diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index be54040ca2ed..597978aa53b2 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -199,9 +199,9 @@
/doc/languages-frameworks/php.section.md @NixOS/php
/nixos/tests/php @NixOS/php
/pkgs/build-support/build-pecl.nix @NixOS/php
-/pkgs/development/interpreters/php @NixOS/php
+/pkgs/development/interpreters/php @NixOS/php @jtojnar
/pkgs/development/php-packages @NixOS/php
-/pkgs/top-level/php-packages.nix @NixOS/php
+/pkgs/top-level/php-packages.nix @NixOS/php @jtojnar
# Podman, CRI-O modules and related
/nixos/modules/virtualisation/containers.nix @NixOS/podman @zowoq
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index b119272478e5..120ba2b004fe 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -594,6 +594,7 @@
./services/monitoring/loki.nix
./services/monitoring/longview.nix
./services/monitoring/mackerel-agent.nix
+ ./services/monitoring/metricbeat.nix
./services/monitoring/monit.nix
./services/monitoring/munin.nix
./services/monitoring/nagios.nix
diff --git a/nixos/modules/services/monitoring/metricbeat.nix b/nixos/modules/services/monitoring/metricbeat.nix
new file mode 100644
index 000000000000..b285559eaa9b
--- /dev/null
+++ b/nixos/modules/services/monitoring/metricbeat.nix
@@ -0,0 +1,152 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib)
+ attrValues
+ literalExample
+ mkEnableOption
+ mkIf
+ mkOption
+ types
+ ;
+ cfg = config.services.metricbeat;
+
+ settingsFormat = pkgs.formats.yaml {};
+
+in
+{
+ options = {
+
+ services.metricbeat = {
+
+ enable = mkEnableOption "metricbeat";
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.metricbeat;
+ defaultText = literalExample "pkgs.metricbeat";
+ example = literalExample "pkgs.metricbeat7";
+ description = ''
+ The metricbeat package to use
+ '';
+ };
+
+ modules = mkOption {
+ description = ''
+ Metricbeat modules are responsible for reading metrics from the various sources.
+
+ This is like services.metricbeat.settings.metricbeat.modules,
+ but structured as an attribute set. This has the benefit that multiple
+ NixOS modules can contribute settings to a single metricbeat module.
+
+ A module can be specified multiple times by choosing a different <name>
+ for each, but setting to the same value.
+
+ See .
+ '';
+ default = {};
+ type = types.attrsOf (types.submodule ({ name, ... }: {
+ freeformType = settingsFormat.type;
+ options = {
+ module = mkOption {
+ type = types.str;
+ default = name;
+ defaultText = literalExample '''';
+ description = ''
+ The name of the module.
+
+ Look for the value after module: on the individual
+ module pages linked from .
+ '';
+ };
+ };
+ }));
+ example = {
+ system = {
+ metricsets = ["cpu" "load" "memory" "network" "process" "process_summary" "uptime" "socket_summary"];
+ enabled = true;
+ period = "10s";
+ processes = [".*"];
+ cpu.metrics = ["percentages" "normalized_percentages"];
+ core.metrics = ["percentages"];
+ };
+ };
+ };
+
+ settings = mkOption {
+ type = types.submodule {
+ freeformType = settingsFormat.type;
+ options = {
+
+ name = mkOption {
+ type = types.str;
+ default = "";
+ description = ''
+ Name of the beat. Defaults to the hostname.
+ See .
+ '';
+ };
+
+ tags = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = ''
+ Tags to place on the shipped metrics.
+ See .
+ '';
+ };
+
+ metricbeat.modules = mkOption {
+ type = types.listOf settingsFormat.type;
+ default = [];
+ internal = true;
+ description = ''
+ The metric collecting modules. Use instead.
+
+ See .
+ '';
+ };
+ };
+ };
+ default = {};
+ description = ''
+ Configuration for metricbeat. See for supported values.
