mergeAttrsWithFunc mergeAttrsConcatenateValues
mergeAttrsNoOverride mergeAttrByFunc mergeAttrsByFuncDefaults
mergeAttrsByFuncDefaultsClean mergeAttrBy
fakeSha256 fakeSha512
fakeSri fakeSha256 fakeSha512
nixType imap;
inherit (versions)
splitVersion;

1
lib/deprecated.nix
View File

@ -272,6 +272,7 @@ rec {
imap = imap1;
# Fake hashes. Can be used as hash placeholders, when computing hash ahead isn't trivial
fakeSri = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
fakeSha256 = "0000000000000000000000000000000000000000000000000000000000000000";
fakeSha512 = "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
}

53
lib/generators.nix
View File

@ -126,6 +126,59 @@ rec {
# map input to ini sections
mapAttrsToStringsSep "\n" mkSection attrsOfAttrs;
/* Generate a git-config file from an attrset.
*
* It has two major differences from the regular INI format:
*
* 1. values are indented with tabs
* 2. sections can have sub-sections
*
* generators.toGitINI {
* url."ssh://git@github.com/".insteadOf = "https://github.com";
* user.name = "edolstra";
* }
*
*> [url "ssh://git@github.com/"]
*> insteadOf = https://github.com/
*>
*> [user]
*> name = edolstra
*/
toGitINI = attrs:
with builtins;
let
mkSectionName = name:
let
containsQuote = libStr.hasInfix ''"'' name;
sections = libStr.splitString "." name;
section = head sections;
subsections = tail sections;
subsection = concatStringsSep "." subsections;
in if containsQuote || subsections == [ ] then
name
else
''${section} "${subsection}"'';
# generation for multiple ini values
mkKeyValue = k: v:
let mkKeyValue = mkKeyValueDefault { } " = " k;
in concatStringsSep "\n" (map (kv: "\t" + mkKeyValue kv) (lib.toList v));
# converts { a.b.c = 5; } to { "a.b".c = 5; } for toINI
gitFlattenAttrs = let
recurse = path: value:
if isAttrs value then
lib.mapAttrsToList (name: value: recurse ([ name ] ++ path) value) value
else if length path > 1 then {
${concatStringsSep "." (lib.reverseList (tail path))}.${head path} = value;
} else {
${head path} = value;
};
in attrs: lib.foldl lib.recursiveUpdate { } (lib.flatten (recurse [ ] attrs));
toINI_ = toINI { inherit mkKeyValue mkSectionName; };
in
toINI_ (gitFlattenAttrs attrs);
/* Generates JSON from an arbitrary (non-function) value.
* For more information see the documentation of the builtin.

81
lib/licenses.nix
View File

@ -2,7 +2,7 @@
let
spdx = lic: lic // {
url = "http://spdx.org/licenses/${lic.spdxId}.html";
url = "https://spdx.org/licenses/${lic.spdxId}.html";
};
in
@ -40,13 +40,13 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
amazonsl = {
fullName = "Amazon Software License";
url = http://aws.amazon.com/asl/;
url = "https://aws.amazon.com/asl/";
free = false;
};
amd = {
fullName = "AMD License Agreement";
url = http://developer.amd.com/amd-license-agreement/;
url = "https://developer.amd.com/amd-license-agreement/";
free = false;
};
@ -57,7 +57,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
arphicpl = {
fullName = "Arphic Public License";
url = https://www.freedesktop.org/wiki/Arphic_Public_License/;
url = "https://www.freedesktop.org/wiki/Arphic_Public_License/";
};
artistic1 = spdx {
@ -107,7 +107,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
bsl11 = {
fullName = "Business Source License 1.1";
url = https://mariadb.com/bsl11;
url = "https://mariadb.com/bsl11";
free = false;
};
@ -230,7 +230,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
eapl = {
fullName = "EPSON AVASYS PUBLIC LICENSE";
url = http://avasys.jp/hp/menu000000700/hpg000000603.htm;
url = "https://avasys.jp/hp/menu000000700/hpg000000603.htm";
free = false;
};
@ -246,7 +246,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
elastic = {
fullName = "ELASTIC LICENSE";
url = https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt;
url = "https://github.com/elastic/elasticsearch/blob/master/licenses/ELASTIC-LICENSE.txt";
free = false;
};
@ -262,7 +262,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
epson = {
fullName = "Seiko Epson Corporation Software License Agreement for Linux";
url = https://download.ebz.epson.net/dsc/du/02/eula/global/LINUX_EN.html;
url = "https://download.ebz.epson.net/dsc/du/02/eula/global/LINUX_EN.html";
free = false;
};
@ -271,6 +271,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
fullName = "European Union Public License 1.1";
};
eupl12 = spdx {
spdxId = "EUPL-1.2";
fullName = "European Union Public License 1.2";
};
fdl12 = spdx {
spdxId = "GFDL-1.2-only";
fullName = "GNU Free Documentation License v1.2 only";
@ -293,7 +298,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
ffsl = {
fullName = "Floodgap Free Software License";
url = http://www.floodgap.com/software/ffsl/license.html;
url = "https://www.floodgap.com/software/ffsl/license.html";
free = false;
};
@ -303,12 +308,12 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
g4sl = {
fullName = "Geant4 Software License";
url = https://geant4.web.cern.ch/geant4/license/LICENSE.html;
url = "https://geant4.web.cern.ch/geant4/license/LICENSE.html";
};
geogebra = {
fullName = "GeoGebra Non-Commercial License Agreement";
url = https://www.geogebra.org/license;
url = "https://www.geogebra.org/license";
free = false;
};
@ -334,12 +339,12 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
gpl2ClasspathPlus = {
fullName = "GNU General Public License v2.0 or later (with Classpath exception)";
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
url = "https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception";
};
gpl2Oss = {
fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
url = https://www.mysql.com/about/legal/licensing/foss-exception;
url = "https://www.mysql.com/about/legal/licensing/foss-exception";
};
gpl2Plus = spdx {
@ -359,7 +364,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
gpl3ClasspathPlus = {
fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
url = "https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception";
};
hpnd = spdx {
@ -370,7 +375,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
# Intel's license, seems free
iasl = {
fullName = "iASL";
url = http://www.calculate-linux.org/packages/licenses/iASL;
url = "https://old.calculate-linux.org/packages/licenses/iASL";
};
ijg = spdx {
@ -385,13 +390,13 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
inria-compcert = {
fullName = "INRIA Non-Commercial License Agreement for the CompCert verified compiler";
url = "http://compcert.inria.fr/doc/LICENSE";
url = "http://compcert.inria.fr/doc/LICENSE"; # https is broken
free = false;
};
inria-icesl = {
fullName = "INRIA Non-Commercial License Agreement for IceSL";
url = "http://shapeforge.loria.fr/icesl/EULA_IceSL_binary.pdf";
url = "http://shapeforge.loria.fr/icesl/EULA_IceSL_binary.pdf"; # https is broken
free = false;
};
@ -413,7 +418,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
# Proprietary binaries; free to redistribute without modification.
issl = {
fullName = "Intel Simplified Software License";
url = https://software.intel.com/en-us/license/intel-simplified-software-license;
url = "https://software.intel.com/en-us/license/intel-simplified-software-license";
free = false;
};
@ -469,7 +474,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
llgpl21 = {
fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
url = http://opensource.franz.com/preamble.html;
url = "https://opensource.franz.com/preamble.html";
};
lppl12 = spdx {
@ -489,11 +494,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
miros = {
fullName = "MirOS License";
url = https://opensource.org/licenses/MirOS;
url = "https://opensource.org/licenses/MirOS";
};
# spdx.org does not (yet) differentiate between the X11 and Expat versions
# for details see http://en.wikipedia.org/wiki/MIT_License#Various_versions
# for details see https://en.wikipedia.org/wiki/MIT_License#Various_versions
mit = spdx {
spdxId = "MIT";
fullName = "MIT License";
@ -519,12 +524,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
fullName = "Microsoft Public License";
};
msrla = {
fullName = "Microsoft Research License Agreement";
url = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
free = false;
};
nasa13 = spdx {
spdxId = "NASA-1.3";
fullName = "NASA Open Source Agreement 1.3";
@ -589,14 +588,14 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
postman = {
fullName = "Postman EULA";
url = https://www.getpostman.com/licenses/postman_base_app;
url = "https://www.getpostman.com/licenses/postman_base_app";
free = false;
};
psfl = spdx {
spdxId = "Python-2.0";
fullName = "Python Software Foundation License version 2";
#url = http://docs.python.org/license.html;
url = "https://docs.python.org/license.html";
};
publicDomain = {
@ -605,7 +604,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
purdueBsd = {
fullName = " Purdue BSD-Style License"; # also know as lsof license
url = https://enterprise.dejacode.com/licenses/public/purdue-bsd;
url = "https://enterprise.dejacode.com/licenses/public/purdue-bsd";
};
qhull = spdx {
@ -620,7 +619,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
qwt = {
fullName = "Qwt License, Version 1.0";
url = http://qwt.sourceforge.net/qwtlicense.html;
url = "https://qwt.sourceforge.io/qwtlicense.html";
};
ruby = spdx {
@ -646,7 +645,14 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
smail = {
shortName = "smail";
fullName = "SMAIL General Public License";
url = http://metadata.ftp-master.debian.org/changelogs/main/d/debianutils/debianutils_4.8.1_copyright;
url = "https://sources.debian.org/copyright/license/debianutils/4.9.1/";
};
sspl = {
shortName = "SSPL";
fullName = "Server Side Public License";
url = "https://www.mongodb.com/licensing/server-side-public-license";
free = false;
};
tcltk = spdx {
@ -656,7 +662,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
ufl = {
fullName = "Ubuntu Font License 1.0";
url = http://font.ubuntu.com/ufl/ubuntu-font-licence-1.0.txt;
url = "https://ubuntu.com/legal/font-licence";
};
unfree = {
@ -675,6 +681,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
# channel and NixOS images.
};
unicode-dfs-2016 = spdx {
spdxId = "Unicode-DFS-2016";
fullName = "Unicode License Agreement - Data Files and Software (2016)";
};
unlicense = spdx {
spdxId = "Unlicense";
fullName = "The Unlicense";
@ -713,7 +724,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
wadalab = {
fullName = "Wadalab Font License";
url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
url = "https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab";
};
wtfpl = spdx {
@ -728,7 +739,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) {
xfig = {
fullName = "xfig";
url = "http://mcj.sourceforge.net/authors.html#xfig";
url = "http://mcj.sourceforge.net/authors.html#xfig"; # https is broken
};
zlib = spdx {

13
lib/modules.nix
View File

@ -93,7 +93,11 @@ rec {
res set._definedNames
else
res;
result = { inherit options config; };
result = {
inherit options;
config = removeAttrs config [ "_module" ];
inherit (config) _module;
};
in result;
# collectModules :: (modulesPath: String) -> (modules: [ Module ]) -> (args: Attrs) -> [ Module ]
@ -410,10 +414,9 @@ rec {
# Type-check the remaining definitions, and merge them. Or throw if no definitions.
mergedValue =
if isDefined then
foldl' (res: def:
if type.check def.value then res
else throw "The option value `${showOption loc}' in `${def.file}' is not of type `${type.description}'."
) (type.merge loc defsFinal) defsFinal
if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
else let firstInvalid = findFirst (def: ! type.check def.value) null defsFinal;
in throw "The option value `${showOption loc}' in `${firstInvalid.file}' is not of type `${type.description}'."
else
# (nixos-option detects this specific error message and gives it special
# handling. If changed here, please change it there too.)

