twisted is used in matrix-synapse for smtp handling.
Mostly this is used for password resets, but also notifications
are delivered that way.
older versions of twisted require the e-mail server to
have TLS1.0 enabled.
Obviously, quite a lot of servers have this disabled which means
synapse won't be able to deliver mails using such servers.
matrix-synapse issue:
https://github.com/matrix-org/synapse/issues/6211
Deluge 1.x requires Python 2 which upstream has end-of-lifed. Deluge depends
on pythonPackages.twisted, Python 2 support for which upstream has
nowdropped. If pythonPackages.twisted is upgraded then Deluge 1.x breaks.
So, remove it instead of leaving it broken.
Deluge 2.x (deluge-2_x) is available and continues to work.
Perform the tests on the package that the `tests` attribute is a child
of, i.e. if `discourseAllPlugins.tests` is built, the tests will run
with the `discourseAllPlugins` package, not the `discourse` package as
previously.
The problem behind this is that the hardened patchset[1]. Quite recently
this led to a weird problem when Linux 5.12 was dropped (and thus had to
be removed from `nixpkgs`), there were no patches for 5.13, so
`linuxPackages_hardened_latest` had to be downgraded to 5.10 as base[2]
which may be rather unintuitive and unexpected.
To avoid these kind of "silent downgrades" in the future, it makes sense
to drop the attribute entirely. If somebody wants to use a hardened
kernel, it's better to explicitly pin it using the newly introduced
versioned attributes, e.g. `linuxPackages_4_14_hardened`.
[1] https://github.com/anthraxx/linux-hardened/
[2] https://github.com/NixOS/nixpkgs/pull/133587
The paperless project has moved on to paperless-ng and the original
paperless package in Nixpkgs has stopped working recently (due to
version incompatibility with the providede Django package).
Instead of investing more time into the old module we should migrate all
users to the new module instead.
Previously, for processes launched by doas the unwrapped doas binary preceded the
setuid-wrapped doas binary in PATH.
This caused error `doas: not installed setuid` when running doas from
processes launched by doas.
doas seems to short-circuit the PATH lookup when called like
`doas -u myuser doas -u myuser ...` so the error doesn't appear in this case.
I expect it suffices that the channel only blocks on one firefox ESR
test - the one for the default ESR. I didn't want to have the
information about the default in two places, so either of the tests will
be evaluated twice (but to the same *.drv I hope).
Analogous to 6325d15e90.
The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.
In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.
While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.
Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.
There is no generic services.kea.enable option. Instead kea consists of
four daemons (dhcp4, dhcp6, ddns, ctrlagent) that can be enabled
individually. In this test we're just looking at dhcp6.
The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.
In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.
While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.
Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.
See
https://github.com/NixOS/nixpkgs/pull/132898#issuecomment-894495057
for more context.
This option allows basic configuration of the compression technique
used in the backup script. Specifically it adds `none` and `zstd` as
new alternatives, keeping `gzip` as the default.
* tuxguitar: Ensure that tuxguitar is launched with java 8 comtabilbe jre and libraries as greate java version is not supported
* tuxguitar: Added test to verify application starts without problems
* tuxguitar: 1.5.2 -> 1.5.4
This should catch regressions like #131074 in the future. In that case a
glibc update caused a regression that caused most of the text to become
invisible (just not the "Web Store" we've already been checking for).
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
This update includes 35 security fixes.
CVEs:
CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568
CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573
CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577
CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581
CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585
CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589
Note: This won't be the smoothest update. Chromium seems to be fine but
requires gtk3 in $LD_LIBRARY_PATH to find libgtk-3.so.0 (otherwise it
crashes during startup) but Google Chrome fails to initialize
("GPU process exited unexpectedly: exit_code=132") and requires
"--use-gl=angle --use-angle=swiftshader" for hardware(?) acceleration
(which seems to work work fine and performant but SwiftShader should
actually use the CPU instead of the GPU).
The one-line test is hard to fix in a readable manner
and doesn't really add value above the hello-world test.
So rather simplify to reduce maintenance.
This can be very useful when running the test headless or e.g. when
looking at Hydra logs. Especially the chrome://gpu content contains a
lot of interesting information.
I also decided to refactor the test_new_win() function to avoid
duplicate code and rely less on xdo.
Unfortunately there are some regressions in the GPU code that cause
Chromium and Google Chrome to crash, e.g.:
machine # [0709/084047.890436:ERROR:process_memory_range.cc(75)] read out of range[ 30.153484] show_signal: 20 callbacks suppressed
machine # [ 30.153490] traps: chrome[1036] trap invalid opcode ip:55af03357b29 sp:7ffeaa69ad10 error:0 in chrome[55aefe7a4000+81ec000]
machine #
machine # [0709/084047.955039:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or directory (2)
machine # [0709/084047.955078:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or directory (2)
machine # [ 30.126905] systemd[1]: Created slice system-systemd\x2dcoredump.slice.
machine # [ 30.137012] systemd[1]: Started Process Core Dump (PID 1038/UID 0).
machine # [ 30.571987] systemd-coredump[1039]: Process 1036 (chrome) of user 1000 dumped core.
machine # [992:1021:0709/084048.501937:ERROR:gpu_process_host.cc(995)] GPU process exited unexpectedly: exit_code=132
machine # [ 30.594747] systemd[1]: systemd-coredump@0-1038-0.service: Succeeded.
Hopefully this'll be fixed upstream before the final release (there are
bug reports for it) but for the meantime we have to launch the beta and
dev versions with "--use-gl=angle --use-angle=swiftshader".
In commit fbbaa4d40f, the Zsh default
prompt has changed from "walters" to "suse". So instead of:
root@default>
... we now have:
root@default:~/ >
However, in the NixOS VM test, we are matching "root@default>", which
doesn't include the current working directory and thus eventually leads
to a test failure after timing out.
To fix this, I changed the regex to include a newline at the beginning
and made sure that the hostname ends with a word boundary. This way it
doesn't matter whether the prompt is "walters" or "suse", because after
all the test is not about the prompt but about whether the history
mechanism works (or not).
Signed-off-by: aszlig <aszlig@nix.build>
I tried to make this as non-breaking as possible, but it will still
break things slightly for people expecting certain file names in the
packages themselves.
The modules overrides extraComponents which leads to a costly rebuild of
the home-assistant package with all tests. Make it less costly by not
running the tests, as does the default for the package option. The
package's tests are already run by ofborg on every pull request as well
as by Hydra when building home-assistant.
- remove check for `connected .JID: focus@auth.server` because
- log format was changed in c1945ea6cb
- connection.getUser() in jicofo also appears to be broken, returning null instead of username
- testing for this log line shouldn't be necessary, as we also test for "Authenticated as focus@auth.server"
- remove check for `External component successfully authenticated` because
- [JVB no longer uses component](https://community.jitsi.org/t/jvb-not-connecting/91157/2)
- increase VM memory