3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

347164 commits

Author SHA1 Message Date
Fabian Affolter 73e71ed4cd
Merge pull request #155312 from fabaff/fix-demjson
python3Packages.demjson: only run tests on Python 2
2022-01-17 13:00:18 +01:00
Bobby Rong 262f5046c5
Merge pull request #155310 from 06kellyjac/deno
deno: 1.17.2 -> 1.17.3
2022-01-17 19:57:36 +08:00
talyz 95430e31f5
nixos/keycloak: Reformat the code with nixpkgs-fmt 2022-01-17 12:47:53 +01:00
talyz 21b1de2bcd
nixos/keycloak: Inherit library functions and builtins
Instead of referencing all library functions through `lib.` and
builtins through `builtins.` at every invocation, inherit them into
the appropriate scope.
2022-01-17 12:42:30 +01:00
Elis Hirwing 4f26cbfadb
Merge pull request #155122 from drupol/php/bump-to-7-4-27
php: 7.4.26 -> 7.4.27, 8.0.13 -> 8.0.14
2022-01-17 12:41:50 +01:00
Michal Sojka a6f6108149 inkscape: fix line spacing problem
Inkscape does not work well with with Pango 1.49+ (nixpkgs has Pango
1.50.0). An upstream commit with the fix will be a part of upcomming
1.1.2 release due in a month. Until than, let's apply the fix in
nixpkgs.
2022-01-17 12:33:57 +01:00
Yarny0 756f45306b tsm-client: 8.1.13.2 -> 8.1.13.3
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6540692 (CVE-2021-44832)
2022-01-17 12:09:27 +01:00
Yarny0 be904af99c tsm-client: 8.1.13.1 -> 8.1.13.2
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6537640 (CVE-2021-45105, CVE-2021-45046)
2022-01-17 12:09:27 +01:00
Yarny0 4a42ca06c1 tsm-client: 8.1.13.0 -> 8.1.13.1
Link to Security Bulletin:
https://www.ibm.com/support/pages/node/6527080 (CVE-2021-44228)
2022-01-17 12:09:27 +01:00
Yarny0 66d068bf66 tsm-client: use rpm source instead of deb/Ubuntu
IBM publishes their IBM Spectrum Protect client
for Linux in two flavors:

* "Linux x86_64 client"
* "Linux x86_64 Ubuntu client"

Up to this commit, nixpkgs used the Ubuntu
flavor to build its `tsm-client` derivation.
However, the history of published archive files in

* https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/client/v8r1/Linux/
* https://public.dhe.ibm.com/storage/tivoli-storage-management/patches/client/v8r1/Linux/

suggests that updates in the fourth level of
the version numbers (e.g. 8.1.13.0 -> 8.1.13.1)
do not get published as Ubuntu flavor.
It order to be able to always use the latest release,
this commit switches to the non-Ubuntu flavor.
The non-Ubuntu archive contains rpm files,
so this commit switches from `ar` to `rpmextract`.
Instead of unpacking all deb files,
the build recipe now unpacks all _but one_ rpm file:
The file `TIVsm-WEBGUI.x86_64.rpm` apparently
contains a plugin that is not included
in the Ubuntu version (see note below).
Comparing the old and the new derivation's output indicates
that this choice minimizes the difference between the results:

The output of the old (Ubuntu flavor) derivation contains:
* `commons-codec-1.6.jar`
* `share/` with changelog and copyright information
  for the packages `gskssl64` and `gskcrypt64`

The output of the new (non-Ubuntu flavor) derivation contains:
* `lib64`, symlink to `lib`
* `commons-codec-1.14.jar`
* `opt/tivoli/tsm/license/{api,baclient}/sm/`
  with license agreement files in many languages

Besides these differences, the outputs' file names are equal.

Note: I don't know what functionality
`TIVsm-WEBGUI.x86_64.rpm` actually provides.
Unpacking it with the other rpm files makes patchelf complain
about missing X11 libraries, so in order to include it here,
one would likely need to add those to `buildInputs`.
However, as the old (Ubuntu flavor) `tsm-client` package
did not contain this functionality and as I cannot test
or use it in any way, I opted to not include it now.
If we want to include this with a later commit,
we should add another package build option (like `enableGui`)
so that the default `tsm-client` package does not pull in
X11 libraries and its closure size therefore stays small.
2022-01-17 12:09:27 +01:00
Yarny0 f6dca95c5d tsm-client: add test derivation and a module test
The tsm-client needs a tsm-server to do anything useful.
Without a server, automated tests can just
check diagnostic outputs for plausibility.