11
lib/options.nix
View File

@ -159,7 +159,7 @@ rec {
let ss = opt.type.getSubOptions opt.loc;
in if ss != {} then optionAttrSetToDocList' opt.loc ss else [];
in
[ docOption ] ++ subOptions) (collect isOption options);
[ docOption ] ++ optionals docOption.visible subOptions) (collect isOption options);
/* This function recursively removes all derivation attributes from
@ -191,7 +191,14 @@ rec {
Example:
(showOption ["foo" "bar" "baz"]) == "foo.bar.baz"
(showOption ["foo" "bar.baz" "tux"]) == "foo.\"bar.baz\".tux"
(showOption ["foo" "bar.baz" "tux"]) == "foo.bar.baz.tux"
Placeholders will not be quoted as they are not actual values:
(showOption ["foo" "*" "bar"]) == "foo.*.bar"
(showOption ["foo" "<name>" "bar"]) == "foo.<name>.bar"
Unlike attributes, options can also start with numbers:
(showOption ["windowManager" "2bwm" "enable"]) == "windowManager.2bwm.enable"
*/
showOption = parts: let
escapeOptionPart = part:

7
lib/sources.nix
View File

@ -63,17 +63,14 @@ rec {
# https://nixos.org/nix/manual/#builtin-filterSource
#
# name: Optional name to use as part of the store path.
# This defaults `src.name` or otherwise `baseNameOf src`.
# We recommend setting `name` whenever `src` is syntactically `./.`.
# Otherwise, you depend on `./.`'s name in the parent directory,
# which can cause inconsistent names, defeating caching.
# This defaults to `src.name` or otherwise `"source"`.
#
cleanSourceWith = { filter ? _path: _type: true, src, name ? null }:
let
isFiltered = src ? _isLibCleanSourceWith;
origSrc = if isFiltered then src.origSrc else src;
filter' = if isFiltered then name: type: filter name type && src.filter name type else filter;
name' = if name != null then name else if isFiltered then src.name else baseNameOf src;
name' = if name != null then name else if isFiltered then src.name else "source";
in {
inherit origSrc;
filter = filter';

47
lib/strings.nix
View File

@ -315,6 +315,21 @@ rec {
*/
escapeNixString = s: escape ["$"] (builtins.toJSON s);
/* Quotes a string if it can't be used as an identifier directly.
Type: string -> string
Example:
escapeNixIdentifier "hello"
=> "hello"
escapeNixIdentifier "0abc"
=> "\"0abc\""
*/
escapeNixIdentifier = s:
# Regex from https://github.com/NixOS/nix/blob/d048577909e383439c2549e849c5c2f2016c997e/src/libexpr/lexer.l#L91
if builtins.match "[a-zA-Z_][a-zA-Z0-9_'-]*" s != null
then s else escapeNixString s;
# Obsolete - use replaceStrings instead.
replaceChars = builtins.replaceStrings or (
del: new: s:
@ -678,4 +693,36 @@ rec {
=> "1.0"
*/
fileContents = file: removeSuffix "\n" (builtins.readFile file);
/* Creates a valid derivation name from a potentially invalid one.
Type: sanitizeDerivationName :: String -> String
Example:
sanitizeDerivationName "../hello.bar # foo"
=> "-hello.bar-foo"
sanitizeDerivationName ""
=> "unknown"
sanitizeDerivationName pkgs.hello
=> "-nix-store-2g75chlbpxlrqn15zlby2dfh8hr9qwbk-hello-2.10"
*/
sanitizeDerivationName = string: lib.pipe string [
# Get rid of string context. This is safe under the assumption that the
# resulting string is only used as a derivation name
builtins.unsafeDiscardStringContext
# Strip all leading "."
(x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0)
# Split out all invalid characters
# https://github.com/NixOS/nix/blob/2.3.2/src/libstore/store-api.cc#L85-L112
# https://github.com/NixOS/nix/blob/2242be83c61788b9c0736a92bb0b5c7bbfc40803/nix-rust/src/store/path.rs#L100-L125
(builtins.split "[^[:alnum:]+._?=-]+")
# Replace invalid character ranges with a "-"
(concatMapStrings (s: if lib.isList s then "-" else s))
# Limit to 211 characters (minus 4 chars for ".drv")
(x: substring (lib.max (stringLength x - 207) 0) (-1) x)
# If the result is empty, replace it with "unknown"
(x: if stringLength x == 0 then "unknown" else x)
];
}

1
lib/systems/default.nix
View File

@ -65,6 +65,7 @@ rec {
freebsd = "FreeBSD";
openbsd = "OpenBSD";
wasi = "Wasi";
genode = "Genode";
}.${final.parsed.kernel.name} or null;
# uname -p

11
lib/systems/doubles.nix
View File

@ -26,9 +26,17 @@ let
"riscv32-linux" "riscv64-linux"
"aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none" "vc4-none"
"arm-none" "armv6l-none" "aarch64-none"
"avr-none"
"i686-none" "x86_64-none"
"powerpc-none"
"msp430-none"
"riscv64-none" "riscv32-none"
"vc4-none"
"js-ghcjs"
"aarch64-genode" "x86_64-genode"
];
allParsed = map parse.mkSystemFromString all;
@ -62,6 +70,7 @@ in {
unix = filterDoubles predicates.isUnix;
wasi = filterDoubles predicates.isWasi;
windows = filterDoubles predicates.isWindows;
genode = filterDoubles predicates.isGenode;
embedded = filterDoubles predicates.isNone;

1
lib/systems/inspect.nix
View File

@ -47,6 +47,7 @@ rec {
isMinGW = { kernel = kernels.windows; abi = abis.gnu; };
isWasi = { kernel = kernels.wasi; };
isGhcjs = { kernel = kernels.ghcjs; };
isGenode = { kernel = kernels.genode; };
isNone = { kernel = kernels.none; };
isAndroid = [ { abi = abis.android; } { abi = abis.androideabi; } ];

3
lib/systems/parse.nix
View File

@ -279,6 +279,7 @@ rec {
wasi = { execFormat = wasm; families = { }; };
windows = { execFormat = pe; families = { }; };
ghcjs = { execFormat = unknown; families = { }; };
genode = { execFormat = elf; families = { }; };
} // { # aliases
# 'darwin' is the kernel for all of them. We choose macOS by default.
darwin = kernels.macos;
@ -395,6 +396,8 @@ rec {
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; }
else if (elemAt l 2 == "ghcjs")
then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; }
else if hasPrefix "genode" (elemAt l 2)
then { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; }
else throw "Target specification with 3 components is ambiguous";
"4" = { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
}.${toString (length l)}

76
lib/tests/maintainers.nix Normal file
View File

@ -0,0 +1,76 @@
# to run these tests (and the others)
# nix-build nixpkgs/lib/tests/release.nix
{ # The pkgs used for dependencies for the testing itself
pkgs
, lib
}:
let
inherit (lib) types;
maintainerModule = { config, ... }: {
options = {
name = lib.mkOption {
type = types.str;
};
email = lib.mkOption {
type = types.str;
};
github = lib.mkOption {
type = types.nullOr types.str;
default = null;
};
githubId = lib.mkOption {
type = types.nullOr types.ints.unsigned;
default = null;
};
keys = lib.mkOption {
type = types.listOf (types.submodule {
options.longkeyid = lib.mkOption { type = types.str; };
options.fingerprint = lib.mkOption { type = types.str; };
});
default = [];
};
};
};
checkMaintainer = handle: uncheckedAttrs:
let
prefix = [ "lib" "maintainers" handle ];
checkedAttrs = (lib.modules.evalModules {
inherit prefix;
modules = [
maintainerModule
{
_file = toString ../../maintainers/maintainer-list.nix;
config = uncheckedAttrs;
}
];
}).config;
checkGithubId = lib.optional (checkedAttrs.github != null && checkedAttrs.githubId == null) ''
echo ${lib.escapeShellArg (lib.showOption prefix)}': If `github` is specified, `githubId` must be too.'
# Calling this too often would hit non-authenticated API limits, but this
# shouldn't happen since such errors will get fixed rather quickly
info=$(curl -sS https://api.github.com/users/${checkedAttrs.github})
id=$(jq -r '.id' <<< "$info")
echo "The GitHub ID for GitHub user ${checkedAttrs.github} is $id:"
echo -e " githubId = $id;\n"
'';
in lib.deepSeq checkedAttrs checkGithubId;
missingGithubIds = lib.concatLists (lib.mapAttrsToList checkMaintainer lib.maintainers);
success = pkgs.runCommandNoCC "checked-maintainers-success" {} ">$out";
failure = pkgs.runCommandNoCC "checked-maintainers-failure" {
nativeBuildInputs = [ pkgs.curl pkgs.jq ];
outputHash = "sha256:${lib.fakeSha256}";
outputHAlgo = "sha256";
outputHashMode = "flat";
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
} ''
${lib.concatStringsSep "\n" missingGithubIds}
exit 1
'';
in if missingGithubIds == [] then success else failure

42
lib/tests/misc.nix
View File

@ -3,6 +3,23 @@
# if the resulting list is empty, all tests passed
with import ../default.nix;
let
testSanitizeDerivationName = { name, expected }:
let
drv = derivation {
name = strings.sanitizeDerivationName name;
builder = "x";
system = "x";
};
in {
# Evaluate the derivation so an invalid name would be caught
expr = builtins.seq drv.drvPath drv.name;
inherit expected;
};
in
runTests {
@ -490,4 +507,29 @@ runTests {
expected = "'-X' 'PUT' '--data' '{\"id\":0}' '--retry' '3' '--url' 'https://example.com/foo' '--url' 'https://example.com/bar' '--verbose'";
};
testSanitizeDerivationNameLeadingDots = testSanitizeDerivationName {
name = "..foo";
expected = "foo";
};
testSanitizeDerivationNameAscii = testSanitizeDerivationName {
name = " !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
expected = "-+--.-0123456789-=-?-ABCDEFGHIJKLMNOPQRSTUVWXYZ-_-abcdefghijklmnopqrstuvwxyz-";
};
testSanitizeDerivationNameTooLong = testSanitizeDerivationName {
name = "This string is loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong";
expected = "loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong";
};
testSanitizeDerivationNameTooLongWithInvalid = testSanitizeDerivationName {
name = "Hello there aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa &&&&&&&&";
expected = "there-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-";
};
testSanitizeDerivationNameEmpty = testSanitizeDerivationName {
name = "";
expected = "unknown";
};
}

18
lib/tests/modules.sh
View File

@ -3,7 +3,10 @@
# This script is used to test that the module system is working as expected.
# By default it test the version of nixpkgs which is defined in the NIX_PATH.
cd ./modules
# https://stackoverflow.com/a/246128/6605742
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
cd "$DIR"/modules
pass=0
fail=0
@ -185,6 +188,14 @@ checkConfigError 'The option .* defined in .* does not exist' config.enable ./di
# Check that imports can depend on derivations
checkConfigOutput "true" config.enable ./import-from-store.nix
# Check that configs can be conditional on option existence
checkConfigOutput true config.enable ./define-option-dependently.nix ./declare-enable.nix ./declare-int-positive-value.nix
checkConfigOutput 360 config.value ./define-option-dependently.nix ./declare-enable.nix ./declare-int-positive-value.nix
checkConfigOutput 7 config.value ./define-option-dependently.nix ./declare-int-positive-value.nix
checkConfigOutput true config.set.enable ./define-option-dependently-nested.nix ./declare-enable-nested.nix ./declare-int-positive-value-nested.nix
checkConfigOutput 360 config.set.value ./define-option-dependently-nested.nix ./declare-enable-nested.nix ./declare-int-positive-value-nested.nix
checkConfigOutput 7 config.set.value ./define-option-dependently-nested.nix ./declare-int-positive-value-nested.nix
# Check attrsOf and lazyAttrsOf. Only lazyAttrsOf should be lazy, and only
# attrsOf should work with conditional definitions
# In addition, lazyAttrsOf should honor an options emptyValue
@ -194,6 +205,11 @@ checkConfigOutput "true" config.conditionalWorks ./declare-attrsOf.nix ./attrsOf
checkConfigOutput "false" config.conditionalWorks ./declare-lazyAttrsOf.nix ./attrsOf-conditional-check.nix
checkConfigOutput "empty" config.value.foo ./declare-lazyAttrsOf.nix ./attrsOf-conditional-check.nix
# Even with multiple assignments, a type error should be thrown if any of them aren't valid
checkConfigError 'The option value .* in .* is not of type .*' \
config.value ./declare-int-unsigned-value.nix ./define-value-list.nix ./define-value-int-positive.nix
cat <<EOF
====== module tests ======
$pass Pass

