diff --git a/doc/builders/images/dockertools.section.md b/doc/builders/images/dockertools.section.md index 23662f9bbfe4..2d21eb1c2e07 100644 --- a/doc/builders/images/dockertools.section.md +++ b/doc/builders/images/dockertools.section.md @@ -147,6 +147,10 @@ Create a Docker image with many of the store paths being on their own layer to i : Shell commands to run while building the final layer, without access to most of the layer contents. Changes to this layer are "on top" of all the other layers, so can create additional directories and files. +`fakeRootCommands` _optional_ + +: Shell commands to run while creating the archive for the final layer in a fakeroot environment. Unlike `extraCommands`, you can run `chown` to change the owners of the files in the archive, changing fakeroot's state instead of the real filesystem. The latter would require privileges that the build user does not have. Static binaries do not interact with the fakeroot environment. By default all files in the archive will be owned by root. + ### Behavior of `contents` in the final image {#dockerTools-buildLayeredImage-arg-contents} Each path directly listed in `contents` will have a symlink in the root of the image. diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index d6e2904b3c36..78ea245cb351 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -156,7 +156,6 @@ in securityType = mkOption { type = types.str; default = "user"; - example = "share"; description = "Samba security type"; }; diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index a0e81b613ce8..80d527b453fa 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -313,5 +313,13 @@ import ./make-test-python.nix ({ pkgs, ... }: { docker.succeed( "docker images --format '{{.Repository}}' | grep -F '${examples.prefixedLayeredImage.imageName}'" ) + + with subtest("buildLayeredImage supports running chown with fakeRootCommands"): + docker.succeed( + "docker load --input='${examples.layeredImageWithFakeRootCommands}'" + ) + docker.succeed( + "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'" + ) ''; }) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index a73737cb1231..b03bfcca87f4 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -7,6 +7,7 @@ coreutils, docker, e2fsprogs, + fakeroot, findutils, go, jq, @@ -740,6 +741,9 @@ rec { created ? "1970-01-01T00:00:01Z", # Optional bash script to run on the files prior to fixturizing the layer. extraCommands ? "", + # Optional bash script to run inside fakeroot environment. + # Could be used for changing ownership of files in customisation layer. + fakeRootCommands ? "", # We pick 100 to ensure there is plenty of room for extension. I # believe the actual maximum is 128. maxLayers ? 100 @@ -765,19 +769,24 @@ rec { customisationLayer = symlinkJoin { name = "${baseName}-customisation-layer"; paths = contentsList; - inherit extraCommands; + inherit extraCommands fakeRootCommands; + nativeBuildInputs = [ fakeroot ]; postBuild = '' mv $out old_out (cd old_out; eval "$extraCommands" ) mkdir $out - tar \ - --sort name \ - --owner 0 --group 0 --mtime "@$SOURCE_DATE_EPOCH" \ - --hard-dereference \ - -C old_out \ - -cf $out/layer.tar . + fakeroot bash -c ' + source $stdenv/setup + cd old_out + eval "$fakeRootCommands" + tar \ + --sort name \ + --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ + --hard-dereference \ + -cf $out/layer.tar . + ' sha256sum $out/layer.tar \ | cut -f 1 -d ' ' \ diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 9c7d46812140..f6b468942fe0 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -484,4 +484,17 @@ rec { tag = "latest"; config.Cmd = [ "${pkgs.hello}/bin/hello" ]; }; + + # layered image with files owned by a user other than root + layeredImageWithFakeRootCommands = pkgs.dockerTools.buildLayeredImage { + name = "layered-image-with-fake-root-commands"; + tag = "latest"; + contents = [ + pkgs.pkgsStatic.busybox + ]; + fakeRootCommands = '' + mkdir -p ./home/jane + chown 1000 ./home/jane + ''; + }; } diff --git a/pkgs/development/python-modules/bokeh/default.nix b/pkgs/development/python-modules/bokeh/default.nix index 3e605af19b9b..92dc2e806798 100644 --- a/pkgs/development/python-modules/bokeh/default.nix +++ b/pkgs/development/python-modules/bokeh/default.nix @@ -33,11 +33,11 @@ buildPythonPackage rec { pname = "bokeh"; - version = "2.3.0"; + version = "2.2.3"; # update together with panel which is not straightforward src = fetchPypi { inherit pname version; - sha256 = "dd417708f90702190222b1068a645acae99e66d4b58d7a336d545aeaa04e9b40"; + sha256 = "c4a3f97afe5f525019dd58ee8c4e3d43f53fe1b1ac264ccaae9b02c07b2abc17"; }; patches = [ diff --git a/pkgs/development/python-modules/pychromecast/default.nix b/pkgs/development/python-modules/pychromecast/default.nix index cbf96f11a173..cc68d83d02b0 100644 --- a/pkgs/development/python-modules/pychromecast/default.nix +++ b/pkgs/development/python-modules/pychromecast/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "PyChromecast"; - version = "9.1.1"; + version = "9.1.2"; src = fetchPypi { inherit pname version; - sha256 = "sha256-q52h0u9CSx/HVfZDb1RaVgVuxt4kB16T82nqyOuCGDc="; + sha256 = "sha256-kHZWzqRtOdDpPsgVl5V470+29lX9i/TojmQh/NeCToU="; }; disabled = !isPy3k; diff --git a/pkgs/development/python-modules/transitions/default.nix b/pkgs/development/python-modules/transitions/default.nix index 013cf73ee1f9..c469875728cd 100644 --- a/pkgs/development/python-modules/transitions/default.nix +++ b/pkgs/development/python-modules/transitions/default.nix @@ -7,15 +7,16 @@ , mock , graphviz , pycodestyle +, fontconfig }: buildPythonPackage rec { pname = "transitions"; - version = "0.8.7"; + version = "0.8.8"; src = fetchPypi { inherit pname version; - sha256 = "8c60ec0828cd037820726283cad5d4d77a5e31514e058b51250420e9873e9bc7"; + sha256 = "sha256-56hrMaFhp2Ez8Ymzrp2tJ1WoDqTB4O7hgFZI0CH7Z30="; }; propagatedBuildInputs = [ @@ -30,10 +31,9 @@ buildPythonPackage rec { pycodestyle ]; - disabledTests = [ - # Fontconfig error: Cannot load default config file - "test_diagram" - ]; + preCheck = '' + export FONTCONFIG_FILE=${fontconfig.out}/etc/fonts/fonts.conf + ''; meta = with lib; { homepage = "https://github.com/pytransitions/transitions"; diff --git a/pkgs/development/tools/documentation/gi-docgen/default.nix b/pkgs/development/tools/documentation/gi-docgen/default.nix index 186045c9aa84..72b5364eb45d 100644 --- a/pkgs/development/tools/documentation/gi-docgen/default.nix +++ b/pkgs/development/tools/documentation/gi-docgen/default.nix @@ -24,7 +24,7 @@ python3.pkgs.buildPythonApplication rec { # Add pkg-config file so that Meson projects can find this. # https://gitlab.gnome.org/ebassi/gi-docgen/merge_requests/26 (fetchpatch { - url = "https://gitlab.gnome.org/ebassi/gi-docgen/commit/d65ed2e4827c4129d26e3c1df9a48054b4e72c50.patch"; + url = "https://gitlab.gnome.org/jtojnar/gi-docgen/commit/d65ed2e4827c4129d26e3c1df9a48054b4e72c50.patch"; sha256 = "BEefcHiAd/HTW5zo39J2WtfQjGXUkNFB6MDJj8/Ge80="; }) diff --git a/pkgs/development/tools/ginkgo/default.nix b/pkgs/development/tools/ginkgo/default.nix index 75870e487046..e5883501f819 100644 --- a/pkgs/development/tools/ginkgo/default.nix +++ b/pkgs/development/tools/ginkgo/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "ginkgo"; - version = "1.16.0"; + version = "1.16.1"; src = fetchFromGitHub { owner = "onsi"; repo = "ginkgo"; rev = "v${version}"; - sha256 = "sha256-phVpOKgMhebkVQlMDO/9IrETe72hXTgyGJtlKipKgv0="; + sha256 = "sha256-nlNft9jOp8V8ks32LOb4wUTkRrXJ5K49gbHuRmCKz/0="; }; vendorSha256 = "sha256-tS8YCGVOsfQp02vY6brmE3pxi70GG9DYcp1JDkcVG9Y="; doCheck = false; diff --git a/pkgs/development/web/nodejs/v15.nix b/pkgs/development/web/nodejs/v15.nix index 953b534e8504..d22c2f213b91 100644 --- a/pkgs/development/web/nodejs/v15.nix +++ b/pkgs/development/web/nodejs/v15.nix @@ -8,6 +8,6 @@ let in buildNodejs { inherit enableNpm; - version = "15.13.0"; - sha256 = "1wd859bxd8j97xl98k61g0vwcmy83wvjj04fgway38aapk9abp4h"; + version = "15.14.0"; + sha256 = "0vm6jdazqjd1plqsgngzvjrafv2d3mdahk6il4ray02gx97dq8l1"; } diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index 2e49c8b67968..52216bebc2da 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -197,6 +197,7 @@ in with py.pkgs; buildPythonApplication rec { "caldav" "calendar" "camera" + "cast" "climate" "cloud" "command_line" diff --git a/pkgs/servers/zigbee2mqtt/default.nix b/pkgs/servers/zigbee2mqtt/default.nix index 85465fd7d145..2a7c31a47a0f 100644 --- a/pkgs/servers/zigbee2mqtt/default.nix +++ b/pkgs/servers/zigbee2mqtt/default.nix @@ -3,6 +3,8 @@ let package = (import ./node.nix { inherit pkgs system; }).package; in package.override rec { + # don't upgrade! Newer versions cause stack overflows and fail trunk-combined + # see https://github.com/NixOS/nixpkgs/pull/118400 version = "1.16.2"; reconstructLock = true; diff --git a/pkgs/tools/admin/nomachine-client/default.nix b/pkgs/tools/admin/nomachine-client/default.nix index fa5763178bd5..0daa65cc9804 100644 --- a/pkgs/tools/admin/nomachine-client/default.nix +++ b/pkgs/tools/admin/nomachine-client/default.nix @@ -1,10 +1,10 @@ { lib, stdenv, file, fetchurl, makeWrapper, autoPatchelfHook, jsoncpp, libpulseaudio }: let - versionMajor = "7.2"; - versionMinor = "3"; - versionBuild_x86_64 = "8"; - versionBuild_i686 = "8"; + versionMajor = "7.4"; + versionMinor = "1"; + versionBuild_x86_64 = "1"; + versionBuild_i686 = "1"; in stdenv.mkDerivation rec { pname = "nomachine-client"; @@ -14,12 +14,12 @@ in if stdenv.hostPlatform.system == "x86_64-linux" then fetchurl { url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_${versionBuild_x86_64}_x86_64.tar.gz"; - sha256 = "1x60vmngq4927qvy6ljmyvwlz5lapilld3495w3y3jdllwd3dxp4"; + sha256 = "1qir9ii0h5ali87mjzjl72dm1ky626d7y59jfpglakqxzqhjamdz"; } else if stdenv.hostPlatform.system == "i686-linux" then fetchurl { url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_${versionBuild_i686}_i686.tar.gz"; - sha256 = "0dx921g6w3gk0x4p771qqxbbi16vl11hmdzzwhfczrq90pgzrhks"; + sha256 = "1gxiysc09k3jz1pkkyfqgw2fygcnmrnskk6b9vn4fjnvsab4py60"; } else throw "NoMachine client is not supported on ${stdenv.hostPlatform.system}";