The commit at hand adds two tests:

1.
The command line interface `dsmc` is called,
then it is verified that the program does

* report the correct client version,
* find its configuration file,
* report a connection error.

2.
To check the GUI (and the tsm-client nixos module), we add a
vm test which uses the module to install `tsm-client-withGui`.
To verify that the GUI's basic functionality is present,
we skip over all connection failure related error
messages and open the "Connection Information"
dialog from the main application window.
This dialog presents the node name and the client version;
both are verified by the test.

Note: Our `tsm-client` build recipe consists of two packages:
The "unwrapped" package and the final package.
This commit puts the unwrapped one into the final
package's `passthru` so that tests can access
the original version string that is needed to check
the client version reported by the application.
2022-01-17 12:09:27 +01:00
Yarny0 c2192ed77a nixos/tsm-{client,backup}: use new type nonEmptyStr
The module option type `nonEmptyStr` was introduced in commit

a3c5f0cba8

The tsm modules previously simply used
`strMatching ".+"` to prevent empty option strings,
but the new type is more thorough as
it also catches space-only strings.
2022-01-17 12:09:27 +01:00
Yarny0 c5effcaaea nixos/tsm-backup: enable most systemd sandboxing options
This enables some systemd sandboxing
options for the `tsm-backup.service`.
Those settings have been determined by expermentation.
This commit tries hard to protect the filesystem from
write access, but not to hide anything from read access,
so users can backup all files they choose to backup.
An exception are API filesystems (`/dev`, `/proc`, `/sys`):
As their "files" are not stored on persistent storage,
they are sandboxed away as much as possible.

Note that the service still has to run with root
privileges to reach files with limited access permissions.
The obvious alternative to use a dedicated user account and
the `CAP_DAC_READ_SEARCH` capability to permit system-wide
read access while blocking write access does not work.
Experiments have shown that `dsmc` verifies access permissions
for each file before attempting to open it for reading.
Hence `dsmc` refuses to copy files where the file permission
mode blocks read access -- even if process capabilities
would allow it to proceed irrespective of permissions.
2022-01-17 12:09:27 +01:00
Yarny0 3f6d1f5f60 nixos/tsm-{client,backup}: update links in module comments
IBM has changed the URL structures of their support web pages.
The commit at hand updates URLs in two comments
so they follow the new structure.
2022-01-17 12:09:27 +01:00
Yarny0 8fa6f90ad6 tsm-client: set mainProgram
The TSM command line client `dsmc` should be the
program that is usually invoked from this package.
However, if a user explicitely asks for the
package with GUI support (with `enableGui`,
available in the package `tsm-client-withGui`),
we set the mainProgram to the graphical application `dsmj`
as that's likely what the user is looking for.
2022-01-17 12:09:27 +01:00
Yarny0 7934926b2e tsm-client: makeWrapper buildInputs to nativeBuildInputs
Although I'm not sure if `tsm-client` will ever be
subject to cross-compiling, referencing makeWrapper
from native BuildInputs is The Right Thing.

This is a kind of follow-up of
https://github.com/NixOS/nixpkgs/pull/112276
2022-01-17 12:09:26 +01:00
Yarny0 5ad0ecb901 tsm-client: 8.1.8.0 -> 8.1.13.0
tsm-client now links against openssl;
patchelf complains without it.

Links to IBM's "Authorized Program Analysis Report"s
(something like release notes),
to READMEs, and to Security Bulletins,
for all updates between 8.1.8.0 and 8.1.13.0:

* 8.1.9.x
  * APARs: https://www.ibm.com/support/pages/node/1077159
  * READMEs: https://www.ibm.com/support/pages/node/1108473
  * https://www.ibm.com/support/pages/node/1107261 (CVE-2018-2025)
  * https://www.ibm.com/support/pages/node/1107777 (CVE-2019-4406)

* 8.1.10.x
  * APARs: https://www.ibm.com/support/pages/node/6223098
  * READMEs: https://www.ibm.com/support/pages/node/6223388
  * https://www.ibm.com/support/pages/node/6221448 (CVE-2020-4494, CVE-2020-4406)
  * https://www.ibm.com/support/pages/node/6245356 (CVE-2020-2654)
  * https://www.ibm.com/support/pages/node/6245366 (CVE-2015-4000)