14
lib/tests/modules/declare-enable-nested.nix Normal file
View File

@ -0,0 +1,14 @@
{ lib, ... }:
{
options.set = {
enable = lib.mkOption {
default = false;
example = true;
type = lib.types.bool;
description = ''
Some descriptive text
'';
};
};
}

9
lib/tests/modules/declare-int-positive-value-nested.nix Normal file
View File

@ -0,0 +1,9 @@
{ lib, ... }:
{
options.set = {
value = lib.mkOption {
type = lib.types.ints.positive;
};
};
}

16
lib/tests/modules/define-option-dependently-nested.nix Normal file
View File

@ -0,0 +1,16 @@
{ lib, options, ... }:
# Some modules may be distributed separately and need to adapt to other modules
# that are distributed and versioned separately.
{
# Always defined, but the value depends on the presence of an option.
config.set = {
value = if options ? set.enable then 360 else 7;
}
# Only define if possible.
// lib.optionalAttrs (options ? set.enable) {
enable = true;
};
}

16
lib/tests/modules/define-option-dependently.nix Normal file
View File

@ -0,0 +1,16 @@
{ lib, options, ... }:
# Some modules may be distributed separately and need to adapt to other modules
# that are distributed and versioned separately.
{
# Always defined, but the value depends on the presence of an option.
config = {
value = if options ? enable then 360 else 7;
}
# Only define if possible.
// lib.optionalAttrs (options ? enable) {
enable = true;
};
}

19
lib/tests/release.nix
View File

@ -1,8 +1,17 @@
{ pkgs ? import ((import ../.).cleanSource ../..) {} }:
{ # The pkgs used for dependencies for the testing itself
# Don't test properties of pkgs.lib, but rather the lib in the parent directory
pkgs ? import ../.. {} // { lib = throw "pkgs.lib accessed, but the lib tests should use nixpkgs' lib path directly!"; }
}:
pkgs.runCommandNoCC "nixpkgs-lib-tests" {
buildInputs = [ pkgs.nix (import ./check-eval.nix) ];
NIX_PATH = "nixpkgs=${toString pkgs.path}";
buildInputs = [
pkgs.nix
(import ./check-eval.nix)
(import ./maintainers.nix {
inherit pkgs;
lib = import ../.;
})
];
} ''
datadir="${pkgs.nix}/share"
export TEST_ROOT=$(pwd)/test-tmp
@ -17,8 +26,8 @@ pkgs.runCommandNoCC "nixpkgs-lib-tests" {
cacheDir=$TEST_ROOT/binary-cache
nix-store --init
cd ${pkgs.path}/lib/tests
bash ./modules.sh
cp -r ${../.} lib
bash lib/tests/modules.sh
touch $out
''

7
lib/tests/systems.nix
View File

@ -12,16 +12,17 @@ let
expected = lib.sort lib.lessThan y;
};
in with lib.systems.doubles; lib.runTests {
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js);
testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js ++ genode);
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-none" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
testmips = mseteq mips [ "mipsel-linux" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
testx86_64 = mseteq x86_64 [ "x86_64-linux" "x86_64-darwin" "x86_64-freebsd" "x86_64-genode" "x86_64-openbsd" "x86_64-netbsd" "x86_64-cygwin" "x86_64-solaris" "x86_64-windows" "x86_64-none" ];
testcygwin = mseteq cygwin [ "i686-cygwin" "x86_64-cygwin" ];
testdarwin = mseteq darwin [ "x86_64-darwin" "i686-darwin" "aarch64-darwin" "armv7a-darwin" ];
testfreebsd = mseteq freebsd [ "i686-freebsd" "x86_64-freebsd" ];
testgenode = mseteq genode [ "aarch64-genode" "x86_64-genode" ];
testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
testillumos = mseteq illumos [ "x86_64-solaris" ];
testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64le-linux" ];

465
maintainers/maintainer-list.nix
View File

File diff suppressed because it is too large Load Diff

13
maintainers/scripts/nix-generate-from-cpan.pl
View File

@ -6,6 +6,7 @@ use warnings;
use CPAN::Meta();
use CPANPLUS::Backend();
use Module::CoreList;
use Getopt::Long::Descriptive qw( describe_options );
use JSON::PP qw( encode_json );
use Log::Log4perl qw(:easy);
@ -164,7 +165,7 @@ Readonly::Hash my %LICENSE_MAP => (
# License not provided in metadata.
unknown => {
licenses => [qw( unknown )],
licenses => [],
amb => 1
}
);
@ -278,14 +279,8 @@ sub get_deps {
foreach my $n ( $deps->required_modules ) {
next if $n eq "perl";
# Figure out whether the module is a core module by attempting
# to `use` the module in a pure Perl interpreter and checking
# whether it succeeded. Note, $^X is a magic variable holding
# the path to the running Perl interpreter.
if ( system("env -i $^X -M$n -e1 >/dev/null 2>&1") == 0 ) {
DEBUG("skipping Perl-builtin module $n");
next;
}
my @core = Module::CoreList->find_modules(qr/^$n$/);
next if (@core);
my $pkg = module_to_pkg( $cb, $n );

42
maintainers/team-list.nix
View File

@ -17,8 +17,50 @@
{ lib }:
with lib.maintainers; {
acme = {
members = [
aanderse
andrew-d
arianvp
emily
flokli
m1cr0man
];
scope = "Maintain ACME-related packages and modules.";
};
freedesktop = {
members = [ jtojnar worldofpeace ];
scope = "Maintain Freedesktop.org packages for graphical desktop.";
};
gnome = {
members = [
hedning
jtojnar
worldofpeace
];
scope = "Maintain GNOME desktop environment and platform.";
};
php = {
members = [
aanderse
etu
globin
ma27
talyz
];
scope = "Maintain PHP related packages and extensions.";
};
podman = {
members = [
adisbladis
saschagrunert
vdemeester
zowoq
];
scope = "Maintain Podman and CRI-O related packages and modules.";
};
}

1
nixos/doc/manual/configuration/configuration.xml
View File

@ -21,7 +21,6 @@
<xi:include href="xfce.xml" />
<xi:include href="networking.xml" />
<xi:include href="linux-kernel.xml" />
<xi:include href="matrix.xml" />
<xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
<xi:include href="profiles.xml" />
<xi:include href="kubernetes.xml" />

1
nixos/doc/manual/configuration/x-windows.xml
View File

@ -31,6 +31,7 @@
<xref linkend="opt-services.xserver.windowManager.twm.enable"/> = true;
<xref linkend="opt-services.xserver.windowManager.icewm.enable"/> = true;
<xref linkend="opt-services.xserver.windowManager.i3.enable"/> = true;
<xref linkend="opt-services.xserver.windowManager.herbstluftwm.enable"/> = true;
</programlisting>
</para>
<para>

2
nixos/doc/manual/installation/installing-behind-a-proxy.xml
View File

@ -40,7 +40,7 @@ networking.proxy.noProxy = &quot;127.0.0.1,localhost,internal.domain&quot;;
<note>
<para>
If you are switching networks with different proxy configurations, use the
<literal>nesting.clone</literal> option in
<literal>specialisation</literal> option in
<literal>configuration.nix</literal> to switch proxies at runtime. Refer to
<xref linkend="ch-options" /> for more information.
</para>

8
nixos/doc/manual/installation/installing.xml
View File

@ -24,8 +24,7 @@
</para>
<para>
The NixOS manual is available on virtual console 8 (press Alt+F8 to access)
or by running <command>nixos-help</command>.
The NixOS manual is available by running <command>nixos-help</command>.
</para>
<para>
@ -42,6 +41,11 @@
neo</command>!)
</para>
<para>
If the text is too small to be legible, try <command>setfont ter-132n</command>
to increase the font size.
</para>
<section xml:id="sec-installation-booting-networking">
<title>Networking in the installer</title>

16
nixos/doc/manual/installation/upgrading.xml
View File

@ -14,7 +14,7 @@
<para>
<emphasis>Stable channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-19.09">nixos-19.09</literal>.
xlink:href="https://nixos.org/channels/nixos-20.03">nixos-20.03</literal>.
These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@ -38,7 +38,7 @@
<para>
<emphasis>Small channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-19.09-small">nixos-19.09-small</literal>
xlink:href="https://nixos.org/channels/nixos-20.03-small">nixos-20.03-small</literal>
or
<literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@ -63,8 +63,8 @@
<para>
When you first install NixOS, youre automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you
installed from a 19.09 ISO, you will be subscribed to the
<literal>nixos-19.09</literal> channel. To see which NixOS channel youre
installed from a 20.03 ISO, you will be subscribed to the
<literal>nixos-20.03</literal> channel. To see which NixOS channel youre
subscribed to, run the following as root:
<screen>
# nix-channel --list | grep nixos
@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
# nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For
instance, to use the NixOS 19.09 stable channel:
instance, to use the NixOS 20.03 stable channel:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-19.09 nixos
# nix-channel --add https://nixos.org/channels/nixos-20.03 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
# nix-channel --add https://nixos.org/channels/nixos-19.09-small nixos
# nix-channel --add https://nixos.org/channels/nixos-20.03-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable
kernel, initrd or kernel modules.
You can also specify a channel explicitly, e.g.
<programlisting>
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-19.09;
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.03;
</programlisting>
</para>
</section>