+ '';
+ };
+
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ assertions = [
+ {
+ # empty modules would cause a failure at runtime
+ assertion = cfg.settings.metricbeat.modules != [];
+ message = "services.metricbeat: You must configure one or more modules.";
+ }
+ ];
+
+ services.metricbeat.settings.metricbeat.modules = attrValues cfg.modules;
+
+ systemd.services.metricbeat = {
+ description = "metricbeat metrics shipper";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = ''
+ ${cfg.package}/bin/metricbeat \
+ -c ${settingsFormat.generate "metricbeat.yml" cfg.settings} \
+ --path.data $STATE_DIRECTORY \
+ --path.logs $LOGS_DIRECTORY \
+ ;
+ '';
+ Restart = "always";
+ DynamicUser = true;
+ ProtectSystem = "strict";
+ ProtectHome = "tmpfs";
+ StateDirectory = "metricbeat";
+ LogsDirectory = "metricbeat";
+ };
+ };
+ };
+}
diff --git a/nixos/tests/elk.nix b/nixos/tests/elk.nix
index 71d39a647a5a..2a1a4cba2956 100644
--- a/nixos/tests/elk.nix
+++ b/nixos/tests/elk.nix
@@ -56,6 +56,24 @@ let
'');
};
+ metricbeat = {
+ enable = true;
+ package = elk.metricbeat;
+ modules.system = {
+ metricsets = ["cpu" "load" "memory" "network" "process" "process_summary" "uptime" "socket_summary"];
+ enabled = true;
+ period = "5s";
+ processes = [".*"];
+ cpu.metrics = ["percentages" "normalized_percentages"];
+ core.metrics = ["percentages"];
+ };
+ settings = {
+ output.elasticsearch = {
+ hosts = ["127.0.0.1:9200"];
+ };
+ };
+ };
+
logstash = {
enable = true;
package = elk.logstash;
@@ -135,6 +153,16 @@ let
)
+ def has_metricbeat():
+ dictionary = {"query": {"match": {"event.dataset": {"query": "system.cpu"}}}}
+ return (
+ "curl --silent --show-error '${esUrl}/_search' "
+ + "-H 'Content-Type: application/json' "
+ + "-d '{}' ".format(json.dumps(dictionary))
+ + "| jq '.hits.total > 0'"
+ )
+
+
start_all()
one.wait_for_unit("elasticsearch.service")
@@ -161,6 +189,12 @@ let
"curl --silent --show-error 'http://localhost:5601/api/status' | jq .status.overall.state | grep green"
)
+ with subtest("Metricbeat is running"):
+ one.wait_for_unit("metricbeat.service")
+
+ with subtest("Metricbeat metrics arrive in elasticsearch"):
+ one.wait_until_succeeds(has_metricbeat() + " | tee /dev/console | grep 'true'")
+
with subtest("Logstash messages arive in elasticsearch"):
one.wait_until_succeeds(total_hits("flowers") + " | grep -v 0")
one.wait_until_succeeds(total_hits("dragons") + " | grep 0")
@@ -190,12 +224,14 @@ in pkgs.lib.mapAttrs mkElkTest {
logstash = pkgs.logstash6;
kibana = pkgs.kibana6;
journalbeat = pkgs.journalbeat6;
+ metricbeat = pkgs.metricbeat6;
}
else {
elasticsearch = pkgs.elasticsearch6-oss;
logstash = pkgs.logstash6-oss;
kibana = pkgs.kibana6-oss;
journalbeat = pkgs.journalbeat6;
+ metricbeat = pkgs.metricbeat6;
};
ELK-7 =
if enableUnfree
@@ -204,11 +240,13 @@ in pkgs.lib.mapAttrs mkElkTest {
logstash = pkgs.logstash7;
kibana = pkgs.kibana7;
journalbeat = pkgs.journalbeat7;
+ metricbeat = pkgs.metricbeat7;
}
else {
elasticsearch = pkgs.elasticsearch7-oss;
logstash = pkgs.logstash7-oss;
kibana = pkgs.kibana7-oss;
journalbeat = pkgs.journalbeat7;
+ metricbeat = pkgs.metricbeat7;
};
}
diff --git a/pkgs/development/interpreters/php/7.4.nix b/pkgs/development/interpreters/php/7.4.nix
index 79e736b30d5d..c4e566ee27ce 100644
--- a/pkgs/development/interpreters/php/7.4.nix
+++ b/pkgs/development/interpreters/php/7.4.nix
@@ -1,9 +1,7 @@
-{ callPackage, lib, stdenv, nixosTests, ... }@_args:
+{ callPackage, lib, stdenv, ... }@_args:
let
- generic = (import ./generic.nix) _args;
-
- base = callPackage generic (_args // {
+ base = callPackage ./generic.nix (_args // {
version = "7.4.20";
sha256 = "0d5ncz97y0271dsmz269wl4721vhq2fn6pmm9rxglc756p36pnha";
});
diff --git a/pkgs/development/interpreters/php/8.0.nix b/pkgs/development/interpreters/php/8.0.nix
index 9d357f88afee..90f7c3b796c0 100644
--- a/pkgs/development/interpreters/php/8.0.nix
+++ b/pkgs/development/interpreters/php/8.0.nix
@@ -1,9 +1,7 @@
-{ callPackage, lib, stdenv, nixosTests, ... }@_args:
+{ callPackage, lib, stdenv, ... }@_args:
let
- generic = (import ./generic.nix) _args;
-
- base = callPackage generic (_args // {
+ base = callPackage ./generic.nix (_args // {
version = "8.0.7";
sha256 = "0yazcc9x66xg1gmi3rpgk891g6s3mm7aywcadqfqnx1mdz4z5ckj";
});
diff --git a/pkgs/development/interpreters/php/generic.nix b/pkgs/development/interpreters/php/generic.nix
index 233e1b7007f4..558fa45a1fd9 100644
--- a/pkgs/development/interpreters/php/generic.nix
+++ b/pkgs/development/interpreters/php/generic.nix
@@ -1,8 +1,6 @@
# We have tests for PCRE and PHP-FPM in nixos/tests/php/ or
# both in the same attribute named nixosTests.php
-{ callPackage, lib, stdenv, nixosTests, ... }:
-
let
generic =
{ callPackage, lib, stdenv, nixosTests, fetchurl, makeWrapper
@@ -33,250 +31,251 @@ let
, valgrindSupport ? !stdenv.isDarwin
, ztsSupport ? apxs2Support
}@args:
- let
- # buildEnv wraps php to provide additional extensions and
- # configuration. Its usage is documented in
- # doc/languages-frameworks/php.section.md.
- #
- # Create a buildEnv with earlier overridden values and
- # extensions functions in its closure. This is necessary for
- # consecutive calls to buildEnv and overrides to work as
- # expected.
