Commit Graph

347078 Commits

Author SHA1 Message Date
Markus Kowalewski
17d0b66cf6
gromacs: 2021.4 -> 2021.5 2022-01-17 15:50:31 +01:00
Janne Heß
9049874ff1
uriparser: Fix cross building
When cross building, we need to disable building tests or cmake will
complain about the missing gtest.

Also switching from targetPlatform to buildPlatform caused doCheck to be
properly set to false
2022-01-17 15:44:22 +01:00
Felix Buehler
91dfaa5453 nixos/borgbackup: start remote backup only if network is available 2022-01-17 15:42:39 +01:00
blargg
697198834c nixos/borgbackup: Add a persistentTimer option.
Persistent starts the backup service on power on if it was missed while
the system was powered down, for example.
2022-01-17 15:42:37 +01:00
Spencer Janssen
ed5883c1b6 zrepl: 0.4.0 -> 0.5.0 2022-01-17 15:35:45 +01:00
Bobby Rong
467dd2df05
Merge pull request #154837 from bobby285271/pantheon-meson
Pantheon: prepare for meson 0.61
2022-01-17 22:27:53 +08:00
Bobby Rong
483aec3fe0
Merge pull request #155247 from trofi/fix-aumix-for-fno-common
aumix: fix build against fno-common toolchains
2022-01-17 22:05:59 +08:00
legendofmiracles
170b6b096f
Merge pull request #155218 from afreakk/patch-1 2022-01-17 07:50:13 -06:00
Bobby Rong
9b59effb02
Merge pull request #154798 from collares/lean-3.38
lean: 3.37.0 -> 3.38.0
2022-01-17 21:40:56 +08:00
Vladimír Čunát
9822f31f0b
Merge #154506: release.nix: fix eval with aarch64-
... in case when no x86_64-darwin is supported
2022-01-17 14:31:11 +01:00
Bobby Rong
bcfd043049
Merge pull request #154482 from r-ryantm/auto-update/tanka
tanka: 0.17.3 -> 0.19.0
2022-01-17 21:30:36 +08:00
Bobby Rong
1a005c7890
Merge pull request #155368 from veprbl/pr/broken_intel-graphics-compiler
intel-graphics-compiler: mark as broken on darwin
2022-01-17 21:28:31 +08:00
Bobby Rong
bd05750ca6
Merge pull request #155111 from wentasah/amc-fix-texinputs
auto-multiple-choice: Fix TEXINPUTS
2022-01-17 21:24:45 +08:00
Ninjatrappeur
9739b153f2
Merge pull request #155266 from mweinelt/hostapd 2022-01-17 14:22:59 +01:00
Bobby Rong
03f3a0d8c0
Merge pull request #155264 from hrhino/fix/arrayfire
arrayfire: 3.6.4 -> 3.7.3
2022-01-17 20:50:53 +08:00
Martin Weinelt
738ff6b30c
wpa_supplicant: 2.9 -> 2.10 2022-01-17 13:42:09 +01:00
Martin Weinelt
90482284fa
hostapd: 2.9 -> 2.10 2022-01-17 13:42:09 +01:00
Sandro
5b62117fce
Merge pull request #155284 from SuperSandro2000/python39Packages.google-cloud-testutils 2022-01-17 13:32:14 +01:00
Sandro
a141ebdaeb
Merge pull request #155286 from SuperSandro2000/python39Packages.google-cloud-storage 2022-01-17 13:31:52 +01:00
Dmitry Kalinkin
e53337159f
intel-graphics-compiler: mark as broken on darwin 2022-01-17 07:28:37 -05:00
Sandro
a2eb380988
Merge pull request #155289 from SuperSandro2000/python39Packages.google-api-core 2022-01-17 13:15:11 +01:00
Sandro
de5bf4f833
Merge pull request #155311 from cpcloud/bump-pulumi 2022-01-17 13:12:37 +01:00
Bobby Rong
02de14e258
Merge pull request #155018 from bbigras/kopia
kopia: 0.9.8 -> 0.10.0
2022-01-17 20:12:26 +08:00
Ryan Lahfa
dcdc03c7c1
python3Packages.socketio-client: init at 0.7.2 (#155269)
Co-authored-by: Fabian Affolter <mail@fabian-affolter.ch>
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-01-17 13:12:04 +01:00
Fabian Affolter
86e6b9170c
Merge pull request #155307 from fabaff/fix-gvm-tools
python3Packages.gvm-tools: disable failing tests
2022-01-17 13:06:40 +01:00
Fabian Affolter
0a534832f6
Merge pull request #155302 from fabaff/fix-build
python3Packages.build: ignore DeprecationWarning
2022-01-17 13:04:32 +01:00
Fabian Affolter
926271efca
Merge pull request #155301 from fabaff/fix-commoncode
python310Packages.commoncode: disable failing test
2022-01-17 13:02:00 +01:00
Fabian Affolter
73e71ed4cd
Merge pull request #155312 from fabaff/fix-demjson
python3Packages.demjson: only run tests on Python 2
2022-01-17 13:00:18 +01:00
Bobby Rong
262f5046c5
Merge pull request #155310 from 06kellyjac/deno
deno: 1.17.2 -> 1.17.3
2022-01-17 19:57:36 +08:00
talyz
95430e31f5
nixos/keycloak: Reformat the code with nixpkgs-fmt 2022-01-17 12:47:53 +01:00
talyz
21b1de2bcd
nixos/keycloak: Inherit library functions and builtins
Instead of referencing all library functions through `lib.` and
builtins through `builtins.` at every invocation, inherit them into
the appropriate scope.
2022-01-17 12:42:30 +01:00
Elis Hirwing
4f26cbfadb
Merge pull request #155122 from drupol/php/bump-to-7-4-27
php: 7.4.26 -> 7.4.27, 8.0.13 -> 8.0.14
2022-01-17 12:41:50 +01:00
Michal Sojka
a6f6108149 inkscape: fix line spacing problem
Inkscape does not work well with with Pango 1.49+ (nixpkgs has Pango
1.50.0). An upstream commit with the fix will be a part of upcomming
1.1.2 release due in a month. Until than, let's apply the fix in
nixpkgs.
2022-01-17 12:33:57 +01:00
Yarny0
756f45306b tsm-client: 8.1.13.2 -> 8.1.13.3
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6540692 (CVE-2021-44832)
2022-01-17 12:09:27 +01:00
Yarny0
be904af99c tsm-client: 8.1.13.1 -> 8.1.13.2
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6537640 (CVE-2021-45105, CVE-2021-45046)
2022-01-17 12:09:27 +01:00
Yarny0
4a42ca06c1 tsm-client: 8.1.13.0 -> 8.1.13.1
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6527080 (CVE-2021-44228)
2022-01-17 12:09:27 +01:00
Yarny0
66d068bf66 tsm-client: use rpm source instead of deb/Ubuntu
IBM publishes their IBM Spectrum Protect client
for Linux in two flavors:

* "Linux x86_64 client"
* "Linux x86_64 Ubuntu client"

Up to this commit, nixpkgs used the Ubuntu
flavor to build its `tsm-client` derivation.
However, the history of published archive files in

* https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/client/v8r1/Linux/
* https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/client/v8r1/Linux/

suggests that updates in the fourth level of
the version numbers (e.g. 8.1.13.0 -> 8.1.13.1)
do not get published as Ubuntu flavor.
It order to be able to always use the latest release,
this commit switches to the non-Ubuntu flavor.
The non-Ubuntu archive contains rpm files,
so this commit switches from `ar` to `rpmextract`.
Instead of unpacking all deb files,
the build recipe now unpacks all _but one_ rpm file:
The file `TIVsm-WEBGUI.x86_64.rpm` apparently
contains a plugin that is not included
in the Ubuntu version (see note below).
Comparing the old and the new derivation's output indicates
that this choice minimizes the difference between the results:

The output of the old (Ubuntu flavor) derivation contains:
* `commons-codec-1.6.jar`
* `share/` with changelog and copyright information
  for the packages `gskssl64` and `gskcrypt64`

The output of the new (non-Ubuntu flavor) derivation contains:
* `lib64`, symlink to `lib`
* `commons-codec-1.14.jar`
* `opt/tivoli/tsm/license/{api,baclient}/sm/`
  with license agreement files in many languages

Besides these differences, the outputs' file names are equal.