554
nixos/doc/manual/release-notes/rl-2003.xml
View File

@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-20.03">
<title>Release 20.03 (“Markhor”, 2020.03/??)</title>
<title>Release 20.03 (“Markhor”, 2020.04/20)</title>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
@ -23,11 +23,24 @@
Support is planned until the end of October 2020, handing over to 20.09.
</para>
</listitem>
<listitem>
<para>Core version changes:</para>
<para>gcc: 8.3.0 -&gt; 9.2.0</para>
<para>glibc: 2.27 -&gt; 2.30</para>
<para>linux: 4.19 -&gt; 5.4</para>
<para>mesa: 19.1.5 -&gt; 19.3.3</para>
<para>openssl: 1.0.2u -&gt; 1.1.1d</para>
</listitem>
<listitem>
<para>Desktop version changes:</para>
<para>plasma5: 5.16.5 -&gt; 5.17.5</para>
<para>kdeApplications: 19.08.2 -&gt; 19.12.3</para>
<para>gnome3: 3.32 -&gt; 3.34</para>
<para>pantheon: 5.0 -&gt; 5.1.3</para>
</listitem>
<listitem>
<para>
Linux kernel is updated to branch 5.4 by default (from 4.19).
Users of Intel GPUs may prefer to explicitly set branch to 4.19 to avoid some regressions.
<programlisting>boot.kernelPackages = pkgs.linuxPackages_4_19;</programlisting>
</para>
</listitem>
<listitem>
@ -43,6 +56,24 @@
quirk in the boot menu.
</para>
</listitem>
<listitem>
<para>
GNOME 3 has been upgraded to 3.34. Please take a look at their
<link xlink:href="https://help.gnome.org/misc/release-notes/3.34">Release Notes</link>
for details.
</para>
</listitem>
<listitem>
<para>
If you enable the Pantheon Desktop Manager via
<xref linkend="opt-services.xserver.desktopManager.pantheon.enable" />, we now default to also use
<link xlink:href="https://blog.elementary.io/say-hello-to-the-new-greeter/">
Pantheon's newly designed greeter
</link>.
Contrary to NixOS's usual update policy, Pantheon will receive updates during the cycle of
NixOS 20.03 when backwards compatible.
</para>
</listitem>
<listitem>
<para>
By default zfs pools will now be trimmed on a weekly basis.
@ -75,6 +106,24 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</programlisting>
</para>
</listitem>
<listitem>
<para>
The testing driver implementation in NixOS is now in Python <filename>make-test-python.nix</filename>.
This was done by Jacek Galowicz (<link xlink:href="https://github.com/tfc">@tfc</link>), and with the
collaboration of Julian Stecklina (<link xlink:href="https://github.com/blitz">@blitz</link>) and
Jana Traue (<link xlink:href="https://github.com/jtraue">@jtraue</link>). All documentation has been updated to use this
testing driver, and a vast majority of the 286 tests in NixOS were ported to python driver. In 20.09 the Perl driver implementation,
<filename>make-test.nix</filename>, is slated for removal. This should give users of the NixOS integration framework
a transitory period to rewrite their tests to use the Python implementation. Users of the Perl driver will see
this warning everytime they use it:
<screen>
<prompt>$ </prompt>warning: Perl VM tests are deprecated and will be removed for 20.09.
Please update your tests to use the python test driver.
See https://github.com/NixOS/nixpkgs/pull/71684 for details.
</screen>
API compatibility is planned to be kept for at least the next release with the perl driver.
</para>
</listitem>
</itemizedlist>
</section>
@ -110,6 +159,241 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
It was created so Geary could function properly outside of GNOME.
</para>
</listitem>
<listitem>
<para>
<filename>./config/console.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./hardware/brillo.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./hardware/tuxedo-keyboard.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./programs/bandwhich.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./programs/bash-my-aws.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./programs/liboping.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./programs/traceroute.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/backup/sanoid.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/backup/syncoid.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/backup/zfs-replication.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/continuous-integration/buildkite-agents.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/databases/victoriametrics.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/desktops/gnome3/gnome-initial-setup.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/desktops/neard.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/games/openarena.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/hardware/fancontrol.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/mail/sympa.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/misc/freeswitch.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/misc/mame.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/monitoring/do-agent.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/monitoring/prometheus/xmpp-alerts.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/network-filesystems/orangefs/server.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/network-filesystems/orangefs/client.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/3proxy.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/corerad.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/go-shadowsocks2.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/ntp/openntpd.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/shorewall.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/shorewall6.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/spacecookie.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/trickster.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/v2ray.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/xandikos.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/networking/yggdrasil.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-apps/dokuwiki.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-apps/gotify-server.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-apps/grocy.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-apps/ihatemoney</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-apps/moinmoin.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-apps/trac.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-apps/trilium.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-apps/shiori.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/web-servers/ttyd.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/x11/picom.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/x11/hardware/digimend.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./services/x11/imwheel.nix</filename>
</para>
</listitem>
<listitem>
<para>
<filename>./virtualisation/cri-o.nix</filename>
</para>
</listitem>
</itemizedlist>
</section>
@ -127,6 +411,17 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</para>
<itemizedlist>
<listitem>
<para>
The <package>dhcpcd</package> package <link xlink:href="https://roy.marples.name/archives/dhcpcd-discuss/0002621.html">
does not request IPv4 addresses for tap and bridge interfaces anymore by default</link>.
In order to still get an address on a bridge interface, one has to disable
<literal>networking.useDHCP</literal> and explicitly enable
<literal>networking.interfaces.&lt;name&gt;.useDHCP</literal> on
every interface, that should get an address via DHCP. This way, dhcpcd
is configured in an explicit way about which interface to run on.
</para>
</listitem>
<listitem>
<para>
GnuPG is now built without support for a graphical passphrase entry
@ -196,10 +491,10 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</listitem>
<listitem>
<para>
There is now only one Xfce package-set and module. This means attributes, <literal>xfce4-14</literal>
<literal>xfce4-12</literal>, and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in future NixOS releases will be the latest released version of Xfce available at the
time during the releases development (if viable).
There is now only one Xfce package-set and module. This means that attributes <literal>xfce4-14</literal>
and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in the future NixOS releases will be the latest released version of Xfce available at the
time of the release's development (if viable).
</para>
</listitem>
<listitem>
@ -235,7 +530,7 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
<listitem>
<para>
The <literal>buildRustCrate</literal> infrastructure now produces <literal>lib</literal> outputs in addition to the <literal>out</literal> output.
This has led to drastically reduced closed sizes for some rust crates since development dependencies are now in the <literal>lib</literal> output.
This has led to drastically reduced closure sizes for some rust crates since development dependencies are now in the <literal>lib</literal> output.
</para>
</listitem>
<listitem>
@ -603,6 +898,25 @@ auth required pam_succeed_if.so uid >= 1000 quiet
The <option>services.dnscrypt-proxy</option> module has been removed
as it used the deprecated version of dnscrypt-proxy. We've added
<xref linkend="opt-services.dnscrypt-proxy2.enable"/> to use the supported version.
This module supports configuration via the Nix attribute set
<xref linkend="opt-services.dnscrypt-proxy2.settings" />, or by passing a TOML configuration file via
<xref linkend="opt-services.dnscrypt-proxy2.configFile" />.
<programlisting>
# Example configuration:
services.dnscrypt-proxy2.enable = true;
services.dnscrypt-proxy2.settings = {
listen_addresses = [ "127.0.0.1:43" ];
sources.public-resolvers = {
urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ];
cache_file = "public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
refresh_delay = 72;
};
};
services.dnsmasq.enable = true;
services.dnsmasq.servers = [ "127.0.0.1#43" ];
</programlisting>
</para>
</listitem>
<listitem>
@ -619,6 +933,15 @@ auth required pam_succeed_if.so uid >= 1000 quiet
<link xlink:href="https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html">release notes</link>.
</para>
</listitem>
<listitem>
<para>
Haskell <varname>env</varname> and <varname>shellFor</varname> dev shell environments now organize dependencies the same way as regular builds.
In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything.
</para>
<para>
This means that if you incorrectly categorize a dependency, e.g. non-Haskell library dependency as a <varname>buildDepends</varname> or run-time Haskell dependency as a <varname>setupDepends</varname>, whereas things would have worked before they may not work now.
</para>
</listitem>
<listitem>
<para>
The <package>gcc-snapshot</package>-package has been removed. It's marked as broken for &gt;2 years and used to point
@ -641,6 +964,128 @@ auth required pam_succeed_if.so uid >= 1000 quiet
The previous behavior can be restored by setting <literal>config.riot-web.conf = { disable_guests = false; piwik = true; }</literal>.
</para>
</listitem>
<listitem>
<para>
Stand-alone usage of <literal>Upower</literal> now requires
<option>services.upower.enable</option> instead of just installing into
<xref linkend="opt-environment.systemPackages"/>.
</para>
</listitem>
<listitem>
<para>
<package>nextcloud</package> has been updated to <literal>v18.0.2</literal>. This means
that users from NixOS 19.09 can't upgrade directly since you can only move one version
forward and 19.09 uses <literal>v16.0.8</literal>.
</para>
<para>
To provide a safe upgrade-path and to circumvent similar issues in the future, the following
measures were taken:
<itemizedlist>
<listitem>
<para>
The <package>pkgs.nextcloud</package>-attribute has been removed and replaced with
versioned attributes (currently <package>pkgs.nextcloud17</package> and
<package>pkgs.nextcloud18</package>). With this change major-releases can be backported
without breaking stuff and to make upgrade-paths easier.
</para>
</listitem>
<listitem>
<para>
Existing setups will be detected using
<link linkend="opt-system.stateVersion">system.stateVersion</link>: by default,
<package>nextcloud17</package> will be used, but will raise a warning which notes
that after that deploy it's recommended to update to the latest stable version
(<package>nextcloud18</package>) by declaring the newly introduced setting
<link linkend="opt-services.nextcloud.package">services.nextcloud.package</link>.
</para>
</listitem>
<listitem>
<para>
Users with an overlay (e.g. to use <package>nextcloud</package> at version
<literal>v18</literal> on <literal>19.09</literal>) will get an evaluation error
by default. This is done to ensure that our
<link linkend="opt-services.nextcloud.package">package</link>-option doesn't select an
older version by accident. It's recommended to use <package>pkgs.nextcloud18</package>
or to set <link linkend="opt-services.nextcloud.package">package</link> to
<package>pkgs.nextcloud</package> explicitly.
</para>
</listitem>
</itemizedlist>
</para>
<warning>
<para>
Please note that if you're coming from <literal>19.03</literal> or older, you have
to manually upgrade to <literal>19.09</literal> first to upgrade your server
to Nextcloud v16.
</para>
</warning>
</listitem>
<listitem>
<para>
<package>Hydra</package> has gained a massive performance improvement due to
<link xlink:href="https://github.com/NixOS/hydra/pull/710">some database schema
changes</link> by adding several IDs and better indexing. However, it's necessary
to upgrade Hydra in multiple steps:
<itemizedlist>
<listitem>
<para>
At first, an older version of Hydra needs to be deployed which adds those
(nullable) columns. When having set <link linkend="opt-system.stateVersion">stateVersion
</link> to a value older than <literal>20.03</literal>, this package will be selected
by default from the module when upgrading. Otherwise, the package can be deployed using
the following config:
<programlisting>{ pkgs, ... }: {
<link linkend="opt-services.hydra.package">services.hydra.package</link> = pkgs.hydra-migration;
}</programlisting>
</para>
</listitem>
<listitem>
<para>
Automatically fill the newly added ID columns on the server by running the following
command:
<screen>
<prompt>$ </prompt>hydra-backfill-ids
</screen>
<warning>
<para>Please note that this process can take a while depending on your database-size!</para>
</warning>
</para>
</listitem>
<listitem>
<para>
Deploy a newer version of Hydra to activate the DB optimizations. This can be done by
using <package>hydra-unstable</package>. This package already includes
<link xlink:href="https://github.com/nixos/rfcs/pull/49">flake-support</link> and is
therefore compiled against <package>pkgs.nixFlakes</package>.
<warning>
<para>
If your <link linkend="opt-system.stateVersion">stateVersion</link> is set to
<literal>20.03</literal> or greater, <package>hydra-unstable</package> will be used
automatically! This will break your setup if you didn't run the migration.
</para>
</warning>
Please note that Hydra is currently not available with <package>nixStable</package>
as this doesn't compile anymore.
</para>
</listitem>
</itemizedlist>
<warning>
<para>
<package>pkgs.hydra</package> has been removed to ensure a graceful database-migration
using the dedicated package-attributes. If you still have <package>pkgs.hydra</package>
defined in e.g. an overlay, an assertion error will be thrown. To circumvent this,
you need to set <xref linkend="opt-services.hydra.package" /> to <package>pkgs.hydra</package>
explicitly and make sure you know what you're doing!
</para>
</warning>
</para>
</listitem>
<listitem>
<para>
The TokuDB storage engine will be disabled in <package>mariadb</package> 10.5. It is recommended to switch
to RocksDB. See also <link xlink:href="https://mariadb.com/kb/en/tokudb/">TokuDB</link>.
</para>
</listitem>
</itemizedlist>
</section>
@ -658,7 +1103,8 @@ auth required pam_succeed_if.so uid >= 1000 quiet
<listitem>
<para>
The nginx web server previously started its master process as root
privileged, then ran worker processes as a less privileged identity user.
privileged, then ran worker processes as a less privileged identity user
(the <literal>nginx</literal> user).
This was changed to start all of nginx as a less privileged user (defined by
<literal>services.nginx.user</literal> and
<literal>services.nginx.group</literal>). As a consequence, all files that
@ -666,6 +1112,13 @@ auth required pam_succeed_if.so uid >= 1000 quiet
certificates and keys, etc.) must now be readable by this less privileged
user/group.
</para>
<para>
To continue to use the old approach, you can configure:
<programlisting>
services.nginx.appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
systemd.services.nginx.serviceConfig.User = lib.mkForce "root";
</programlisting>
</para>
</listitem>
<listitem>
<para>
@ -692,9 +1145,11 @@ auth required pam_succeed_if.so uid >= 1000 quiet
As well as this, the options <literal>security.acme.acceptTerms</literal> and either
<literal>security.acme.email</literal> or <literal>security.acme.certs.&lt;name&gt;.email</literal>
must be set in order to use the ACME module.
Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are
preserved and thus it is possible to roll back to previous versions without breaking certificate
generation.
Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le.
In particular private keys will not be preserved. However, the credentials for simp-le are preserved and
thus it is possible to roll back to previous versions without breaking certificate generation.
Note also that in contrary to simp-le a new private key is recreated at each renewal by default, which can
have consequences if you embed your public key in apps.
</para>
</listitem>
<listitem>
@ -705,13 +1160,84 @@ auth required pam_succeed_if.so uid >= 1000 quiet
</listitem>
<listitem>
<para>
Predicatbly named network-interfaces get renamed in stage-1. This means that it's possible
to use the proper interface name for e.g. dropbear-setups.
Predictably named network interfaces get renamed in stage-1. This means that it is possible
to use the proper interface name for e.g. Dropbear setups.
</para>
<para>
For further reference, please read <link xlink:href="https://github.com/NixOS/nixpkgs/pull/68953">#68953</link> or the corresponding <link xlink:href="https://discourse.nixos.org/t/predictable-network-interface-names-in-initrd/4055">discourse thread</link>.
</para>
</listitem>
<listitem>
<para>
The <package>matrix-synapse</package>-package has been updated to
<link xlink:href="https://github.com/matrix-org/synapse/releases/tag/v1.11.1">v1.11.1</link>.
Due to <link xlink:href="https://github.com/matrix-org/synapse/releases/tag/v1.10.0rc1">stricter requirements</link>
for database configuration when using <package>postgresql</package>, the automated database setup
of the module has been removed to avoid any further edge-cases.
</para>
<para>
<package>matrix-synapse</package> expects <literal>postgresql</literal>-databases to have the options
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal> set to
<link xlink:href="https://www.postgresql.org/docs/12/locale.html"><literal>'C'</literal></link> which basically
instructs <literal>postgresql</literal> to ignore any locale-based preferences.
</para>
<para>
Depending on your setup, you need to incorporate one of the following changes in your setup to
upgrade to 20.03:
<itemizedlist>
<listitem><para>If you use <literal>sqlite3</literal> you don't need to do anything.</para></listitem>
<listitem><para>If you use <literal>postgresql</literal> on a different server, you don't need
to change anything as well since this module was never designed to configure remote databases.
</para></listitem>
<listitem><para>If you use <literal>postgresql</literal> and configured your synapse initially on
<literal>19.09</literal> or older, you simply need to enable <package>postgresql</package>-support
explicitly:
<programlisting>{ ... }: {
services.matrix-synapse = {
<link linkend="opt-services.matrix-synapse.enable">enable</link> = true;
/* and all the other config you've defined here */
};
<link linkend="opt-services.postgresql.enable">services.postgresql.enable</link> = true;
}</programlisting>
</para></listitem>
<listitem><para>If you deploy a fresh <package>matrix-synapse</package>, you need to configure
the database yourself (e.g. by using the
<link linkend="opt-services.postgresql.initialScript">services.postgresql.initialScript</link>
option). An example for this can be found in the
<link linkend="module-services-matrix">documentation of the Matrix module</link>.
</para></listitem>
<listitem><para>If you initially deployed your <package>matrix-synapse</package> on
<literal>nixos-unstable</literal> <emphasis>after</emphasis> the <literal>19.09</literal>-release,
your database is misconfigured due to a regression in NixOS. For now, <package>matrix-synapse</package> will
startup with a warning, but it's recommended to reconfigure the database to set the values
<literal>LC_COLLATE</literal> and <literal>LC_CTYPE</literal> to
<link xlink:href="https://www.postgresql.org/docs/12/locale.html"><literal>'C'</literal></link>.
</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
The <link linkend="opt-systemd.network.links">systemd.network.links</link> option is now respected
even when <link linkend="opt-systemd.network.enable">systemd-networkd</link> is disabled.
This mirrors the behaviour of systemd - It's udev that parses <literal>.link</literal> files,
not <command>systemd-networkd</command>.
</para>
</listitem>
<listitem>
<para>
<package>mongodb</package> has been updated to version <literal>3.4.24</literal>.
<warning>
<para>
Please note that <package>mongodb</package> has been relicensed under their own
<link xlink:href="https://www.mongodb.com/licensing/server-side-public-license/faq"><literal>
sspl</literal></link>-license. Since it's not entirely free and not OSI-approved,
it's listed as non-free. This means that Hydra doesn't provide prebuilt
<package>mongodb</package>-packages and needs to be built locally.
</para>
</warning>
</para>
</listitem>
</itemizedlist>
</section>
</section>

