Build was broken as release-0.6.0 didn't support opentimestamps-0.4.0.
Applying the patch which relaxes the version contraints in `setup.py`
helps.
Furthermore the tests were broken as they missed the `git` executable.
This causes collisions between the build outputs of `nix` when building
in an environment with `nix1.perl-bindings` and `nix`:
```
collision between `/nix/store/aa4rrcj7dg2xj4rfkiclcmp745ibqng0-nix-2.0.4/lib/libnixstore.so' and `/nix/store/sp0sdi4bll80h58big1iy8kkh3qqxpw2-nix-1.11.16/lib/libnixstore.so'
builder for '/nix/store/wgbccin107lhm8cv9imnnvkx1j2pgibc-hydra-perl-deps.drv' failed with exit code 25
```
This commit rebuilds texlive 2017 with the final release of 2017. As described
in these issues [1][2][3], the upstream CTAN mirrors are a continuously moving
rolling release without historical archives.
This particular FTP server is also a rolling release folling CTAN for the latest
version, but it has snapshots of the final texlive releases; it appears that the
2017 distribution has been unmodified since texlive-2018 was released earlier
this year.
Along the way, we needed to fix several issues:
- xindy: if $HOME is unset, it will try to mkdir /homeless-shelter, which fails
due to insufficient permissions.
- scheme-infraonly: this scheme had symlinks into other releases that were
read-only, so it couldn't patch and modify the scripts. This commit removes it
for now, but that's not a particularly satisfying solution. Ideas?
This also adds some documentation on the upgrade process to prepare for
texlive-2018 [4].
This commit also replaces the sha1 hashes with upstream's standard sha512 hashes.
It appears the motivation for the shorter hashes was to save disk space in the
derivations; in master, the size of this directory is 1012K; in this commit it
is 1600K. The difference is not particularly large, and the downsides to using
our own sha1 hashes are:
- More nix code to maintain
- Multi-step upgrade process for maintainers: the maintainer first has to
download all upstream tarballs by sha512 hash, then run the fix script, then
rebuild with sha1 hashes.
- Less transparent. If we use the upstream sha512 hashes, any user can
immediately verify that the hashes we're providing match upstream, or match
the snapshot in time.
- Easier to debug. Since upstream is rolling and packages may disappear or fail
to build, it's useful to be able to determine if the sha mismatch is because
of an update or not; if we have a sha1 mismatch and no tarball to pull, we
can't figure out which sha512sum would have produced that sha1.
- Less trust required. Due to the above, users don't have to trust the
content-addressed mirrors on IPFS and @veprbl's servers as much.
- Easier to cobble together a source distribution from a variety of sources. It
seems some FTP servers have more/less than others, or older/newer packages. If
we know what we're looking for beforehand and we're just missing a few
packages whose hashes match the advertised hashes upstream, it's easier to find.
[1] https://github.com/NixOS/nixpkgs/issues/24683
[2] https://github.com/NixOS/nixpkgs/issues/10026
[3] https://github.com/NixOS/nixpkgs/issues/34490
[4] https://github.com/NixOS/nixpkgs/issues/40232
Refactors the process used to build the Datadog core integrations to
be more easily extensible with integrations other than the ones built
and installed by default.
Documentation has been added in relevant parts of the module to
describe how the process works.
As a high-level overview:
The `datadog-integrations-core` attribute in the top-level package set
now accepts an extra parameter.
This parameter is an attribute set where each key is the name of a
Datadog integration as it appears in Datadog's integrations-core
repository[1], and the value is a function that receives the Python
package set and returns the required dependencies of this integration.
For example:
datadog-integrations-core {
ntp = (ps: [ ps.ntplib ]);
};
This would build the default integrations and, additionally, the `ntp`
integration.
To support passing the modified Python environment to the
datadog-agent itself, the `python` key has been moved inside of the
derivation which means that it will be made overridable.
This relates to NixOS/nixpkgs#40399.
[1]: https://github.com/DataDog/integrations-core
DataDog have adopted a subtle naming convention:
- dd-agent refers to the v5 Python implementation
- datadog-agent refers to the v6 golang implementation
The user who wrote this code on GitHub has since deleted their account,
making any updates impossible. Furthermore, this package is redundant
anyway: Zstandard has been shipping a compatible 'zstdmt' binary, API,
and stable multi-threading support for over a year now.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
As per project's README:
> Recent systems can resolve IPv6 host names using getaddrinfo(). This
> primitive is not present in all libcs and does not work in all of
> them either. Support in glibc was broken before 2.3. Some embedded
> libs may not properly work either, thus, support is disabled by
> default, meaning that some host names which only resolve as IPv6
> addresses will not resolve and configs might emit an error during
> parsing. If you know that your OS libc has reliable support for
> getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command
> line to enable it. This is the recommended option for most Linux
> distro packagers since it's working fine on all recent mainstream
> distros. It is automatically enabled on Solaris 8 and above, as it's
> known to work.