- mkBuildEnv = prevArgs: prevExtensionFunctions: lib.makeOverridable (
- { extensions ? ({ enabled, ... }: enabled), extraConfig ? "", ... }@innerArgs:
- let
- allArgs = args // prevArgs // innerArgs;
- filteredArgs = builtins.removeAttrs allArgs [ "extensions" "extraConfig" ];
- php = generic filteredArgs;
- php-packages = (callPackage ../../../top-level/php-packages.nix {
- phpPackage = phpWithExtensions;
- }).overrideScope' packageOverrides;
+ let
+ # buildEnv wraps php to provide additional extensions and
+ # configuration. Its usage is documented in
+ # doc/languages-frameworks/php.section.md.
+ #
+ # Create a buildEnv with earlier overridden values and
+ # extensions functions in its closure. This is necessary for
+ # consecutive calls to buildEnv and overrides to work as
+ # expected.
+ mkBuildEnv = prevArgs: prevExtensionFunctions: lib.makeOverridable (
+ { extensions ? ({ enabled, ... }: enabled), extraConfig ? "", ... }@innerArgs:
+ let
+ allArgs = args // prevArgs // innerArgs;
+ filteredArgs = builtins.removeAttrs allArgs [ "extensions" "extraConfig" ];
+ php = generic filteredArgs;
- allExtensionFunctions = prevExtensionFunctions ++ [ extensions ];
- enabledExtensions =
- builtins.foldl'
- (enabled: f:
- f { inherit enabled; all = php-packages.extensions; })
- []
- allExtensionFunctions;
+ php-packages = (callPackage ../../../top-level/php-packages.nix {
+ phpPackage = phpWithExtensions;
+ }).overrideScope' packageOverrides;
- getExtName = ext: lib.removePrefix "php-" (builtins.parseDrvName ext.name).name;
+ allExtensionFunctions = prevExtensionFunctions ++ [ extensions ];
+ enabledExtensions =
+ builtins.foldl'
+ (enabled: f:
+ f { inherit enabled; all = php-packages.extensions; })
+ []
+ allExtensionFunctions;
- # Recursively get a list of all internal dependencies
- # for a list of extensions.
- getDepsRecursively = extensions:
- let
- deps = lib.concatMap
- (ext: (ext.internalDeps or []) ++ (ext.peclDeps or []))
- extensions;
- in
- if ! (deps == []) then
- deps ++ (getDepsRecursively deps)
- else
- deps;
+ getExtName = ext: lib.removePrefix "php-" (builtins.parseDrvName ext.name).name;
- # Generate extension load configuration snippets from the
- # extension parameter. This is an attrset suitable for use
- # with textClosureList, which is used to put the strings in
- # the right order - if a plugin which is dependent on
- # another plugin is placed before its dependency, it will
- # fail to load.
- extensionTexts =
- lib.listToAttrs
- (map (ext:
- let
- extName = getExtName ext;
- phpDeps = (ext.internalDeps or []) ++ (ext.peclDeps or []);
- type = "${lib.optionalString (ext.zendExtension or false) "zend_"}extension";
- in
- lib.nameValuePair extName {
- text = "${type}=${ext}/lib/php/extensions/${extName}.so";
- deps = map getExtName phpDeps;
- })
- (enabledExtensions ++ (getDepsRecursively enabledExtensions)));
+ # Recursively get a list of all internal dependencies
+ # for a list of extensions.
+ getDepsRecursively = extensions:
+ let
+ deps = lib.concatMap
+ (ext: (ext.internalDeps or []) ++ (ext.peclDeps or []))
+ extensions;
+ in
+ if ! (deps == []) then
+ deps ++ (getDepsRecursively deps)
+ else
+ deps;
- extNames = map getExtName enabledExtensions;
- extraInit = writeText "php-extra-init-${version}.ini" ''
- ${lib.concatStringsSep "\n"
- (lib.textClosureList extensionTexts extNames)}
- ${extraConfig}
- '';
+ # Generate extension load configuration snippets from the
+ # extension parameter. This is an attrset suitable for use
+ # with textClosureList, which is used to put the strings in
+ # the right order - if a plugin which is dependent on
+ # another plugin is placed before its dependency, it will
+ # fail to load.