240
nixos/doc/manual/release-notes/rl-2009.xml
View File

@ -23,6 +23,14 @@
Support is planned until the end of April 2021, handing over to 21.03.
</para>
</listitem>
<listitem>
<para>GNOME desktop environment was upgraded to 3.36, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.36/">release notes</link>.</para>
</listitem>
<listitem>
<para>
We now distribute a GNOME ISO.
</para>
</listitem>
<listitem>
<para>
PHP now defaults to PHP 7.4, updated from 7.3.
@ -37,6 +45,16 @@
make use of these new options instead.
</para>
</listitem>
<listitem>
<para>
There is a new module for Podman(<varname>virtualisation.podman</varname>), a drop-in replacement for the Docker command line.
</para>
</listitem>
<listitem>
<para>
The new <varname>virtualisation.containers</varname> module manages configuration shared by the CRI-O and Podman modules.
</para>
</listitem>
</itemizedlist>
</section>
@ -86,6 +104,213 @@
}</programlisting>
</para>
</listitem>
<listitem>
<para>
The <link linkend="opt-services.supybot.enable">supybot</link> module now uses <literal>/var/lib/supybot</literal>
as its default <link linkend="opt-services.supybot.stateDir">stateDir</link> path if <literal>stateVersion</literal>
is 20.09 or higher. It also enables number of
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Sandboxing">systemd sandboxing options</link>
which may possibly interfere with some plugins. If this is the case you can disable the options through attributes in
<option>systemd.services.supybot.serviceConfig</option>.
</para>
</listitem>
<listitem>
<para>
The <literal>security.duosec.skey</literal> option, which stored a secret in the
nix store, has been replaced by a new
<link linkend="opt-security.duosec.secretKeyFile">security.duosec.secretKeyFile</link>
option for better security.
</para>
<para>
<literal>security.duosec.ikey</literal> has been renamed to
<link linkend="opt-security.duosec.integrationKey">security.duosec.integrationKey</link>.
</para>
</listitem>
<listitem>
<para>
The initrd SSH support now uses OpenSSH rather than Dropbear to
allow the use of Ed25519 keys and other OpenSSH-specific
functionality. Host keys must now be in the OpenSSH format, and at
least one pre-generated key must be specified.
</para>
<para>
If you used the <option>boot.initrd.network.ssh.host*Key</option>
options, you'll get an error explaining how to convert your host
keys and migrate to the new
<option>boot.initrd.network.ssh.hostKeys</option> option.
Otherwise, if you don't have any host keys set, you'll need to
generate some; see the <option>hostKeys</option> option
documentation for instructions.
</para>
</listitem>
<listitem>
<para>
Since this release there's an easy way to customize your PHP
install to get a much smaller base PHP with only wanted
extensions enabled. See the following snippet installing a
smaller PHP with the extensions <literal>imagick</literal>,
<literal>opcache</literal>, <literal>pdo</literal> and
<literal>pdo_mysql</literal> loaded:
<programlisting>
environment.systemPackages = [
(pkgs.php.withExtensions
({ all, ... }: with all; [
imagick
opcache
pdo
pdo_mysql
])
)
];</programlisting>
The default <literal>php</literal> attribute hasn't lost any
extensions. The <literal>opcache</literal> extension has been
added.
All upstream PHP extensions are available under <package><![CDATA[php.extensions.<name?>]]></package>.
</para>
<para>
All PHP <literal>config</literal> flags have been removed for
the following reasons:
<itemizedlist>
<listitem>
<para>
The updated <literal>php</literal> attribute is now easily
customizable to your liking by using
<literal>php.withExtensions</literal> or
<literal>php.buildEnv</literal> instead of writing config files
or changing configure flags.
</para>
</listitem>
<listitem>
<para>
The remaining configuration flags can now be set directly on
the <literal>php</literal> attribute. For example, instead of
<programlisting>
php.override {
config.php.embed = true;
config.php.apxs2 = false;
}
</programlisting>
you should now write
<programlisting>
php.override {
embedSupport = true;
apxs2Support = false;
}
</programlisting>
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
Gollum received a major update to version 5.x and you may have to change
some links in your wiki when migrating from gollum 4.x. More information
can be found
<link xlink:href="https://github.com/gollum/gollum/wiki/5.0-release-notes#migrating-your-wiki">here</link>.
</para>
</listitem>
<listitem>
<para>
Deluge 2.x was added and is used as default for new NixOS
installations where stateVersion is >= 20.09. If you are upgrading from a previous
NixOS version, you can set <literal>service.deluge.package = pkgs.deluge-2_x</literal>
to upgrade to Deluge 2.x and migrate the state to the new format.
Be aware that backwards state migrations are not supported by Deluge.
</para>
</listitem>
<listitem>
<para>
The NixOS options <literal>nesting.clone</literal> and
<literal>nesting.children</literal> have been deleted, and
replaced with named <xref linkend="opt-specialisation"/>
configurations.
</para>
<para>
Replace a <literal>nesting.clone</literal> entry with:
<programlisting>{
<link xlink:href="#opt-specialisation">specialisation.example-sub-configuration</link> = {
<link xlink:href="#opt-specialisation._name_.configuration">configuration</link> = {
...
};
};</programlisting>
</para>
<para>
Replace a <literal>nesting.children</literal> entry with:
<programlisting>{
<link xlink:href="#opt-specialisation">specialisation.example-sub-configuration</link> = {
<link xlink:href="#opt-specialisation._name_.inheritParentConfig">inheritParentConfig</link> = false;
<link xlink:href="#opt-specialisation._name_.configuration">configuration</link> = {
...
};
};</programlisting>
</para>
<para>
To switch to a specialised configuration at runtime you need to
run:
<programlisting>
# sudo /run/current-system/specialisation/example-sub-configuration/bin/switch-to-configuration test
</programlisting>
Before you would have used:
<programlisting>
# sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
</programlisting>
</para>
</listitem>
<listitem>
<para>
The httpd web server previously started its main process as root
privileged, then ran worker processes as a less privileged identity user.
This was changed to start all of httpd as a less privileged user (defined by
<xref linkend="opt-services.httpd.user"/> and
<xref linkend="opt-services.httpd.group"/>). As a consequence, all files that
are needed for httpd to run (included configuration fragments, SSL
certificates and keys, etc.) must now be readable by this less privileged
user/group.
</para>
<para>
The default value for <xref linkend="opt-services.httpd.mpm"/>
has been changed from <literal>prefork</literal> to <literal>event</literal>. Along with
this change the default value for
<link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.&lt;name&gt;.http2</link>
has been set to <literal>true</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>systemd-networkd</literal> option
<literal>systemd.network.networks.&lt;name&gt;.dhcp.CriticalConnection</literal>
has been removed following upstream systemd's deprecation of the same. It is recommended to use
<literal>systemd.network.networks.&lt;name&gt;.networkConfig.KeepConfiguration</literal> instead.
See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
</para>
</listitem>
<listitem>
<para>
The <literal>systemd-networkd</literal> option
<literal>systemd.network.networks._name_.dhcpConfig</literal>
has been renamed to
<xref linkend="opt-systemd.network.networks._name_.dhcpV4Config"/>
following upstream systemd's documentation change.
See <citerefentry><refentrytitle>systemd.network</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details.
</para>
</listitem>
</itemizedlist>
</section>
@ -98,7 +323,20 @@
<itemizedlist>
<listitem>
<para />
<para>
<option>services.journald.rateLimitBurst</option> was updated from
<literal>1000</literal> to <literal>10000</literal> to follow the new
upstream systemd default.
</para>
</listitem>
<listitem>
<para>
The <package>notmuch</package> package move its emacs-related binaries and
emacs lisp files to a separate output. They're not part
of the default <literal>out</literal> output anymore - if you relied on the
<literal>notmuch-emacs-mua</literal> binary or the emacs lisp files, access them via
the <literal>notmuch.emacs</literal> output.
</para>
</listitem>
</itemizedlist>
</section>

4
nixos/lib/eval-config.nix
View File

@ -61,7 +61,7 @@ in rec {
args = extraArgs;
specialArgs =
{ modulesPath = builtins.toString ../modules; } // specialArgs;
}) config options;
}) config options _module;
# These are the extra arguments passed to every module. In
# particular, Nixpkgs is passed through the "pkgs" argument.
@ -69,5 +69,5 @@ in rec {
inherit baseModules extraModules modules;
};
inherit (config._module.args) pkgs;
inherit (_module.args) pkgs;
}

