diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 4d3c8888f3a2..fa1140a7e335 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -7,33 +7,38 @@ assignees: '' --- -**Describe the bug** +### Describe the bug A clear and concise description of what the bug is. -**To Reproduce** +### Steps To Reproduce Steps to reproduce the behavior: 1. ... 2. ... 3. ... -**Expected behavior** +### Expected behavior A clear and concise description of what you expected to happen. -**Screenshots** +### Screenshots If applicable, add screenshots to help explain your problem. -**Additional context** +### Additional context Add any other context about the problem here. -**Notify maintainers** +### Notify maintainers -**Metadata** +### Metadata Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result. +```console +[user@system:~]$ nix-shell -p nix-info --run "nix-info -m" +output here +``` + Maintainer information: ```yaml # a list of nixpkgs attributes affected by the problem diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index ae9f97c139b4..3695997f7176 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -617,6 +617,77 @@ be removed in 22.05. + + + The order of NSS (host) modules has been brought in line with + upstream recommendations: + + + + + The myhostname module is placed before + the resolve (optional) and + dns entries, but after + file (to allow overriding via + /etc/hosts / + networking.extraHosts, and prevent ISPs + with catchall-DNS resolvers from hijacking + .localhost domains) + + + + + The mymachines module, which provides + hostname resolution for local containers (registered with + systemd-machined) is placed to the + front, to make sure its mappings are preferred over other + resolvers. + + + + + If systemd-networkd is enabled, the + resolve module is placed before + files and + myhostname, as it provides the same + logic internally, with caching. + + + + + The mdns(_minimal) module has been + updated to the new priorities. + + + + + If you use your own NSS host modules, make sure to update your + priorities according to these rules: + + + + + NSS modules which should be queried before + resolved DNS resolution should use + mkBefore. + + + + + NSS modules which should be queried after + resolved, files and + myhostname, but before + dns should use the default priority + + + + + NSS modules which should come after dns + should use mkAfter. + + + + diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 172fe9bbcadc..cc5b6bf81eec 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -155,3 +155,27 @@ pt-services.clipcat.enable). - The wordpress module provides a new interface which allows to use different webservers with the new option [`services.wordpress.webserver`](options.html#opt-services.wordpress.webserver). Currently `httpd` and `nginx` are supported. The definitions of wordpress sites should now be set in [`services.wordpress.sites`](options.html#opt-services.wordpress.sites). Sites definitions that use the old interface are automatically migrated in the new option. This backward compatibility will be removed in 22.05. + +- The order of NSS (host) modules has been brought in line with upstream + recommendations: + + - The `myhostname` module is placed before the `resolve` (optional) and `dns` + entries, but after `file` (to allow overriding via `/etc/hosts` / + `networking.extraHosts`, and prevent ISPs with catchall-DNS resolvers from + hijacking `.localhost` domains) + - The `mymachines` module, which provides hostname resolution for local + containers (registered with `systemd-machined`) is placed to the front, to + make sure its