+ extensionTexts =
+ lib.listToAttrs
+ (map (ext:
+ let
+ extName = getExtName ext;
+ phpDeps = (ext.internalDeps or []) ++ (ext.peclDeps or []);
+ type = "${lib.optionalString (ext.zendExtension or false) "zend_"}extension";
+ in
+ lib.nameValuePair extName {
+ text = "${type}=${ext}/lib/php/extensions/${extName}.so";
+ deps = map getExtName phpDeps;
+ })
+ (enabledExtensions ++ (getDepsRecursively enabledExtensions)));
- phpWithExtensions = symlinkJoin {
- name = "php-with-extensions-${version}";
- inherit (php) version;
- nativeBuildInputs = [ makeWrapper ];
- passthru = php.passthru // {
- buildEnv = mkBuildEnv allArgs allExtensionFunctions;
- withExtensions = mkWithExtensions allArgs allExtensionFunctions;
- phpIni = "${phpWithExtensions}/lib/php.ini";
- unwrapped = php;
- # Select the right php tests for the php version
- tests = nixosTests."php${lib.strings.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor php.version)}";
- inherit (php-packages) extensions buildPecl;
- packages = php-packages.tools;
- meta = php.meta // {
- outputsToInstall = [ "out" ];
- };
+ extNames = map getExtName enabledExtensions;
+ extraInit = writeText "php-extra-init-${version}.ini" ''
+ ${lib.concatStringsSep "\n"
+ (lib.textClosureList extensionTexts extNames)}
+ ${extraConfig}
+ '';
+
+ phpWithExtensions = symlinkJoin {
+ name = "php-with-extensions-${version}";
+ inherit (php) version;
+ nativeBuildInputs = [ makeWrapper ];
+ passthru = php.passthru // {
+ buildEnv = mkBuildEnv allArgs allExtensionFunctions;
+ withExtensions = mkWithExtensions allArgs allExtensionFunctions;
+ phpIni = "${phpWithExtensions}/lib/php.ini";
+ unwrapped = php;
+ # Select the right php tests for the php version
+ tests = nixosTests."php${lib.strings.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor php.version)}";
+ inherit (php-packages) extensions buildPecl;
+ packages = php-packages.tools;
+ meta = php.meta // {
+ outputsToInstall = [ "out" ];
};
- paths = [ php ];
- postBuild = ''
- ln -s ${extraInit} $out/lib/php.ini
-
- if test -e $out/bin/php; then
- wrapProgram $out/bin/php --set PHP_INI_SCAN_DIR $out/lib
- fi
-
- if test -e $out/bin/php-fpm; then
- wrapProgram $out/bin/php-fpm --set PHP_INI_SCAN_DIR $out/lib
- fi
-
- if test -e $out/bin/phpdbg; then
- wrapProgram $out/bin/phpdbg --set PHP_INI_SCAN_DIR $out/lib
- fi
- '';
};
- in
- phpWithExtensions);
+ paths = [ php ];
+ postBuild = ''
+ ln -s ${extraInit} $out/lib/php.ini
- mkWithExtensions = prevArgs: prevExtensionFunctions: extensions:
- mkBuildEnv prevArgs prevExtensionFunctions { inherit extensions; };
- in
- stdenv.mkDerivation {
- pname = "php";
+ if test -e $out/bin/php; then
+ wrapProgram $out/bin/php --set PHP_INI_SCAN_DIR $out/lib
+ fi
- inherit version;
+ if test -e $out/bin/php-fpm; then
+ wrapProgram $out/bin/php-fpm --set PHP_INI_SCAN_DIR $out/lib
+ fi
- enableParallelBuilding = true;
+ if test -e $out/bin/phpdbg; then
+ wrapProgram $out/bin/phpdbg --set PHP_INI_SCAN_DIR $out/lib
+ fi
+ '';
+ };
+ in
+ phpWithExtensions);
- nativeBuildInputs = [ autoconf automake bison flex libtool pkg-config re2c ]
- ++ lib.optional stdenv.isDarwin xcbuild;
+ mkWithExtensions = prevArgs: prevExtensionFunctions: extensions:
+ mkBuildEnv prevArgs prevExtensionFunctions { inherit extensions; };
+ in
+ stdenv.mkDerivation {
+ pname = "php";
- buildInputs =
- # PCRE extension
- [ pcre2 ]
+ inherit version;
- # Enable sapis
- ++ lib.optional pearSupport [ libxml2.dev ]
+ enableParallelBuilding = true;
- # Misc deps
- ++ lib.optional apxs2Support apacheHttpd
- ++ lib.optional argon2Support libargon2
- ++ lib.optional systemdSupport systemd
- ++ lib.optional valgrindSupport valgrind
- ;
+ nativeBuildInputs = [ autoconf automake bison flex libtool pkg-config re2c ]
+ ++ lib.optional stdenv.isDarwin xcbuild;
- CXXFLAGS = lib.optionalString stdenv.cc.isClang "-std=c++11";
+ buildInputs =
+ # PCRE extension
+ [ pcre2 ]
- configureFlags =
- # Disable all extensions
- [ "--disable-all" ]
+ # Enable sapis
+ ++ lib.optional pearSupport [ libxml2.dev ]