1
nixos/lib/make-iso9660-image.sh
View File

@ -107,6 +107,7 @@ xorriso="xorriso
-publisher nixos
-graft-points
-full-iso9660-filenames
-joliet
${isoBootFlags}
${usbBootFlags}
${efiBootFlags}

6
nixos/lib/make-options-doc/default.nix
View File

@ -86,7 +86,7 @@ let
optionsList = lib.sort optionLess optionsListDesc;
# Convert the list of options into an XML file.
optionsXML = pkgs.writeText "options.xml" (builtins.toXML optionsList);
optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList);
optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);
@ -133,6 +133,7 @@ in {
optionsJSON = pkgs.runCommand "options.json"
{ meta.description = "List of NixOS options in JSON format";
buildInputs = [ pkgs.brotli ];
}
''
# Export list of options in different format.
@ -141,8 +142,11 @@ in {
cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix))} $dst/options.json
brotli -9 < $dst/options.json > $dst/options.json.br
mkdir -p $out/nix-support
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
echo "file json-br $dst/options.json.br" >> $out/nix-support/hydra-build-products
''; # */
optionsDocBook = pkgs.runCommand "options-docbook.xml" {} ''

41
nixos/lib/test-driver/test-driver.py
View File

@ -6,6 +6,7 @@ from xml.sax.saxutils import XMLGenerator
import _thread
import atexit
import base64
import codecs
import os
import pathlib
import ptpython.repl
@ -84,8 +85,6 @@ CHAR_TO_KEY = {
}
# Forward references
nr_tests: int
failed_tests: list
log: "Logger"
machines: "List[Machine]"
@ -101,10 +100,12 @@ def make_command(args: list) -> str:
def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]:
global log
log.log("starting VDE switch for network {}".format(vlan_nr))
vde_socket = os.path.abspath("./vde{}.ctl".format(vlan_nr))
vde_socket = tempfile.mkdtemp(
prefix="nixos-test-vde-", suffix="-vde{}.ctl".format(vlan_nr)
)
pty_master, pty_slave = pty.openpty()
vde_process = subprocess.Popen(
["vde_switch", "-s", vde_socket, "--dirmode", "0777"],
["vde_switch", "-s", vde_socket, "--dirmode", "0700"],
bufsize=1,
stdin=pty_slave,
stdout=subprocess.PIPE,
@ -115,6 +116,7 @@ def create_vlan(vlan_nr: str) -> Tuple[str, str, "subprocess.Popen[bytes]", Any]
fd.write("version\n")
# TODO: perl version checks if this can be read from
# an if not, dies. we could hang here forever. Fix it.
assert vde_process.stdout is not None
vde_process.stdout.readline()
if not os.path.exists(os.path.join(vde_socket, "ctl")):
raise Exception("cannot start vde_switch")
@ -139,7 +141,7 @@ def retry(fn: Callable) -> None:
class Logger:
def __init__(self) -> None:
self.logfile = os.environ.get("LOGFILE", "/dev/null")
self.logfile_handle = open(self.logfile, "wb")
self.logfile_handle = codecs.open(self.logfile, "wb")
self.xml = XMLGenerator(self.logfile_handle, encoding="utf-8")
self.queue: "Queue[Dict[str, str]]" = Queue(1000)
@ -383,7 +385,7 @@ class Machine:
if state != require_state:
raise Exception(
"Expected unit {} to to be in state ".format(unit)
+ "'active' but it is in state {}".format(state)
+ "'{}' but it is in state {}".format(require_state, state)
)
def execute(self, command: str) -> Tuple[int, str]:
@ -739,6 +741,7 @@ class Machine:
self.shell, _ = self.shell_socket.accept()
def process_serial_output() -> None:
assert self.process.stdout is not None
for _line in self.process.stdout:
# Ignore undecodable bytes that may occur in boot menus
line = _line.decode(errors="ignore").replace("\r", "").rstrip()
@ -877,33 +880,16 @@ def run_tests() -> None:
if machine.is_up():
machine.execute("sync")
if nr_tests != 0:
nr_succeeded = nr_tests - len(failed_tests)
eprint("{} out of {} tests succeeded".format(nr_succeeded, nr_tests))
if len(failed_tests) > 0:
eprint(
"The following tests have failed:\n - {}".format(
"\n - ".join(failed_tests)
)
)
sys.exit(1)
@contextmanager
def subtest(name: str) -> Iterator[None]:
global nr_tests
global failed_tests
with log.nested(name):
nr_tests += 1
try:
yield
return True
except Exception as e:
failed_tests.append(
'Test "{}" failed with error: "{}"'.format(name, str(e))
)
log.log("error: {}".format(str(e)))
log.log(f'Test "{name}" failed with error: "{e}"')
raise e
return False
@ -923,9 +909,6 @@ if __name__ == "__main__":
]
exec("\n".join(machine_eval))
nr_tests = 0
failed_tests = []
@atexit.register
def clean_up() -> None:
with log.nested("cleaning up"):
@ -936,7 +919,7 @@ if __name__ == "__main__":
machine.process.kill()
for _, _, process, _ in vde_sockets:
process.kill()
process.terminate()
log.close()
tic = time.time()

2
nixos/lib/testing/jquery-ui.nix
View File

@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
'';
meta = {
homepage = https://jqueryui.com/;
homepage = "https://jqueryui.com/";
description = "A library of JavaScript widgets and effects";
platforms = stdenv.lib.platforms.all;
};

2
nixos/lib/testing/jquery.nix
View File

@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
meta = with stdenv.lib; {
description = "JavaScript library designed to simplify the client-side scripting of HTML";
homepage = http://jquery.com/;
homepage = "http://jquery.com/";
license = licenses.mit;
platforms = platforms.all;
};

1
nixos/maintainers/scripts/azure-new/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
azure

42
nixos/maintainers/scripts/azure-new/README.md Normal file
View File

@ -0,0 +1,42 @@
# azure
## Demo
Here's a demo of this being used: https://asciinema.org/a/euXb9dIeUybE3VkstLWLbvhmp
## Usage
This is meant to be an example image that you can copy into your own
project and modify to your own needs. Notice that the example image
includes a built-in test user account, which by default uses your
`~/.ssh/id_ed25519.pub` as an `authorized_key`.
Build and upload the image
```shell
$ ./upload-image.sh ./examples/basic/image.nix
...
+ attr=azbasic
+ nix-build ./examples/basic/image.nix --out-link azure
/nix/store/qdpzknpskzw30vba92mb24xzll1dqsmd-azure-image
...
95.5 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total, 2-sec Throughput (Mb/s): 932.9565
...
/subscriptions/aff271ee-e9be-4441-b9bb-42f5af4cbaeb/resourceGroups/nixos-images/providers/Microsoft.Compute/images/azure-image-todo-makethisbetter
```
Take the output, boot an Azure VM:
```
img="/subscriptions/.../..." # use output from last command
./boot-vm.sh "${img}"
...
=> booted
```
## Future Work
1. If the user specifies a hard-coded user, then the agent could be removed.
Probably has security benefits; definitely has closure-size benefits.
(It's likely the VM will need to be booted with a special flag. See:
https://github.com/Azure/azure-cli/issues/12775 for details.)

36
nixos/maintainers/scripts/azure-new/boot-vm.sh Executable file
View File

@ -0,0 +1,36 @@
#!/usr/bin/env bash
set -euo pipefail
set -x
image="${1}"
location="westus2"
group="nixos-test-vm"
vm_size="Standard_D2s_v3"; os_size=42;
# ensure group
az group create --location "westus2" --name "${group}"
group_id="$(az group show --name "${group}" -o tsv --query "[id]")"
# (optional) identity
if ! az identity show -n "${group}-identity" -g "${group}" &>/dev/stderr; then
az identity create --name "${group}-identity" --resource-group "${group}"
fi
# (optional) role assignment, to the resource group, bad but not really great alternatives
identity_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[id]")"
principal_id="$(az identity show --name "${group}-identity" --resource-group "${group}" -o tsv --query "[principalId]")"
until az role assignment create --assignee "${principal_id}" --role "Owner" --scope "${group_id}"; do sleep 1; done
# boot vm
az vm create \
--name "${group}-vm" \
--resource-group "${group}" \
--assign-identity "${identity_id}" \
--size "${vm_size}" \
--os-disk-size-gb "${os_size}" \
--image "${image}" \
--admin-username "${USER}" \
--location "westus2" \
--storage-sku "Premium_LRS" \
--ssh-key-values "$(ssh-add -L)"

7
nixos/maintainers/scripts/azure-new/common.sh Normal file
View File

@ -0,0 +1,7 @@
export group="${AZURE_RESOURCE_GROUP:-"azure"}"
export location="${AZURE_LOCATION:-"westus2"}"
img_file=$(echo azure/*.vhd)
img_name="$(basename "${img_file}")"
img_name="${img_name%".vhd"}"
export img_name="${img_name//[._]/-}"

10
nixos/maintainers/scripts/azure-new/examples/basic/image.nix Normal file
View File

@ -0,0 +1,10 @@
let
pkgs = (import ../../../../../../default.nix {});
machine = import "${pkgs.path}/nixos/lib/eval-config.nix" {
system = "x86_64-linux";
modules = [
({config, ...}: { imports = [ ./system.nix ]; })
];
};
in
machine.config.system.build.azureImage

34
nixos/maintainers/scripts/azure-new/examples/basic/system.nix Normal file
View File

@ -0,0 +1,34 @@
{ pkgs, modulesPath, ... }:
let username = "azurenixosuser";
in
{
imports = [
"${modulesPath}/virtualisation/azure-common.nix"
"${modulesPath}/virtualisation/azure-image.nix"
];
## NOTE: This is just an example of how to hard-code a user.
## The normal Azure agent IS included and DOES provision a user based
## on the information passed at VM creation time.
users.users."${username}" = {
isNormalUser = true;
home = "/home/${username}";
description = "Azure NixOS Test User";
openssh.authorizedKeys.keys = [ (builtins.readFile ~/.ssh/id_ed25519.pub) ];
};
nix.trustedUsers = [ username ];
virtualisation.azureImage.diskSize = 2500;
system.stateVersion = "20.03";
boot.kernelPackages = pkgs.linuxPackages_latest;
# test user doesn't have a password
services.openssh.passwordAuthentication = false;
security.sudo.wheelNeedsPassword = false;
environment.systemPackages = with pkgs; [
git file htop wget curl
];
}

13
nixos/maintainers/scripts/azure-new/shell.nix Normal file
View File

@ -0,0 +1,13 @@
with (import ../../../../default.nix {});
stdenv.mkDerivation {
name = "nixcfg-azure-devenv";
nativeBuildInputs = [
azure-cli
bash
cacert
azure-storage-azcopy
];
AZURE_CONFIG_DIR="/tmp/azure-cli/.azure";
}

58
nixos/maintainers/scripts/azure-new/upload-image.sh Executable file
View File

@ -0,0 +1,58 @@
#!/usr/bin/env bash
set -euo pipefail
set -x
image_nix="${1:-"./examples/basic/image.nix"}"
nix-build "${image_nix}" --out-link "azure"
group="nixos-images"
location="westus2"
img_name="nixos-image"
img_file="$(readlink -f ./azure/disk.vhd)"
if ! az group show -n "${group}" &>/dev/null; then
az group create --name "${group}" --location "${location}"
fi
# note: the disk access token song/dance is tedious
# but allows us to upload direct to a disk image
# thereby avoid storage accounts (and naming them) entirely!
if ! az disk show -g "${group}" -n "${img_name}" &>/dev/null; then
bytes="$(stat -c %s ${img_file})"
size="30"
az disk create \
--resource-group "${group}" \
--name "${img_name}" \
--for-upload true --upload-size-bytes "${bytes}"
timeout=$(( 60 * 60 )) # disk access token timeout
sasurl="$(\
az disk grant-access \
--access-level Write \
--resource-group "${group}" \
--name "${img_name}" \
--duration-in-seconds ${timeout} \
| jq -r '.accessSas'
)"
azcopy copy "${img_file}" "${sasurl}" \
--blob-type PageBlob
az disk revoke-access \
--resource-group "${group}" \
--name "${img_name}"
fi
if ! az image show -g "${group}" -n "${img_name}" &>/dev/null; then
diskid="$(az disk show -g "${group}" -n "${img_name}" -o json | jq -r .id)"
az image create \
--resource-group "${group}" \
--name "${img_name}" \
--source "${diskid}" \
--os-type "linux" >/dev/null
fi
imageid="$(az image show -g "${group}" -n "${img_name}" -o json | jq -r .id)"
echo "${imageid}"