* 8.1.11.x
  * APARs: https://www.ibm.com/support/pages/node/6367203
  * READMEs: https://www.ibm.com/support/pages/node/6367205
  * https://www.ibm.com/support/pages/node/6371646
  * https://www.ibm.com/support/pages/node/6371650
  * https://www.ibm.com/support/pages/node/6371652

* 8.1.12.x
  * APARs: https://www.ibm.com/support/pages/node/6429561
  * READMEs: https://www.ibm.com/support/pages/node/6443671
  * https://www.ibm.com/support/pages/node/6445503 (CVE-2021-20532)
  * https://www.ibm.com/support/pages/node/6445497 (CVE-2021-29672, CVE-2021-20546)
  * https://www.ibm.com/support/pages/node/6445489 (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)
  * https://www.ibm.com/support/pages/node/6445483 (CVE-2020-27221, CVE-2020-14782)

* 8.1.13.x
  * APARs: https://www.ibm.com/support/pages/node/6524936
  * READMEs: https://www.ibm.com/support/pages/node/6524938
  * https://www.ibm.com/support/pages/node/6524706 (CVE-2021-39048)
  * https://www.ibm.com/support/pages/node/6524712 (CVE-2021-3712, CVE-2021-3711)
2022-01-17 12:09:26 +01:00
Yarny0 517ae2a288 tsm-client: update URL structure
IBM has changed the URL structures of their support web pages.
The commit at hand updates most URLs and
in particular the package update instructions
so they follow the new structure.
It also calculates the source download URL from the
version number, so package updates no longer have to
update the URL in addition to the version string.
2022-01-17 12:09:26 +01:00
Yarny0 6d134acc4a tsm-client: use explicit package option for Java GUI
The tsm-client package comes in two flavours:
command line only (`tsm-client`) and with a
Java-backed GUI (`tsm-client-withGui`).
To control which package is built,
the build recipe simply used to check if the
`jdk8` package was provided as package input.
This commit changes this mechanism:
The build recipe now accepts the explicit option `enableGui`,
which is set to `false` by default.

As the commit at hand touches the build recipe arguments,
it also changes argument sorting following
https://nixos.org/manual/nixpkgs/stable/#sec-syntax
2022-01-17 12:09:26 +01:00
Yarny0 ce6eea6002 tsm-client: add gnugrep to PATH
While testing the new version, I observed that
`dsmc` prints an error "sh: grep: command not found"
when executed with empty PATH.
Apparently, `dsmc` needs `grep` in its PATH.
2022-01-17 12:09:26 +01:00
Yarny0 6e157a481a tsm-client: fix lvm2 support
lvm2 support was broken when lvm2 got
converted to a multiple-output derivation:

https://github.com/NixOS/nixpkgs/pull/93024
d3a991d410

The `runtimeDependencies` attribute doesn't specifically
look for a `lib` output, so it uses the main `out` output
which no longer contains the library object files.

Since TSM loads the `libdevmapper.so` library
dynamically (likely with `dlfcn.h` functions),
the breakage couldn't be detected at build time.

The commit at hand simply uses
`getLib` to pick the correct output.
2022-01-17 12:09:23 +01:00
talyz 5010f4fff9
nixos/keycloak: Use LoadCredential to load secrets
Use systemd's LoadCredential mechanism to make the secret files
available to the service.

This gets rid of the privileged part of the ExecPreStart script which
only served to copy these files and assign the correct
permissions. There's been issues with this approach when used in
combination with DynamicUser, where sometimes the user isn't created
before the ExecPreStart script runs, causing the error

install: invalid user ‘keycloak’

This should fix that issue.