mappings are preferred over other resolvers. + - If systemd-networkd is enabled, the `resolve` module is placed before + `files` and `myhostname`, as it provides the same logic internally, with + caching. + - The `mdns(_minimal)` module has been updated to the new priorities. + + If you use your own NSS host modules, make sure to update your priorities + according to these rules: + + - NSS modules which should be queried before `resolved` DNS resolution should + use mkBefore. + - NSS modules which should be queried after `resolved`, `files` and + `myhostname`, but before `dns` should use the default priority + - NSS modules which should come after `dns` should use mkAfter. diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index d19d35a48906..91a36cef10e6 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -124,8 +124,8 @@ with lib; group = mkBefore [ "files" ]; shadow = mkBefore [ "files" ]; hosts = mkMerge [ - (mkBefore [ "files" ]) - (mkAfter [ "dns" ]) + (mkOrder 998 [ "files" ]) + (mkOrder 1499 [ "dns" ]) ]; services = mkBefore [ "files" ]; }; diff --git a/nixos/modules/hardware/sensor/iio.nix b/nixos/modules/hardware/sensor/iio.nix index 4c359c3b1725..8b3ba87a7d9c 100644 --- a/nixos/modules/hardware/sensor/iio.nix +++ b/nixos/modules/hardware/sensor/iio.nix @@ -9,7 +9,7 @@ with lib; hardware.sensor.iio = { enable = mkOption { description = '' - Enable this option to support IIO sensors. + Enable this option to support IIO sensors with iio-sensor-proxy. IIO sensors are used for orientation and ambient light sensors on some mobile devices. diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 0b7d5575c11f..020a817f2596 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -240,8 +240,8 @@ in system.nssModules = optional cfg.nssmdns pkgs.nssmdns; system.nssDatabases.hosts = optionals cfg.nssmdns (mkMerge [ - (mkOrder 900 [ "mdns_minimal [NOTFOUND=return]" ]) # must be before resolve - (mkOrder 1501 [ "mdns" ]) # 1501 to ensure it's after dns + (mkBefore [ "mdns_minimal [NOTFOUND=return]" ]) # before resolve + (mkAfter [ "mdns" ]) # after dns ]); environment.systemPackages = [ pkgs.avahi ]; diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index 84bc9b78076c..a6fc07da0abb 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -140,7 +140,8 @@ in # add resolve to nss hosts database if enabled and nscd enabled # system.nssModules is configured in nixos/modules/system/boot/systemd.nix - system.nssDatabases.hosts = optional config.services.nscd.enable "resolve [!UNAVAIL=return]"; + # added with order 501 to allow modules to go before with mkBefore + system.nssDatabases.hosts = (mkOrder 501 ["resolve [!UNAVAIL=return]"]); systemd.additionalUpstreamSystemUnits = [ "systemd-resolved.service" diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index abd8ab29caef..58064e5de865 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -925,9 +925,8 @@ in system.nssModules = [ systemd.out ]; system.nssDatabases = { hosts = (mkMerge [ - [ "mymachines" ] - (mkOrder 1600 [ "myhostname" ] # 1600 to ensure it's always the last - ) + (mkOrder 400 ["mymachines"]) # 400 to ensure it comes before resolve (which is mkBefore'd) + (mkOrder 999 ["myhostname"]) # after files (which is 998), but before regular nss modules ]); passwd = (mkMerge [ (mkAfter [ "systemd" ]) diff --git a/pkgs/applications/networking/instant-messengers/slack/default.nix b/pkgs/applications/networking/instant-messengers/slack/default.nix index 39cff6de85de..24282f4be333 100644 --- a/pkgs/applications/networking/instant-messengers/slack/default.nix +++ b/pkgs/applications/networking/instant-messengers/slack/default.nix @@ -50,8 +50,12 @@ let x86_64-linux-version = "4.17.0"; x86_64-linux-sha256 = "07ccms58pq27ilkyhcf6cgwb7qrddwil5kgy8yv95ljikqzi5rxi"; + aarch64-darwin-version = "4.17.0"; + aarch64-darwin-sha256 = "1a5crmnbz8ng3z2pk5zw17dds9d5fyir4rkvv611fn858kq5fv46"; + version = { x86_64-darwin = x86_64-darwin-version; + aarch64-darwin = aarch64-darwin-version; x86_64-linux = x86_64-linux-version; }.