11
nixos/maintainers/scripts/ec2/amazon-image.nix
View File

@ -8,10 +8,15 @@ in {
imports = [ ../../../modules/virtualisation/amazon-image.nix ];
# Required to provide good EBS experience,
# Amazon recomments setting this to the highest possible value for a good EBS
# experience, which prior to 4.15 was 255.
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html#timeout-nvme-ebs-volumes
# TODO change value to 4294967295 when kernel is updated to 4.15 or later
config.boot.kernelParams = [ "nvme_core.io_timeout=255" ];
config.boot.kernelParams =
let timeout =
if pkgs.lib.versionAtLeast config.boot.kernelPackages.kernel.version "4.15"
then "4294967295"
else "255";
in [ "nvme_core.io_timeout=${timeout}" ];
options.amazonImage = {
name = mkOption {

5
nixos/modules/config/fonts/fontconfig.nix
View File

@ -45,6 +45,9 @@ let
# generate the font cache setting file for a fontconfig version
# use latest when no version is passed
# When cross-compiling, we cant generate the cache, so we skip the
# <cachedir> part. fontconfig still works but is a little slower in
# looking things up.
makeCacheConf = { version ? null }:
let
fcPackage = if version == null
@ -60,11 +63,13 @@ let
<fontconfig>
<!-- Font directories -->
${concatStringsSep "\n" (map (font: "<dir>${font}</dir>") config.fonts.fonts)}
${optionalString (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) ''
<!-- Pre-generated font caches -->
<cachedir>${cache}</cachedir>
${optionalString (pkgs.stdenv.isx86_64 && cfg.cache32Bit) ''
<cachedir>${cache32}</cachedir>
''}
''}
</fontconfig>
'';

1
nixos/modules/config/fonts/fontdir.nix
View File

@ -25,6 +25,7 @@ in
fonts = {
enableFontDir = mkOption {
type = types.bool;
default = false;
description = ''
Whether to create a directory with links to all fonts in

1
nixos/modules/config/fonts/ghostscript.nix
View File

@ -9,6 +9,7 @@ with lib;
fonts = {
enableGhostscriptFonts = mkOption {
type = types.bool;
default = false;
description = ''
Whether to add the fonts provided by Ghostscript (such as

2
nixos/modules/config/gtk/gtk-icon-cache.nix
View File

@ -77,7 +77,7 @@ with lib;
if [ -w "$themedir" ]; then
rm -f "$themedir"/icon-theme.cache
${pkgs.gtk3.out}/bin/gtk-update-icon-cache --ignore-theme-index "$themedir"
${pkgs.buildPackages.gtk3.out}/bin/gtk-update-icon-cache --ignore-theme-index "$themedir"
fi
done
'';

2
nixos/modules/config/ldap.nix
View File

@ -88,6 +88,7 @@ in
};
useTLS = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, use TLS (encryption) over an LDAP (port 389)
@ -109,6 +110,7 @@ in
daemon = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Whether to let the nslcd daemon (nss-pam-ldapd) handle the

2
nixos/modules/config/networking.nix
View File

@ -197,7 +197,7 @@ in
} // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
# /etc/rpc: RPC program numbers.
rpc.source = pkgs.glibc.out + "/etc/rpc";
rpc.source = pkgs.stdenv.cc.libc.out + "/etc/rpc";
};
networking.proxy.envVars =

139
nixos/modules/config/nsswitch.nix
View File

@ -10,35 +10,34 @@ let
canLoadExternalModules = config.services.nscd.enable;
myhostname = canLoadExternalModules;
mymachines = canLoadExternalModules;
# XXX Move these to their respective modules
nssmdns = canLoadExternalModules && config.services.avahi.nssmdns;
nsswins = canLoadExternalModules && config.services.samba.nsswins;
ldap = canLoadExternalModules && (config.users.ldap.enable && config.users.ldap.nsswitch);
sssd = canLoadExternalModules && config.services.sssd.enable;
resolved = canLoadExternalModules && config.services.resolved.enable;
googleOsLogin = canLoadExternalModules && config.security.googleOsLogin.enable;
hostArray = [ "files" ]
++ optional mymachines "mymachines"
++ optional nssmdns "mdns_minimal [NOTFOUND=return]"
++ optional nsswins "wins"
++ optional resolved "resolve [!UNAVAIL=return]"
++ [ "dns" ]
++ optional nssmdns "mdns"
++ optional myhostname "myhostname";
hostArray = mkMerge [
(mkBefore [ "files" ])
(mkIf mymachines [ "mymachines" ])
(mkIf nssmdns [ "mdns_minimal [NOTFOUND=return]" ])
(mkIf nsswins [ "wins" ])
(mkIf resolved [ "resolve [!UNAVAIL=return]" ])
(mkAfter [ "dns" ])
(mkIf nssmdns (mkOrder 1501 [ "mdns" ])) # 1501 to ensure it's after dns
(mkIf myhostname (mkOrder 1600 [ "myhostname" ])) # 1600 to ensure it's always the last
];
passwdArray = [ "files" ]
++ optional sssd "sss"
++ optional ldap "ldap"
++ optional mymachines "mymachines"
++ optional googleOsLogin "cache_oslogin oslogin"
++ [ "systemd" ];
passwdArray = mkMerge [
(mkBefore [ "files" ])
(mkIf ldap [ "ldap" ])
(mkIf mymachines [ "mymachines" ])
(mkIf canLoadExternalModules (mkAfter [ "systemd" ]))
];
shadowArray = [ "files" ]
++ optional sssd "sss"
++ optional ldap "ldap";
servicesArray = [ "files" ]
++ optional sssd "sss";
shadowArray = mkMerge [
(mkBefore [ "files" ])
(mkIf ldap [ "ldap" ])
];
in {
options = {
@ -61,17 +60,73 @@ in {
};
};
system.nssHosts = mkOption {
type = types.listOf types.str;
default = [];
example = [ "mdns" ];
description = ''
List of host entries to configure in <filename>/etc/nsswitch.conf</filename>.
'';
};
system.nssDatabases = {
passwd = mkOption {
type = types.listOf types.str;
description = ''
List of passwd entries to configure in <filename>/etc/nsswitch.conf</filename>.
Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
This option only takes effect if nscd is enabled.
'';
default = [];
};
group = mkOption {
type = types.listOf types.str;
description = ''
List of group entries to configure in <filename>/etc/nsswitch.conf</filename>.
Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
This option only takes effect if nscd is enabled.
'';
default = [];
};
shadow = mkOption {
type = types.listOf types.str;
description = ''
List of shadow entries to configure in <filename>/etc/nsswitch.conf</filename>.
Note that "files" is always prepended.
This option only takes effect if nscd is enabled.
'';
default = [];
};
hosts = mkOption {
type = types.listOf types.str;
description = ''
List of hosts entries to configure in <filename>/etc/nsswitch.conf</filename>.
Note that "files" is always prepended, and "dns" and "myhostname" are always appended.
This option only takes effect if nscd is enabled.
'';
default = [];
};
services = mkOption {
type = types.listOf types.str;
description = ''
List of services entries to configure in <filename>/etc/nsswitch.conf</filename>.
Note that "files" is always prepended.
This option only takes effect if nscd is enabled.
'';
default = [];
};
};
};
imports = [
(mkRenamedOptionModule [ "system" "nssHosts" ] [ "system" "nssDatabases" "hosts" ])
];
config = {
assertions = [
{
@ -87,30 +142,34 @@ in {
];
# Name Service Switch configuration file. Required by the C
# library. !!! Factor out the mdns stuff. The avahi module
# should define an option used by this module.
# library.
environment.etc."nsswitch.conf".text = ''
passwd: ${concatStringsSep " " passwdArray}
group: ${concatStringsSep " " passwdArray}
shadow: ${concatStringsSep " " shadowArray}
passwd: ${concatStringsSep " " config.system.nssDatabases.passwd}
group: ${concatStringsSep " " config.system.nssDatabases.group}
shadow: ${concatStringsSep " " config.system.nssDatabases.shadow}
hosts: ${concatStringsSep " " config.system.nssHosts}
hosts: ${concatStringsSep " " config.system.nssDatabases.hosts}
networks: files
ethers: files
services: ${concatStringsSep " " servicesArray}
services: ${concatStringsSep " " config.system.nssDatabases.services}
protocols: files
rpc: files
'';
system.nssHosts = hostArray;
system.nssDatabases = {
passwd = passwdArray;
group = passwdArray;
shadow = shadowArray;
hosts = hostArray;
services = mkBefore [ "files" ];
};
# Systemd provides nss-myhostname to ensure that our hostname
# always resolves to a valid IP address. It returns all locally
# configured IP addresses, or ::1 and 127.0.0.2 as
# fallbacks. Systemd also provides nss-mymachines to return IP
# addresses of local containers.
system.nssModules = (optionals canLoadExternalModules [ config.systemd.package.out ])
++ optional googleOsLogin pkgs.google-compute-engine-oslogin.out;
system.nssModules = (optionals canLoadExternalModules [ config.systemd.package.out ]);
};
}

6
nixos/modules/config/qt5.nix
View File

@ -6,8 +6,8 @@ let
cfg = config.qt5;
isQGnome = cfg.platformTheme == "gnome" && cfg.style == "adwaita";
isQtStyle = cfg.platformTheme == "gtk2" && cfg.style != "adwaita";
isQGnome = cfg.platformTheme == "gnome" && builtins.elem cfg.style ["adwaita" "adwaita-dark"];
isQtStyle = cfg.platformTheme == "gtk2" && !(builtins.elem cfg.style ["adwaita" "adwaita-dark"]);
packages = if isQGnome then [ pkgs.qgnomeplatform pkgs.adwaita-qt ]
else if isQtStyle then [ pkgs.libsForQt5.qtstyleplugins ]
@ -55,6 +55,7 @@ in
style = mkOption {
type = types.enum [
"adwaita"
"adwaita-dark"
"cleanlooks"
"gtk2"
"motif"
@ -71,6 +72,7 @@ in
<variablelist>
<varlistentry>
<term><literal>adwaita</literal></term>
<term><literal>adwaita-dark</literal></term>
<listitem><para>Use Adwaita Qt style with
<link xlink:href="https://github.com/FedoraQt/adwaita-qt">adwaita</link>
</para></listitem>

4
nixos/modules/config/vte.nix
View File

@ -16,6 +16,10 @@ in
{
meta = {
maintainers = teams.gnome.members;
};
options = {
programs.bash.vteIntegration = mkOption {

8
nixos/modules/config/xdg/autostart.nix
View File

@ -2,19 +2,23 @@
with lib;
{
meta = {
maintainers = teams.freedesktop.members;
};
options = {
xdg.autostart.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to install files to support the
Whether to install files to support the
<link xlink:href="https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html">XDG Autostart specification</link>.
'';
};
};
config = mkIf config.xdg.autostart.enable {
environment.pathsToLink = [
environment.pathsToLink = [
"/etc/xdg/autostart"
];
};

4
nixos/modules/config/xdg/icons.nix
View File

@ -2,6 +2,10 @@
with lib;
{
meta = {
maintainers = teams.freedesktop.members;
};
options = {
xdg.icons.enable = mkOption {
type = types.bool;

8
nixos/modules/config/xdg/menus.nix
View File

@ -2,19 +2,23 @@
with lib;
{
meta = {
maintainers = teams.freedesktop.members;
};
options = {
xdg.menus.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to install files to support the
Whether to install files to support the
<link xlink:href="https://specifications.freedesktop.org/menu-spec/menu-spec-latest.html">XDG Desktop Menu specification</link>.
'';
};
};
config = mkIf config.xdg.menus.enable {
environment.pathsToLink = [
environment.pathsToLink = [
"/share/applications"
"/share/desktop-directories"
"/etc/xdg/menus"