- # PCRE
- ++ lib.optionals (lib.versionAtLeast version "7.4") [ "--with-external-pcre=${pcre2.dev}" ]
- ++ lib.optionals (lib.versions.majorMinor version == "7.3") [ "--with-pcre-regex=${pcre2.dev}" ]
- ++ lib.optionals (lib.versionOlder version "7.3") [ "--with-pcre-regex=${pcre2.dev}" ]
- ++ [ "PCRE_LIBDIR=${pcre2}" ]
+ # Misc deps
+ ++ lib.optional apxs2Support apacheHttpd
+ ++ lib.optional argon2Support libargon2
+ ++ lib.optional systemdSupport systemd
+ ++ lib.optional valgrindSupport valgrind
+ ;
+
+ CXXFLAGS = lib.optionalString stdenv.cc.isClang "-std=c++11";
+
+ configureFlags =
+ # Disable all extensions
+ [ "--disable-all" ]
+
+ # PCRE
+ ++ lib.optionals (lib.versionAtLeast version "7.4") [ "--with-external-pcre=${pcre2.dev}" ]
+ ++ lib.optionals (lib.versions.majorMinor version == "7.3") [ "--with-pcre-regex=${pcre2.dev}" ]
+ ++ lib.optionals (lib.versionOlder version "7.3") [ "--with-pcre-regex=${pcre2.dev}" ]
+ ++ [ "PCRE_LIBDIR=${pcre2}" ]
- # Enable sapis
- ++ lib.optional (!cgiSupport) "--disable-cgi"
- ++ lib.optional (!cliSupport) "--disable-cli"
- ++ lib.optional fpmSupport "--enable-fpm"
- ++ lib.optional pearSupport [ "--with-pear" "--enable-xml" "--with-libxml" ]
- ++ lib.optionals (pearSupport && (lib.versionOlder version "7.4")) [
- "--enable-libxml"
- "--with-libxml-dir=${libxml2.dev}"
- ]
- ++ lib.optional pharSupport "--enable-phar"
- ++ lib.optional (!phpdbgSupport) "--disable-phpdbg"
+ # Enable sapis
+ ++ lib.optional (!cgiSupport) "--disable-cgi"
+ ++ lib.optional (!cliSupport) "--disable-cli"
+ ++ lib.optional fpmSupport "--enable-fpm"
+ ++ lib.optional pearSupport [ "--with-pear" "--enable-xml" "--with-libxml" ]
+ ++ lib.optionals (pearSupport && (lib.versionOlder version "7.4")) [
+ "--enable-libxml"
+ "--with-libxml-dir=${libxml2.dev}"
+ ]
+ ++ lib.optional pharSupport "--enable-phar"
+ ++ lib.optional (!phpdbgSupport) "--disable-phpdbg"
- # Misc flags
- ++ lib.optional apxs2Support "--with-apxs2=${apacheHttpd.dev}/bin/apxs"
- ++ lib.optional argon2Support "--with-password-argon2=${libargon2}"
- ++ lib.optional cgotoSupport "--enable-re2c-cgoto"
- ++ lib.optional embedSupport "--enable-embed"
- ++ lib.optional (!ipv6Support) "--disable-ipv6"
- ++ lib.optional systemdSupport "--with-fpm-systemd"
- ++ lib.optional valgrindSupport "--with-valgrind=${valgrind.dev}"
- ++ lib.optional (ztsSupport && (lib.versionOlder version "8.0")) "--enable-maintainer-zts"
- ++ lib.optional (ztsSupport && (lib.versionAtLeast version "8.0")) "--enable-zts"
+ # Misc flags
+ ++ lib.optional apxs2Support "--with-apxs2=${apacheHttpd.dev}/bin/apxs"
+ ++ lib.optional argon2Support "--with-password-argon2=${libargon2}"
+ ++ lib.optional cgotoSupport "--enable-re2c-cgoto"
+ ++ lib.optional embedSupport "--enable-embed"
+ ++ lib.optional (!ipv6Support) "--disable-ipv6"
+ ++ lib.optional systemdSupport "--with-fpm-systemd"
+ ++ lib.optional valgrindSupport "--with-valgrind=${valgrind.dev}"
+ ++ lib.optional (ztsSupport && (lib.versionOlder version "8.0")) "--enable-maintainer-zts"
+ ++ lib.optional (ztsSupport && (lib.versionAtLeast version "8.0")) "--enable-zts"
- # Sendmail
- ++ [ "PROG_SENDMAIL=${system-sendmail}/bin/sendmail" ]
- ;
+ # Sendmail
+ ++ [ "PROG_SENDMAIL=${system-sendmail}/bin/sendmail" ]
+ ;
- hardeningDisable = [ "bindnow" ];
+ hardeningDisable = [ "bindnow" ];
- preConfigure =
- # Don't record the configure flags since this causes unnecessary
- # runtime dependencies
- ''
- for i in main/build-defs.h.in scripts/php-config.in; do
- substituteInPlace $i \
- --replace '@CONFIGURE_COMMAND@' '(omitted)' \
- --replace '@CONFIGURE_OPTIONS@' "" \
- --replace '@PHP_LDFLAGS@' ""
- done
+ preConfigure =
+ # Don't record the configure flags since this causes unnecessary
+ # runtime dependencies
+ ''
+ for i in main/build-defs.h.in scripts/php-config.in; do
+ substituteInPlace $i \
+ --replace '@CONFIGURE_COMMAND@' '(omitted)' \
+ --replace '@CONFIGURE_OPTIONS@' "" \
+ --replace '@PHP_LDFLAGS@' ""
+ done