${system} or throwSystem; @@ -64,6 +68,10 @@ let url = "${base}/releases/macos/${version}/prod/x64/Slack-${version}-macOS.dmg"; sha256 = x86_64-darwin-sha256; }; + aarch64-darwin = fetchurl { + url = "${base}/releases/macos/${version}/prod/arm64/Slack-${version}-macOS.dmg"; + sha256 = aarch64-darwin-sha256; + }; x86_64-linux = fetchurl { url = "${base}/linux_releases/slack-desktop-${version}-amd64.deb"; sha256 = x86_64-linux-sha256; @@ -75,7 +83,7 @@ let homepage = "https://slack.com"; license = licenses.unfree; maintainers = with maintainers; [ mmahut ]; - platforms = [ "x86_64-darwin" "x86_64-linux" ]; + platforms = [ "x86_64-darwin" "x86_64-linux" "aarch64-darwin"]; }; linux = stdenv.mkDerivation rec { diff --git a/pkgs/development/python-modules/ailment/default.nix b/pkgs/development/python-modules/ailment/default.nix index a6c99e72c0ad..3ddd3d366e8e 100644 --- a/pkgs/development/python-modules/ailment/default.nix +++ b/pkgs/development/python-modules/ailment/default.nix @@ -7,14 +7,14 @@ buildPythonPackage rec { pname = "ailment"; - version = "9.0.9031"; + version = "9.0.9166"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-xyNTcGTGH8030CJif6an+kDZIfOUVDMiRhFamVajAzk="; + sha256 = "09qbqn57h92f81xv35f645ai7nkkqf7cidkg3qrwfpxcwc2g9kdz"; }; propagatedBuildInputs = [ pyvex ]; diff --git a/pkgs/development/python-modules/angr/default.nix b/pkgs/development/python-modules/angr/default.nix index 285a125a7257..acad9cb0f598 100644 --- a/pkgs/development/python-modules/angr/default.nix +++ b/pkgs/development/python-modules/angr/default.nix @@ -43,14 +43,14 @@ in buildPythonPackage rec { pname = "angr"; - version = "9.0.9031"; + version = "9.0.9166"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-qWAz9SHfQU0cdk4yVekJn5OIDPJPbi63CDdlHDq1Opw="; + sha256 = "1h1jb57zp8wy24xy60j76sl4hrzhhwfsvfx26zhbnhqzmwghpd5x"; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/angrop/default.nix b/pkgs/development/python-modules/angrop/default.nix index e5ab1954276b..1ab86c1820ac 100644 --- a/pkgs/development/python-modules/angrop/default.nix +++ b/pkgs/development/python-modules/angrop/default.nix @@ -9,14 +9,14 @@ buildPythonPackage rec { pname = "angrop"; - version = "9.0.9031"; + version = "9.0.9166"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-3q/3iFR0FFOcvgmNVXtgi1Spu5xfXNJFy+QoIh8amOY="; + sha256 = "1myrzp5axg0dj7kxqc2mz3kfqlds3vzvavcncrj5y9xpx8m7l71m"; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/archinfo/default.nix b/pkgs/development/python-modules/archinfo/default.nix index 60c3e8905b59..40583a12ada8 100644 --- a/pkgs/development/python-modules/archinfo/default.nix +++ b/pkgs/development/python-modules/archinfo/default.nix @@ -7,13 +7,13 @@ buildPythonPackage rec { pname = "archinfo"; - version = "9.0.9031"; + version = "9.0.9166"; src = fetchFromGitHub { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-pzBMyw5FwQV1FyhvOxUq39s96p0KKSrkEvJzhJQdS4E="; + sha256 = "0y77lyz019rm9zgxpam6dbb006c7j66hwy985h3fg6nbz74pcml5"; }; checkInputs = [ diff --git a/pkgs/development/python-modules/claripy/default.nix b/pkgs/development/python-modules/claripy/default.nix index 2c25d258e579..3dc930473f5e 100644 --- a/pkgs/development/python-modules/claripy/default.nix +++ b/pkgs/development/python-modules/claripy/default.nix @@ -13,14 +13,14 @@ buildPythonPackage rec { pname = "claripy"; - version = "9.0.9031"; + version = "9.0.9166"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-UCmt2Vm8OWyKa0fmPlGuvzaFddUWs6quavUgIZasoJg="; + sha256 = "0rwl5q7z16agcykn0an2lyqfn2z5yvmg0xcvxfpvndf6zpnbqhx0"; }; # Use upstream z3 implementation diff --git a/pkgs/development/python-modules/cle/default.nix b/pkgs/development/python-modules/cle/default.nix index d6731260937d..0110625eba87 100644 --- a/pkgs/development/python-modules/cle/default.nix +++ b/pkgs/development/python-modules/cle/default.nix @@ -15,7 +15,7 @@ let # The binaries are following the argr projects release cycle - version = "9.0.9031"; + version = "9.0.9166"; # Binary files from https://github.com/angr/binaries (only used for testing and only here) binaries = fetchFromGitHub { @@ -35,7 +35,7 @@ buildPythonPackage rec { owner = "angr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-+9aW7J8FXuKtU20dpqnoj37McPxzbkjKuYZIO8QeFF0="; + sha256 = "1mvdcwzim52mc7vjrr2cq8xwwi0v0ai3z608mg5nfbbf4zjji76c"; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/pyvex/default.nix b/pkgs/development/python-modules/pyvex/default.nix index d021b6b06d3c..a6c2b1d381b7 100644 --- a/pkgs/development/python-modules/pyvex/default.nix +++ b/pkgs/development/python-modules/pyvex/default.nix @@ -11,11 +11,11 @@ buildPythonPackage rec { pname = "pyvex"; - version = "9.0.9031"; + version = "9.0.9166"; src = fetchPypi { inherit pname version; - sha256 = "sha256-bl6bWv4c+tlaWcxrYCiljC9C+wAZZVyk+1O0rlb4kxA="; + sha256 = "0h7jw7blr4bal7pw711cxmwm4jjypchshc8ks04z2lyziy83ywja"; }; postPatch = lib.optionalString stdenv.isDarwin '' diff --git a/pkgs/games/factorio/versions.json b/pkgs/games/factorio/versions.json index 98c58191f164..500181ff70ef 100644 --- a/pkgs/games/factorio/versions.json +++ b/pkgs/games/factorio/versions.json @@ -10,12 +10,12 @@ "version": "1.1.36" }, "stable": { - "name": "factorio_alpha_x64-1.1.35.tar.xz", + "name": "factorio_alpha_x64-1.1.36.tar.xz", "needsAuth": true, - "sha256": "1svjjpyffdrmll1b3icsrikfi4v2r1z6j7iqq0v36iq0zw7vw3bk", + "sha256": "1x9a2lv6zbqawqlxg8bcbx04hjy0pq40macfa4sqi8w6h14wgww8", "tarDirectory": "x64", - "url": "https://factorio.com/get-download/1.1.35/alpha/linux64", - "version": "1.1.35" + "url": "https://factorio.com/get-download/1.1.36/alpha/linux64", + "version": "1.1.36" } }, "demo": { @@ -28,12 +28,12 @@ "version": "1.1.35" }, "stable": { - "name": "factorio_demo_x64-1.1.35.tar.xz", + "name": "factorio_demo_x64-1.1.36.tar.xz", "needsAuth": false, - "sha256": "0yqb4gf2avpxr4vwafws9pv74xyd9g84zggfikfc801ldc7sp29f", + "sha256": "15fl4pza7n107rrmmdm26kkc12fnrmpn6rjb4ampgzqzn1fq854s", "tarDirectory": "x64", - "url": "https://factorio.com/get-download/1.1.35/demo/linux64", - "version": "1.1.35" + "url": "https://factorio.com/get-download/1.1.36/demo/linux64", + "version": "1.1.36" } }, "headless": { @@ -46,12 +46,12 @@ "version": "1.1.36" }, "stable": { - "name": "factorio_headless_x64-1.1.35.tar.xz", + "name": "factorio_headless_x64-1.1.36.tar.xz", "needsAuth": false, - "sha256": "0xpiw89ad6cfpc576g5jpsyzwjncs3jrx01056p52wj01747fm94", + "sha256": "1s8g030xp5nrlmnn21frrd8n4nd7jjmb5hbpj1vhxjrk6vpijh24", "tarDirectory": "x64", - "url": "https://factorio.com/get-download/1.1.35/headless/linux64", - "version": "1.1.35" + "url": "https://factorio.com/get-download/1.1.36/headless/linux64", + "version": "1.1.36" } } } diff --git a/pkgs/servers/monitoring/grafana-agent/default.nix b/pkgs/servers/monitoring/grafana-agent/default.nix index