4
nixos/modules/config/xdg/mime.nix
View File

@ -2,6 +2,10 @@
with lib;
{
meta = {
maintainers = teams.freedesktop.members;
};
options = {
xdg.mime.enable = mkOption {
type = types.bool;

4
nixos/modules/config/xdg/portal.nix
View File

@ -7,6 +7,10 @@ with lib;
(mkRenamedOptionModule [ "services" "flatpak" "extraPortals" ] [ "xdg" "portal" "extraPortals" ])
];
meta = {
maintainers = teams.freedesktop.members;
};
options.xdg.portal = {
enable =
mkEnableOption "<link xlink:href='https://github.com/flatpak/xdg-desktop-portal'>xdg desktop integration</link>"//{

4
nixos/modules/config/xdg/sounds.nix
View File

@ -2,6 +2,10 @@
with lib;
{
meta = {
maintainers = teams.freedesktop.members;
};
options = {
xdg.sounds.enable = mkOption {
type = types.bool;

26
nixos/modules/hardware/opengl.nix
View File

@ -10,14 +10,6 @@ let
videoDrivers = config.services.xserver.videoDrivers;
makePackage = p: pkgs.buildEnv {
name = "mesa-drivers+txc-${p.mesa.version}";
paths =
[ p.mesa.drivers
(if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
];
};
package = pkgs.buildEnv {
name = "opengl-drivers";
paths = [ cfg.package ] ++ cfg.extraPackages;
@ -34,6 +26,9 @@ in
imports = [
(mkRenamedOptionModule [ "services" "xserver" "vaapiDrivers" ] [ "hardware" "opengl" "extraPackages" ])
(mkRemovedOptionModule [ "hardware" "opengl" "s3tcSupport" ] ''
S3TC support is now always enabled in Mesa.
'')
];
options = {
@ -74,17 +69,6 @@ in
'';
};
s3tcSupport = mkOption {
type = types.bool;
default = false;
description = ''
Make S3TC(S3 Texture Compression) via libtxc_dxtn available
to OpenGL drivers instead of the patent-free S2TC replacement.
Using this library may require a patent license depending on your location.
'';
};
package = mkOption {
type = types.package;
internal = true;
@ -166,8 +150,8 @@ in
environment.sessionVariables.LD_LIBRARY_PATH = mkIf cfg.setLdLibraryPath
([ "/run/opengl-driver/lib" ] ++ optional cfg.driSupport32Bit "/run/opengl-driver-32/lib");
hardware.opengl.package = mkDefault (makePackage pkgs);
hardware.opengl.package32 = mkDefault (makePackage pkgs.pkgsi686Linux);
hardware.opengl.package = mkDefault pkgs.mesa.drivers;
hardware.opengl.package32 = mkDefault pkgs.pkgsi686Linux.mesa.drivers;
boot.extraModulePackages = optional (elem "virtualbox" videoDrivers) kernelPackages.virtualboxGuestAdditions;
};

2
nixos/modules/hardware/raid/hpsa.nix
View File

@ -34,7 +34,7 @@ let
meta = with lib; {
description = "HP Smart Array CLI";
homepage = https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/;
homepage = "https://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/";
license = licenses.unfreeRedistributable;
platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [ volth ];

7
nixos/modules/hardware/sensor/iio.nix
View File

@ -8,7 +8,12 @@ with lib;
options = {
hardware.sensor.iio = {
enable = mkOption {
description = "Enable this option to support IIO sensors.";
description = ''
Enable this option to support IIO sensors.
IIO sensors are used for orientation and ambient light
sensors on some mobile devices.
'';
type = types.bool;
default = false;
};

19
nixos/modules/hardware/uinput.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }:
let
cfg = config.hardware.uinput;
in {
options.hardware.uinput = {
enable = lib.mkEnableOption "uinput support";
};
config = lib.mkIf cfg.enable {
boot.kernelModules = [ "uinput" ];
users.groups.uinput = {};
services.udev.extraRules = ''
SUBSYSTEM=="misc", KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
'';
};
}

12
nixos/modules/hardware/wooting.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
with lib;
{
options.hardware.wooting.enable =
mkEnableOption "Enable support for Wooting keyboards";
config = mkIf config.hardware.wooting.enable {
environment.systemPackages = [ pkgs.wootility ];
services.udev.packages = [ pkgs.wooting-udev-rules ];
};
}

4
nixos/modules/i18n/input-method/ibus.nix
View File

@ -75,5 +75,9 @@ in
QT_IM_MODULE = "ibus";
XMODIFIERS = "@im=ibus";
};
xdg.portal.extraPortals = mkIf config.xdg.portal.enable [
ibusPackage
];
};
}

7
nixos/modules/installer/cd-dvd/installation-cd-base.nix
View File

@ -1,7 +1,7 @@
# This module contains the basic configuration for building a NixOS
# installation CD.
{ config, lib, pkgs, ... }:
{ config, lib, options, pkgs, ... }:
with lib;
@ -15,11 +15,12 @@ with lib;
../../profiles/installation-device.nix
];
# Adds terminus_font for people with HiDPI displays
console.packages = options.console.packages.default ++ [ pkgs.terminus_font ];
# ISO naming.
isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
isoImage.volumeID = substring 0 11 "NIXOS_ISO";
# EFI booting
isoImage.makeEfiBootable = true;

5
nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix
View File

@ -7,10 +7,9 @@ with lib;
{
imports = [ ./installation-cd-graphical-base.nix ];
services.xserver.desktopManager.gnome3.enable = true;
isoImage.edition = "gnome";
# Wayland can be problematic for some hardware like Nvidia graphics cards.
services.xserver.displayManager.defaultSession = "gnome-xorg";
services.xserver.desktopManager.gnome3.enable = true;
services.xserver.displayManager.gdm = {
enable = true;

2
nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix
View File

@ -8,6 +8,8 @@ with lib;
{
imports = [ ./installation-cd-graphical-base.nix ];
isoImage.edition = "plasma5";
services.xserver = {
desktopManager.plasma5 = {
enable = true;

2
nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
View File

@ -8,5 +8,7 @@
[ ./installation-cd-base.nix
];
isoImage.edition = "minimal";
fonts.fontconfig.enable = false;
}

28
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -417,8 +417,17 @@ in
'';
};
isoImage.edition = mkOption {
default = "";
description = ''
Specifies which edition string to use in the volume ID of the generated
ISO image.
'';
};
isoImage.volumeID = mkOption {
default = "NIXOS_BOOT_CD";
# nixos-$EDITION-$RELEASE-$ARCH
default = "nixos${optionalString (config.isoImage.edition != "") "-${config.isoImage.edition}"}-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}";
description = ''
Specifies the label or volume ID of the generated ISO image.
Note that the label is used by stage 1 of the boot process to
@ -474,7 +483,7 @@ in
isoImage.efiSplashImage = mkOption {
default = pkgs.fetchurl {
url = https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/efi-background.png;
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/efi-background.png";
sha256 = "18lfwmp8yq923322nlb9gxrh5qikj1wsk6g5qvdh31c4h5b1538x";
};
description = ''
@ -484,7 +493,7 @@ in
isoImage.splashImage = mkOption {
default = pkgs.fetchurl {
url = https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/isolinux/bios-boot.png;
url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/isolinux/bios-boot.png";
sha256 = "1wp822zrhbg4fgfbwkr7cbkr4labx477209agzc0hr6k62fr6rxd";
};
description = ''
@ -515,6 +524,19 @@ in
};
config = {
assertions = [
{
assertion = !(stringLength config.isoImage.volumeID > 32);
# https://wiki.osdev.org/ISO_9660#The_Primary_Volume_Descriptor
# Volume Identifier can only be 32 bytes
message = let
length = stringLength config.isoImage.volumeID;
howmany = toString length;
toomany = toString (length - 32);
in
"isoImage.volumeID ${config.isoImage.volumeID} is ${howmany} characters. That is ${toomany} characters longer than the limit of 32.";
}
];
boot.loader.grub.version = 2;

8
nixos/modules/installer/tools/nix-fallback-paths.nix
View File

@ -1,6 +1,6 @@
{
x86_64-linux = "/nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3";
i686-linux = "/nix/store/5axys7hsggb4282dsbps5k5p0v59yv13-nix-2.3.3";
aarch64-linux = "/nix/store/k80nwvi19hxwbz3c9cxgp24f1jjxwmcc-nix-2.3.3";
x86_64-darwin = "/nix/store/lrnvapsqmf0ja6zfyx4cpxr7ahdr7f9b-nix-2.3.3";
x86_64-linux = "/nix/store/8928ygfyf9iassfrnj76v55s6zid58ja-nix-2.3.4";
i686-linux = "/nix/store/b5cx3nmba9ahx3wk5ybxa67k40pdpdxn-nix-2.3.4";
aarch64-linux = "/nix/store/p6j4mis6agdjlk4j0cyg7yh58wpm3kif-nix-2.3.4";
x86_64-darwin = "/nix/store/aizhr07dljmlbf17wfrj40x3s0b5iv3d-nix-2.3.4";
}

7
nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
View File

@ -3,7 +3,12 @@
, networkExpr
}:
let nodes = import networkExpr; in
let
nodes = builtins.mapAttrs (vm: module: {
_file = "${networkExpr}@node-${vm}";
imports = [ module ];
}) (import networkExpr);
in
with import ../../../../lib/testing-python.nix {
inherit system;

12
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -91,9 +91,6 @@ sub hasCPUFeature {
}
# Detect the number of CPU cores.
my $cpus = scalar (grep {/^processor\s*:/} (split '\n', $cpuinfo));
# Determine CPU governor to use
if (-e "/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors") {
@ -183,7 +180,7 @@ sub pciCheck {
) )
{
# we need e.g. brcmfmac43602-pcie.bin
push @imports, "<nixpkgs/nixos/modules/hardware/network/broadcom-43xx.nix>";
push @imports, "(modulesPath + \"/hardware/network/broadcom-43xx.nix\")";
}
# Can't rely on $module here, since the module may not be loaded
@ -282,7 +279,7 @@ if ($virt eq "oracle") {
# Likewise for QEMU.
if ($virt eq "qemu" || $virt eq "kvm" || $virt eq "bochs") {
push @imports, "<nixpkgs/nixos/modules/profiles/qemu-guest.nix>";
push @imports, "(modulesPath + \"/profiles/qemu-guest.nix\")";
}
# Also for Hyper-V.
@ -299,7 +296,7 @@ if ($virt eq "systemd-nspawn") {
# Provide firmware for devices that are not detected by this script,
# unless we're in a VM/container.
push @imports, "<nixpkgs/nixos/modules/installer/scan/not-detected.nix>"
push @imports, "(modulesPath + \"/installer/scan/not-detected.nix\")"
if $virt eq "none";
@ -552,7 +549,7 @@ my $hwConfig = <<EOF;
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, modulesPath, ... }:
{
imports =${\multiLineList(" ", @imports)};
@ -562,7 +559,6 @@ my $hwConfig = <<EOF;
boot.kernelModules = [$kernelModules ];
boot.extraModulePackages = [$modulePackages ];
$fsAndSwap
nix.maxJobs = lib.mkDefault $cpus;
${\join "", (map { " $_\n" } (uniq @attrs))}}
EOF

16
nixos/modules/installer/tools/tools.nix
View File

@ -42,7 +42,10 @@ let
inherit (config.system.nixos-generate-config) configuration;
};
nixos-option = pkgs.callPackage ./nixos-option { };
nixos-option =
if lib.versionAtLeast (lib.getVersion pkgs.nix) "2.4pre"
then null
else pkgs.callPackage ./nixos-option { };
nixos-version = makeProg {
name = "nixos-version";
@ -108,10 +111,10 @@ in
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# };
# Set your time zone.
@ -184,10 +187,9 @@ in
nixos-install
nixos-rebuild
nixos-generate-config
nixos-option
nixos-version
nixos-enter
];
] ++ lib.optional (nixos-option != null) nixos-option;
system.build = {
inherit nixos-install nixos-generate-config nixos-option nixos-rebuild nixos-enter;

Some files were not shown because too many files have changed in this diff Show More