Unfortunately, all of the ExecPreStart script had to be moved to
ExecStart, since credentials aren't provided to ExecPreStart. See
https://github.com/systemd/systemd/issues/19604.
2022-01-17 11:46:51 +01:00
misuzu 1ea75adb02 git-workspace: 0.8.0 -> 0.9.0 2022-01-17 11:41:26 +01:00
Tom Fitzhenry f32154da14 spot: 0.2.2 -> 0.3.0
https://github.com/xou816/spot/releases/tag/0.3.0
2022-01-17 21:31:23 +11:00
Timo Kaufmann e3b041ac07
Merge pull request #145767 from midchildan/fix/noto-cjk
noto-fonts-cjk: add missing serif font
2022-01-17 11:23:40 +01:00
afreakk 9f0ec3ed16 yaml-merge: unstable- 2016-02-16 -> 2022-01-12 2022-01-17 11:11:55 +01:00
Sandro 1f82dc8d9b
Merge pull request #155139 from ivankovnatsky/patch-24 2022-01-17 11:06:24 +01:00
Renaud 0448ee08a4
Merge pull request #153260 from r-ryantm/auto-update/klibc
klibc: 2.0.9 -> 2.0.10
2022-01-17 11:02:38 +01:00
Sandro fd180ee549
Merge pull request #140265 from McSinyx/blackshades-2.4.0 2022-01-17 10:58:06 +01:00
Sandro 44e6704c37
Merge pull request #150169 from bew/init-rofi-wayland 2022-01-17 10:53:33 +01:00
Fabian Affolter 7a41423022 python3Packages.demjson: only run tests on Python 2 2022-01-17 10:52:53 +01:00
Sandro b50dfc5e6a
Merge pull request #155306 from cameronfyfe/add-vscode-language-packs 2022-01-17 10:51:07 +01:00
Phillip Cloud fd6f913af5
chore(pulumi): regenerate data.nix after version bump 2022-01-17 04:40:11 -05:00
Phillip Cloud d30fe4b438
pulumi: 3.21.0 -> 3.22.1 2022-01-17 04:40:10 -05:00
github-actions[bot] 5883bf6728 terraform-providers: update 2022-01-17 2022-01-17 19:36:58 +10:00
Sandro 2cc9cae45d
Merge pull request #155281 from SuperSandro2000/yle-dl 2022-01-17 10:33:21 +01:00
Sandro d3fb6ebc75
Merge pull request #155308 from datafoo/vscode-extensions.streetsidesoftware.code-spell-checker 2022-01-17 10:30:45 +01:00
Sandro fe9ab85ac4
Merge pull request #155305 from datafoo/vscode-extensions.stkb.rewrap 2022-01-17 10:29:23 +01:00
06kellyjac 1e75a13d8e deno: 1.17.2 -> 1.17.3 2022-01-17 09:29:14 +00:00
cameronfyfe 2eaa8d8bbf vscode: add non-english language packs 2022-01-17 02:17:34 -07:00
datafoo e8242572da vscode-extensions.streetsidesoftware.code-spell-checker: 2.0.14 -> 2.1.4 2022-01-17 10:15:49 +01:00
Fabian Affolter c7b528d3ad python3Packages.gvm-tools: disable failing tests 2022-01-17 10:15:35 +01:00
Fabian Affolter e00e384be4
Merge pull request #155288 from SuperSandro2000/python39Packages.google-cloud-bigquery
python39Packages.google-cloud-bigquery: 2.31.0 -> 2.32.0
2022-01-17 10:14:04 +01:00
datafoo 31dda65403 vscode-extensions.stkb.rewrap: 1.15.4 -> 1.16.0 2022-01-17 10:04:42 +01:00
Fabian Affolter d3dbc7d96d
Merge pull request #155287 from SuperSandro2000/python39Packages.google-cloud-datacatalog
python39Packages.google-cloud-datacatalog: 3.6.1 -> 3.6.2
2022-01-17 10:02:13 +01:00
Fabian Affolter a46420f72f
Merge pull request #155285 from SuperSandro2000/python39Packages.google-cloud-tasks
python39Packages.google-cloud-tasks: 2.7.1 -> 2.7.2
2022-01-17 09:50:07 +01:00
Fabian Affolter 9c4746a305
Merge pull request #155275 from fabaff/bump-meshtastic
python3Packages.meshtastic: 1.2.56 -> 1.2.57
2022-01-17 09:40:47 +01:00
Frederik Rietdijk afef6d0e81
Merge pull request #154687 from dotlambda/python-alias
python,pythonPackages: make aliases
2022-01-17 09:37:49 +01:00
Charlotte Van Petegem 6070532451
mautrix-whatsapp: 0.2.2 -> 0.2.3 2022-01-17 09:22:21 +01:00
Fabian Affolter c81e760f68 python3Packages.build: ignore DeprecationWarning 2022-01-17 09:11:44 +01:00