- export EXTENSION_DIR=$out/lib/php/extensions
- ''
- # PKG_CONFIG need not be a relative path
- + lib.optionalString (! lib.versionAtLeast version "7.4") ''
- for i in $(find . -type f -name "*.m4"); do
- substituteInPlace $i \
- --replace 'test -x "$PKG_CONFIG"' 'type -P "$PKG_CONFIG" >/dev/null'
- done
- '' + ''
- ./buildconf --copy --force
+ export EXTENSION_DIR=$out/lib/php/extensions
+ ''
+ # PKG_CONFIG need not be a relative path
+ + lib.optionalString (! lib.versionAtLeast version "7.4") ''
+ for i in $(find . -type f -name "*.m4"); do
+ substituteInPlace $i \
+ --replace 'test -x "$PKG_CONFIG"' 'type -P "$PKG_CONFIG" >/dev/null'
+ done
+ '' + ''
+ ./buildconf --copy --force
- if test -f $src/genfiles; then
- ./genfiles
- fi
- '' + lib.optionalString stdenv.isDarwin ''
- substituteInPlace configure --replace "-lstdc++" "-lc++"
- '';
+ if test -f $src/genfiles; then
+ ./genfiles
+ fi
+ '' + lib.optionalString stdenv.isDarwin ''
+ substituteInPlace configure --replace "-lstdc++" "-lc++"
+ '';
- postInstall = ''
- test -d $out/etc || mkdir $out/etc
- cp php.ini-production $out/etc/php.ini
- '';
+ postInstall = ''
+ test -d $out/etc || mkdir $out/etc
+ cp php.ini-production $out/etc/php.ini
+ '';
- postFixup = ''
- mkdir -p $dev/bin $dev/share/man/man1
- mv $out/bin/phpize $out/bin/php-config $dev/bin/
- mv $out/share/man/man1/phpize.1.gz \
- $out/share/man/man1/php-config.1.gz \
- $dev/share/man/man1/
- '';
+ postFixup = ''
+ mkdir -p $dev/bin $dev/share/man/man1
+ mv $out/bin/phpize $out/bin/php-config $dev/bin/
+ mv $out/share/man/man1/phpize.1.gz \
+ $out/share/man/man1/php-config.1.gz \
+ $dev/share/man/man1/
+ '';
- src = fetchurl {
- url = "https://www.php.net/distributions/php-${version}.tar.bz2";
- inherit sha256;
- };
+ src = fetchurl {
+ url = "https://www.php.net/distributions/php-${version}.tar.bz2";
+ inherit sha256;
+ };
- patches = [ ./fix-paths-php7.patch ] ++ extraPatches;
+ patches = [ ./fix-paths-php7.patch ] ++ extraPatches;
- separateDebugInfo = true;
+ separateDebugInfo = true;
- outputs = [ "out" "dev" ];
+ outputs = [ "out" "dev" ];
- passthru = {
- buildEnv = mkBuildEnv {} [];
- withExtensions = mkWithExtensions {} [];
- inherit ztsSupport;
- };
+ passthru = {
+ buildEnv = mkBuildEnv {} [];
+ withExtensions = mkWithExtensions {} [];
+ inherit ztsSupport;
+ };
- meta = with lib; {
- description = "An HTML-embedded scripting language";
- homepage = "https://www.php.net/";
- license = licenses.php301;
- maintainers = teams.php.members;
- platforms = platforms.all;
- outputsToInstall = [ "out" "dev" ];
- };
- };
+ meta = with lib; {
+ description = "An HTML-embedded scripting language";
+ homepage = "https://www.php.net/";
+ license = licenses.php301;
+ maintainers = teams.php.members;
+ platforms = platforms.all;
+ outputsToInstall = [ "out" "dev" ];
+ };
+ };
in generic
diff --git a/pkgs/development/libraries/libimagequant/default.nix b/pkgs/development/libraries/libimagequant/default.nix
index 264fe4fb51a0..8a5751411486 100644
--- a/pkgs/development/libraries/libimagequant/default.nix
+++ b/pkgs/development/libraries/libimagequant/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
patchShebangs ./configure
'';
- configureFlags = lib.optionals stdenv.isAarch64 [ "--disable-sse" ];
+ configureFlags = lib.optionals (!stdenv.isi686 && !stdenv.isx86_64) [ "--disable-sse" ];
meta = with lib; {
homepage = "https://pngquant.org/lib/";
diff --git a/pkgs/development/php-packages/composer/default.nix b/pkgs/development/php-packages/composer/default.nix
index f749ddf8cc49..b86980031fbe 100644
--- a/pkgs/development/php-packages/composer/default.nix
+++ b/pkgs/development/php-packages/composer/default.nix
@@ -1,14 +1,14 @@
{ mkDerivation, fetchurl, makeWrapper, unzip, lib, php }:
let
pname = "composer";
- version = "2.1.1";
+ version = "2.1.2";
in
mkDerivation {
inherit pname version;
src = fetchurl {
url = "https://getcomposer.org/download/${version}/composer.phar";
- sha256 = "1ki106973q74inwgd4hjmml905rqg82808qq4wiysrkr7mzmfnj4";