Note: I don't know what functionality
`TIVsm-WEBGUI.x86_64.rpm` actually provides.
Unpacking it with the other rpm files makes patchelf complain
about missing X11 libraries, so in order to include it here,
one would likely need to add those to `buildInputs`.
However, as the old (Ubuntu flavor) `tsm-client` package
did not contain this functionality and as I cannot test
or use it in any way, I opted to not include it now.
If we want to include this with a later commit,
we should add another package build option (like `enableGui`)
so that the default `tsm-client` package does not pull in
X11 libraries and its closure size therefore stays small.
2022-01-17 12:09:27 +01:00
Yarny0
f6dca95c5d tsm-client: add test derivation and a module test
The tsm-client needs a tsm-server to do anything useful.
Without a server, automated tests can just
check diagnostic outputs for plausibility.

The commit at hand adds two tests:

1.
The command line interface `dsmc` is called,
then it is verified that the program does

* report the correct client version,
* find its configuration file,
* report a connection error.

2.
To check the GUI (and the tsm-client nixos module), we add a
vm test which uses the module to install `tsm-client-withGui`.
To verify that the GUI's basic functionality is present,
we skip over all connection failure related error
messages and open the "Connection Information"
dialog from the main application window.
This dialog presents the node name and the client version;
both are verified by the test.

Note: Our `tsm-client` build recipe consists of two packages:
The "unwrapped" package and the final package.
This commit puts the unwrapped one into the final
package's `passthru` so that tests can access
the original version string that is needed to check
the client version reported by the application.
2022-01-17 12:09:27 +01:00
Yarny0
c2192ed77a nixos/tsm-{client,backup}: use new type nonEmptyStr
The module option type `nonEmptyStr` was introduced in commit

a3c5f0cba8

The tsm modules previously simply used
`strMatching ".+"` to prevent empty option strings,
but the new type is more thorough as
it also catches space-only strings.
2022-01-17 12:09:27 +01:00
Yarny0
c5effcaaea nixos/tsm-backup: enable most systemd sandboxing options
This enables some systemd sandboxing
options for the `tsm-backup.service`.
Those settings have been determined by expermentation.
This commit tries hard to protect the filesystem from
write access, but not to hide anything from read access,
so users can backup all files they choose to backup.
An exception are API filesystems (`/dev`, `/proc`, `/sys`):
As their "files" are not stored on persistent storage,
they are sandboxed away as much as possible.

Note that the service still has to run with root
privileges to reach files with limited access permissions.
The obvious alternative to use a dedicated user account and
the `CAP_DAC_READ_SEARCH` capability to permit system-wide
read access while blocking write access does not work.
Experiments have shown that `dsmc` verifies access permissions
for each file before attempting to open it for reading.
Hence `dsmc` refuses to copy files where the file permission
mode blocks read access -- even if process capabilities
would allow it to proceed irrespective of permissions.
2022-01-17 12:09:27 +01:00
Yarny0
3f6d1f5f60 nixos/tsm-{client,backup}: update links in module comments
IBM has changed the URL structures of their support web pages.
The commit at hand updates URLs in two comments
so they follow the new structure.
2022-01-17 12:09:27 +01:00
Yarny0
8fa6f90ad6 tsm-client: set mainProgram
The TSM command line client `dsmc` should be the
program that is usually invoked from this package.
However, if a user explicitely asks for the
package with GUI support (with `enableGui`,
available in the package `tsm-client-withGui`),
we set the mainProgram to the graphical application `dsmj`
as that's likely what the user is looking for.
2022-01-17 12:09:27 +01:00
Yarny0
7934926b2e tsm-client: makeWrapper buildInputs to nativeBuildInputs
Although I'm not sure if `tsm-client` will ever be
subject to cross-compiling, referencing makeWrapper
from native BuildInputs is The Right Thing.

This is a kind of follow-up of
https://github.com/NixOS/nixpkgs/pull/112276
2022-01-17 12:09:26 +01:00
Yarny0
5ad0ecb901 tsm-client: 8.1.8.0 -> 8.1.13.0
tsm-client now links against openssl;
patchelf complains without it.