Without this option, it is not possible for HAProxy to solve IPv6-only
names. This option is enabled in Debian builds without any notable
adverse effect.
The patches previously applied have been included upstream. Upstream
changelog (only MAJOR/MEDIUM):
2018/07/30 : 1.8.13
- BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
- BUG/MEDIUM: h2: never leave pending data in the output buffer on close
- BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
- BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
- BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
- BUG/MEDIUM: stats: don't ask for more data as long as we're responding
- BUG/MEDIUM: threads/sync: use sched_yield when available
- BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
- BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
- BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
- MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
2018/06/27 : 1.8.12
- BUG/MAJOR: stick_table: Complete incomplete SEGV fix
2018/06/26 : 1.8.11
- BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table
2018/06/22 : 1.8.10
- BUG/MEDIUM: spoe: Flags are not encoded in network order
- BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags
- BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags
- BUG/MEDIUM: cache: don't cache when an Authorization header is present
- BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure.
- BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.
- BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
- BUG/MEDIUM: lua/socket: Length required read doesn't work
- BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
- BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode
- BUG/MEDIUM: lua/socket: wrong scheduling for sockets
- BUG/MAJOR: lua: Dead lock with sockets
- BUG/MEDIUM: lua/socket: Notification error
- BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock
- BUG/MEDIUM: lua/socket: Buffer error, may segfault
- MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0
- BUG/MEDIUM: threads: handle signal queue only in thread 0
- BUG/MAJOR: map: fix a segfault when using http-request set-map
- BUG/MAJOR: ssl: Random crash with cipherlist capture
- BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
- BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
- BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
The web_access.patch would no longer apply.
It disabled a check that required the static files
for the web UI to be owned by the user the daemon runs as
(not root, so it doesn't work well with nix).
Besides updating netdata, this commit removes that patch,
changes the netdata service config to set the "web files owner/group"
option to "root" and adds a test that checks that the web UI is being served.
This allows the web files to be owned by root without patching.
I *want* cross-specific overrides to be verbose, so I rather not have
this shorthand. This makes the syntactic overhead more proportional to
the maintainence cost. Hopefully this pushes people towards fewer
conditionals and more abstractions.
Since the switch to using python3Packages in commit
72934aa94e, the plugins no longer build
because they end up with a mix of Python 2 and Python 3 packages.
The reason for this is that the Beets package itself uses callPackage to
reference the plugins, however the overrides are not applied there and
thus the plugins end up getting pythonPackages from the top-level which
is Python 2 and beets with Python 3 dependencies.
Unfortunately this is not the only reason for the builds to fail,
because both plugins did not actually support Python 3.
For the copyartifacts plugin, the fix is rather easy because we only
need to advance to two more recent commits from upstream, which already
contain fixes for Python 3.
The alternatives plugin on the other hand is not maintained anymore, but
there is a fork at https://github.com/wisp3rwind/beets-alternatives
which has a bunch of fixes. In 2e4aded366
I already backported one of these fixes to the version from
https://github.com/geigerzaehler/beets-alternatives, but for Python 3
support it's a bit more complicated than just one little fix.
So instead of adding another series of patches which replicate the code
base of the fork and become a maintenance burden, I opted to directly
switch to the fork and remove the patch on our side.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @domenkozar, @pjones, @Profpatsch
`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).
This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:
* `plain` (mostly username/password)
* `pam`
The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.
The module can be used like this:
``` nix
{
services.ocserv = {
enable = true;
config = ''
...
'';
};
}
```
The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.
The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:
```
run-as-user = nobody
run-as-group = nogroup
```
/cc @tenten8401
Fixes#42594
coreutils is part of stdenv, which doesn't allow openssl currently.
It's unclear that adding openssl to stdenv was intended,
but if it was it was not discussed or mentioned.
To unbreak "all the things", reverting until this
has been discussed and a proper fix has been put together.
This reverts commit df9f76c62d, reversing
changes made to 585ded7329.
Unlike on linux these are not namespaced per user so this will cause
build failures if /tmp/nix-test was not removed by a previous build if
the nixbld user id doesn't match by accident. Nix already creates a
unique tempdir for builds so we can use that instead.
Fixes#44172
* The ELK stack is upgraded to 6.3.2.
* `elasticsearch6`, `logstash6` and `kibana6` now come with X-Pack which is
a suite of additional features. These are however licensed under the unfree
"Elastic License".
* Fortunately they also provide OSS versions which are now packaged
under: `elasticsearch6-oss`, `logstash6-oss` and `kibana6-oss`.
Note that the naming of the attributes is consistent with upstream.
* The test `nix-build nixos/tests/elk.nix -A ELK-6` will test the OSS
version by default. You can also run the test on the unfree ELK using:
`NIXPKGS_ALLOW_UNFREE=1 nix-build nixos/tests/elk.nix -A ELK-6 --arg enableUnfree true`