+ sha256 = "0gd4hxkxdds3nxpbcd38chrkijha31p6nygdq3f73mbb984h3v1d";
};
dontUnpack = true;
diff --git a/pkgs/development/tools/buildah/default.nix b/pkgs/development/tools/buildah/default.nix
index 86aef4de9b8e..e3828eb7f14c 100644
--- a/pkgs/development/tools/buildah/default.nix
+++ b/pkgs/development/tools/buildah/default.nix
@@ -14,13 +14,13 @@
buildGoModule rec {
pname = "buildah";
- version = "1.21.0";
+ version = "1.21.1";
src = fetchFromGitHub {
owner = "containers";
repo = "buildah";
rev = "v${version}";
- sha256 = "sha256-uNb5HCEft1vXASli+2zdKWzFzsAlI9/ILBWa7OQZBwE=";
+ sha256 = "sha256-Wes52lTcv3Jb6gJeUS6fmf4Nee3qEcc3SibaTFvQ8sQ=";
};
outputs = [ "out" "man" ];
diff --git a/pkgs/misc/logging/beats/6.x.nix b/pkgs/misc/logging/beats/6.x.nix
index ce80b174d327..81b8ba0ab5bf 100644
--- a/pkgs/misc/logging/beats/6.x.nix
+++ b/pkgs/misc/logging/beats/6.x.nix
@@ -1,4 +1,4 @@
-{ lib, fetchFromGitHub, elk6Version, buildGoPackage, libpcap, systemd }:
+{ lib, fetchFromGitHub, elk6Version, buildGoPackage, libpcap, nixosTests, systemd }:
let beat = package : extraArgs : buildGoPackage (rec {
name = "${package}-${version}";
@@ -22,10 +22,17 @@ let beat = package : extraArgs : buildGoPackage (rec {
platforms = platforms.linux;
};
} // extraArgs);
-in {
+in rec {
filebeat6 = beat "filebeat" {meta.description = "Lightweight shipper for logfiles";};
heartbeat6 = beat "heartbeat" {meta.description = "Lightweight shipper for uptime monitoring";};
- metricbeat6 = beat "metricbeat" {meta.description = "Lightweight shipper for metrics";};
+ metricbeat6 = beat "metricbeat" {
+ meta.description = "Lightweight shipper for metrics";
+ passthru.tests =
+ assert metricbeat6.drvPath == nixosTests.elk.ELK-6.elkPackages.metricbeat.drvPath;
+ {
+ elk = nixosTests.elk.ELK-6;
+ };
+ };
packetbeat6 = beat "packetbeat" {
buildInputs = [ libpcap ];
meta.broken = true;
diff --git a/pkgs/misc/logging/beats/7.x.nix b/pkgs/misc/logging/beats/7.x.nix
index 43ea85508c69..77e14e96c54e 100644
--- a/pkgs/misc/logging/beats/7.x.nix
+++ b/pkgs/misc/logging/beats/7.x.nix
@@ -1,4 +1,4 @@
-{ lib, fetchFromGitHub, elk7Version, buildGoPackage, libpcap, systemd }:
+{ lib, fetchFromGitHub, elk7Version, buildGoPackage, libpcap, nixosTests, systemd }:
let beat = package : extraArgs : buildGoPackage (rec {
name = "${package}-${version}";
@@ -22,10 +22,17 @@ let beat = package : extraArgs : buildGoPackage (rec {
platforms = platforms.linux;
};
} // extraArgs);
-in {
+in rec {
filebeat7 = beat "filebeat" {meta.description = "Lightweight shipper for logfiles";};
heartbeat7 = beat "heartbeat" {meta.description = "Lightweight shipper for uptime monitoring";};
- metricbeat7 = beat "metricbeat" {meta.description = "Lightweight shipper for metrics";};
+ metricbeat7 = beat "metricbeat" {
+ meta.description = "Lightweight shipper for metrics";
+ passthru.tests =
+ assert metricbeat7.drvPath == nixosTests.elk.ELK-7.elkPackages.metricbeat.drvPath;
+ {
+ elk = nixosTests.elk.ELK-7;
+ };
+ };
packetbeat7 = beat "packetbeat" {
buildInputs = [ libpcap ];
meta.description = "Network packet analyzer that ships data to Elasticsearch";
diff --git a/pkgs/servers/ldap/389/default.nix b/pkgs/servers/ldap/389/default.nix
index db9041574fca..4387542e5af0 100644
--- a/pkgs/servers/ldap/389/default.nix
+++ b/pkgs/servers/ldap/389/default.nix
@@ -65,5 +65,8 @@ stdenv.mkDerivation rec {
description = "Enterprise-class Open Source LDAP server for Linux";
license = licenses.gpl3Plus;
platforms = platforms.linux;
+ knownVulnerabilities = [
+ "CVE-2021-3514" # https://nvd.nist.gov/vuln/detail/CVE-2021-3514
+ ];
};
}
diff --git a/pkgs/servers/misc/gobgpd/default.nix b/pkgs/servers/misc/gobgpd/default.nix
index c747e5266a05..450e454374f0 100644
--- a/pkgs/servers/misc/gobgpd/default.nix
+++ b/pkgs/servers/misc/gobgpd/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "gobgpd";
- version = "2.27.0";
+ version = "2.28.0";
src = fetchFromGitHub {
owner = "osrg";
repo = "gobgp";
rev = "v${version}";
- sha256 = "sha256-Ofg+z8wUttqM1THatPFi0cuyLSEryhTmg3JC1o+16eA=";