c772b76cf031..4c9d0437d79f 100644 --- a/pkgs/servers/monitoring/grafana-agent/default.nix +++ b/pkgs/servers/monitoring/grafana-agent/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "grafana-agent"; - version = "0.16.1"; + version = "0.17.0"; src = fetchFromGitHub { rev = "v${version}"; owner = "grafana"; repo = "agent"; - sha256 = "0kqbn6fqlrxjqdkkhbr7qmm2m05a7dlskfdb7y4gr5ggi65m6ik5"; + sha256 = "sha256-rHJGVQWbvgcvwPzt8e2uWs1n4bbaAZz6lQjyvmqmLZw="; }; - vendorSha256 = "0xi69a1zkcmi5q8m7lfwp3xb4cbkwc2dzqm24lfqsq13xj5jq6ph"; + vendorSha256 = "sha256-jA8M8ZdJWmrGRQb0W1duVV+XwxqJVQ/ek0Yhw6JZvX8="; patches = [ # https://github.com/grafana/agent/issues/731 diff --git a/pkgs/servers/monitoring/grafana/plugins/grafana-polystat-panel/default.nix b/pkgs/servers/monitoring/grafana/plugins/grafana-polystat-panel/default.nix index 85b4c7069a9a..0ef214975979 100644 --- a/pkgs/servers/monitoring/grafana/plugins/grafana-polystat-panel/default.nix +++ b/pkgs/servers/monitoring/grafana/plugins/grafana-polystat-panel/default.nix @@ -2,8 +2,8 @@ grafanaPlugin rec { pname = "grafana-polystat-panel"; - version = "1.2.5"; - zipHash = "sha256-U9vNfK4ofNzwL7MVe43tGY85gI56Jt1eb7TrCkeNrOQ="; + version = "1.2.6"; + zipHash = "sha256-gbMD2o8A2YYZzkpYiXNkv8Oj958RP47fL6DXj1SBYF0="; meta = with lib; { description = "Hexagonal multi-stat panel for Grafana"; license = licenses.asl20; diff --git a/pkgs/servers/monitoring/prometheus/default.nix b/pkgs/servers/monitoring/prometheus/default.nix index b87817af439c..f4ad8a8e7b9b 100644 --- a/pkgs/servers/monitoring/prometheus/default.nix +++ b/pkgs/servers/monitoring/prometheus/default.nix @@ -1,4 +1,10 @@ -{ stdenv, lib, go, buildGoModule, fetchFromGitHub, mkYarnPackage, nixosTests +{ stdenv +, lib +, go +, buildGoModule +, fetchFromGitHub +, mkYarnPackage +, nixosTests , fetchpatch }: @@ -27,7 +33,8 @@ let installPhase = "mv build $out"; distPhase = "true"; }; -in buildGoModule rec { +in +buildGoModule rec { pname = "prometheus"; inherit src version; @@ -41,19 +48,21 @@ in buildGoModule rec { ''; buildFlags = "-tags=builtinassets"; - buildFlagsArray = let - t = "${goPackagePath}/vendor/github.com/prometheus/common/version"; - in [ - '' - -ldflags= - -X ${t}.Version=${version} - -X ${t}.Revision=unknown - -X ${t}.Branch=unknown - -X ${t}.BuildUser=nix@nixpkgs - -X ${t}.BuildDate=unknown - -X ${t}.GoVersion=${lib.getVersion go} - '' - ]; + buildFlagsArray = + let + t = "${goPackagePath}/vendor/github.com/prometheus/common/version"; + in + [ + '' + -ldflags= + -X ${t}.Version=${version} + -X ${t}.Revision=unknown + -X ${t}.Branch=unknown + -X ${t}.BuildUser=nix@nixpkgs + -X ${t}.BuildDate=unknown + -X ${t}.GoVersion=${lib.getVersion go} + '' + ]; # only run this in the real build, not during the vendor build # this should probably be fixed in buildGoModule @@ -67,7 +76,8 @@ in buildGoModule rec { cp -a $src/console_libraries $src/consoles $out/etc/prometheus ''; - doCheck = !stdenv.isDarwin; # https://hydra.nixos.org/build/130673870/nixlog/1 + # doCheck = !stdenv.isDarwin; # https://hydra.nixos.org/build/130673870/nixlog/1 + doCheck = false; passthru.tests = { inherit (nixosTests) prometheus; }; diff --git a/pkgs/servers/monitoring/seyren/default.nix b/pkgs/servers/monitoring/seyren/default.nix index 4dd90cacb8bf..a94de966e4d3 100644 --- a/pkgs/servers/monitoring/seyren/default.nix +++ b/pkgs/servers/monitoring/seyren/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1fixij04n8hgmaj8kw8i6vclwyd6n94x0n6ify73ynm6dfv8g37x"; }; - phases = ["installPhase"]; + dontUnpack = true; nativeBuildInputs = [ makeWrapper ]; buildInputs = [ jre ];