Links to IBM's "Authorized Program Analysis Report"s
(something like release notes),
to READMEs, and to Security Bulletins,
for all updates between 8.1.8.0 and 8.1.13.0:

* 8.1.9.x
  * APARs: https://www.ibm.com/support/pages/node/1077159
  * READMEs: https://www.ibm.com/support/pages/node/1108473
  * https://www.ibm.com/support/pages/node/1107261 (CVE-2018-2025)
  * https://www.ibm.com/support/pages/node/1107777 (CVE-2019-4406)

* 8.1.10.x
  * APARs: https://www.ibm.com/support/pages/node/6223098
  * READMEs: https://www.ibm.com/support/pages/node/6223388
  * https://www.ibm.com/support/pages/node/6221448 (CVE-2020-4494, CVE-2020-4406)
  * https://www.ibm.com/support/pages/node/6245356 (CVE-2020-2654)
  * https://www.ibm.com/support/pages/node/6245366 (CVE-2015-4000)

* 8.1.11.x
  * APARs: https://www.ibm.com/support/pages/node/6367203
  * READMEs: https://www.ibm.com/support/pages/node/6367205
  * https://www.ibm.com/support/pages/node/6371646
  * https://www.ibm.com/support/pages/node/6371650
  * https://www.ibm.com/support/pages/node/6371652

* 8.1.12.x
  * APARs: https://www.ibm.com/support/pages/node/6429561
  * READMEs: https://www.ibm.com/support/pages/node/6443671
  * https://www.ibm.com/support/pages/node/6445503 (CVE-2021-20532)
  * https://www.ibm.com/support/pages/node/6445497 (CVE-2021-29672, CVE-2021-20546)
  * https://www.ibm.com/support/pages/node/6445489 (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)
  * https://www.ibm.com/support/pages/node/6445483 (CVE-2020-27221, CVE-2020-14782)

* 8.1.13.x
  * APARs: https://www.ibm.com/support/pages/node/6524936
  * READMEs: https://www.ibm.com/support/pages/node/6524938
  * https://www.ibm.com/support/pages/node/6524706 (CVE-2021-39048)
  * https://www.ibm.com/support/pages/node/6524712 (CVE-2021-3712, CVE-2021-3711)
2022-01-17 12:09:26 +01:00
Yarny0
517ae2a288 tsm-client: update URL structure
IBM has changed the URL structures of their support web pages.
The commit at hand updates most URLs and
in particular the package update instructions
so they follow the new structure.
It also calculates the source download URL from the
version number, so package updates no longer have to
update the URL in addition to the version string.
2022-01-17 12:09:26 +01:00
Yarny0
6d134acc4a tsm-client: use explicit package option for Java GUI
The tsm-client package comes in two flavours:
command line only (`tsm-client`) and with a
Java-backed GUI (`tsm-client-withGui`).
To control which package is built,
the build recipe simply used to check if the
`jdk8` package was provided as package input.
This commit changes this mechanism:
The build recipe now accepts the explicit option `enableGui`,
which is set to `false` by default.

As the commit at hand touches the build recipe arguments,
it also changes argument sorting following
https://nixos.org/manual/nixpkgs/stable/#sec-syntax
2022-01-17 12:09:26 +01:00
Yarny0
ce6eea6002 tsm-client: add gnugrep to PATH
While testing the new version, I observed that
`dsmc` prints an error "sh: grep: command not found"
when executed with empty PATH.
Apparently, `dsmc` needs `grep` in its PATH.
2022-01-17 12:09:26 +01:00
Yarny0
6e157a481a tsm-client: fix lvm2 support
lvm2 support was broken when lvm2 got
converted to a multiple-output derivation:

https://github.com/NixOS/nixpkgs/pull/93024
d3a991d410

The `runtimeDependencies` attribute doesn't specifically
look for a `lib` output, so it uses the main `out` output
which no longer contains the library object files.

Since TSM loads the `libdevmapper.so` library
dynamically (likely with `dlfcn.h` functions),
the breakage couldn't be detected at build time.

The commit at hand simply uses
`getLib` to pick the correct output.
2022-01-17 12:09:23 +01:00
talyz
5010f4fff9
nixos/keycloak: Use LoadCredential to load secrets
Use systemd's LoadCredential mechanism to make the secret files
available to the service.

This gets rid of the privileged part of the ExecPreStart script which
only served to copy these files and assign the correct
permissions. There's been issues with this approach when used in
combination with DynamicUser, where sometimes the user isn't created
before the ExecPreStart script runs, causing the error

install: invalid user ‘keycloak’

This should fix that issue.

Unfortunately, all of the ExecPreStart script had to be moved to
ExecStart, since credentials aren't provided to ExecPreStart. See
https://github.com/systemd/systemd/issues/19604.
2022-01-17 11:46:51 +01:00
misuzu
1ea75adb02 git-workspace: 0.8.0 -> 0.9.0 2022-01-17 11:41:26 +01:00