+ sha256 = "sha256-AlAfs1wi3hS7cqAtGqfUgv5CIonu7TmXWgxL1zSBh54=";
};
vendorSha256 = "sha256-PWm7XnO6LPaU8g8ymmqRkQv2KSX9kLv9RVaa000mrTY=";
diff --git a/pkgs/tools/filesystems/gocryptfs/default.nix b/pkgs/tools/filesystems/gocryptfs/default.nix
index b8b330c129a0..83d53c318888 100644
--- a/pkgs/tools/filesystems/gocryptfs/default.nix
+++ b/pkgs/tools/filesystems/gocryptfs/default.nix
@@ -1,28 +1,42 @@
{ lib
+, stdenv
, buildGoModule
, fetchFromGitHub
, openssl
, pandoc
, pkg-config
+, libfido2
}:
+let
+ # pandoc is currently broken on aarch64-darwin
+ # because of missing ghc
+ brokenPandoc = stdenv.isDarwin && stdenv.isAarch64;
+in
+
buildGoModule rec {
pname = "gocryptfs";
- version = "1.8.0";
+ version = "2.0";
src = fetchFromGitHub {
owner = "rfjakob";
repo = pname;
rev = "v${version}";
- sha256 = "1acalwrr5xqhpqca3gypj0s68w6vpckxmg5z5gfgh8wx6nqx4aw9";
+ sha256 = "1wpdzi1qfpab76v0ki74qkk82m3ykr4iqb8r6a8k11l4fn42fjk0";
};
- runVend = true;
- vendorSha256 = "0z3y51sgr1rmr23jpc5h5d5lw14p3qzv48rc7zj7qa4rd5cfhsgi";
+ vendorSha256 = "10az8n7z4rhsk1af2x6v3pmxg4zp7c9cal35ily8bdzzcb9cpgs0";
+
+ nativeBuildInputs = [
+ pkg-config
+ ] ++ lib.optionals (!brokenPandoc) [
+ pandoc
+ ];
- nativeBuildInputs = [ pandoc pkg-config ];
buildInputs = [ openssl ];
+ propagatedBuildInputs = [ libfido2 ];
+
buildFlagsArray = ''
-ldflags=
-X main.GitVersion=${version}
@@ -32,9 +46,10 @@ buildGoModule rec {
subPackages = [ "." "gocryptfs-xray" "contrib/statfs" ];
- postBuild = ''
+ postBuild = lib.optionalString (!brokenPandoc) ''
pushd Documentation/
mkdir -p $out/share/man/man1
+ # taken from Documentation/MANPAGE-render.bash
pandoc MANPAGE.md -s -t man -o $out/share/man/man1/gocryptfs.1
pandoc MANPAGE-XRAY.md -s -t man -o $out/share/man/man1/gocryptfs-xray.1
pandoc MANPAGE-STATFS.md -s -t man -o $out/share/man/man1/statfs.1
diff --git a/pkgs/tools/misc/nix-direnv/default.nix b/pkgs/tools/misc/nix-direnv/default.nix
index 94ce54a2a9ac..526efc65f6a4 100644
--- a/pkgs/tools/misc/nix-direnv/default.nix
+++ b/pkgs/tools/misc/nix-direnv/default.nix
@@ -1,5 +1,15 @@
-{ lib, stdenv, fetchFromGitHub, gnugrep, nixUnstable }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, gnugrep
+, nixStable
+, nixUnstable
+, enableFlakes ? false
+}:
+let
+ nix = if enableFlakes then nixUnstable else nixStable;
+in
stdenv.mkDerivation rec {
pname = "nix-direnv";
version = "1.2.6";
@@ -14,7 +24,7 @@ stdenv.mkDerivation rec {
# Substitute instead of wrapping because the resulting file is
# getting sourced, not executed:
postPatch = ''
- sed -i "1a NIX_BIN_PREFIX=${nixUnstable}/bin/" direnvrc
+ sed -i "1a NIX_BIN_PREFIX=${nix}/bin/" direnvrc
substituteInPlace direnvrc --replace "grep" "${gnugrep}/bin/grep"
'';
diff --git a/pkgs/tools/networking/gobgp/default.nix b/pkgs/tools/networking/gobgp/default.nix
index 942df983fcdc..96f806aad39f 100644
--- a/pkgs/tools/networking/gobgp/default.nix
+++ b/pkgs/tools/networking/gobgp/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "gobgp";
- version = "2.27.0";
+ version = "2.28.0";
src = fetchFromGitHub {
owner = "osrg";
repo = "gobgp";
rev = "v${version}";
- sha256 = "sha256-Ofg+z8wUttqM1THatPFi0cuyLSEryhTmg3JC1o+16eA=";
+ sha256 = "sha256-AlAfs1wi3hS7cqAtGqfUgv5CIonu7TmXWgxL1zSBh54=";
};
vendorSha256 = "sha256-PWm7XnO6LPaU8g8ymmqRkQv2KSX9kLv9RVaa000mrTY=";
diff --git a/pkgs/tools/system/gdu/default.nix b/pkgs/tools/system/gdu/default.nix
index 629085d346f6..bff605dbcdeb 100644
--- a/pkgs/tools/system/gdu/default.nix
+++ b/pkgs/tools/system/gdu/default.nix
@@ -7,16 +7,16 @@
buildGoModule rec {
pname = "gdu";
- version = "5.0.1";
+ version = "5.1.0";
src = fetchFromGitHub {
owner = "dundee";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-78eQinKR4w7K8MFd4uyj5IPkUs0Mz5XeO7JUG/1cKLw=";
+ sha256 = "sha256-OellGxW/2I/dKBxWgEv1Ta9OJ/2HUfDIzICQwvmjTCM=";
};
- vendorSha256 = "sha256-9upXhTvQJ9oFfomgqja3SiifiZpl8RUQ85HwL9bDPlQ=";
+ vendorSha256 = "sha256-9W1K01PJ+tRLSJ0L7NGHXT5w5oHmlBkT8kwnOLOzSCc=";
nativeBuildInputs = [ installShellFiles ];