From b4d92811befd66f5ab86450b650e6f6c033f956b Mon Sep 17 00:00:00 2001 From: vroad <396351+vroad@users.noreply.github.com> Date: Fri, 19 Mar 2021 10:25:26 +0900 Subject: [PATCH 01/17] dockerTools.streamLayeredImage: add fakeRootCommands option --- pkgs/build-support/docker/default.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index fec289f0ff1e..8453ea4deedd 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -7,6 +7,7 @@ coreutils, docker, e2fsprogs, + fakeroot, findutils, go, jq, @@ -738,6 +739,9 @@ rec { created ? "1970-01-01T00:00:01Z", # Optional bash script to run on the files prior to fixturizing the layer. extraCommands ? "", + # Optional bash script to run inside fakeroot environment. + # Could be used for changing ownership of files in customisation layer. + fakeRootCommands ? "", # We pick 100 to ensure there is plenty of room for extension. I # believe the actual maximum is 128. maxLayers ? 100 @@ -764,18 +768,24 @@ rec { name = "${baseName}-customisation-layer"; paths = contentsList; inherit extraCommands; + inherit fakeRootCommands; + nativeBuildInputs = [ fakeroot ]; postBuild = '' mv $out old_out (cd old_out; eval "$extraCommands" ) mkdir $out - tar \ - --sort name \ - --owner 0 --group 0 --mtime "@$SOURCE_DATE_EPOCH" \ - --hard-dereference \ - -C old_out \ - -cf $out/layer.tar . + fakeroot bash -c ' + set -e + cd old_out + eval "$fakeRootCommands" + tar \ + --sort name \ + --numeric-owner --mtime "@$SOURCE_DATE_EPOCH" \ + --hard-dereference \ + -cf $out/layer.tar . + ' sha256sum $out/layer.tar \ | cut -f 1 -d ' ' \ From 5199c7e6da7eb0d87744a04fdbda50e40e902e2e Mon Sep 17 00:00:00 2001 From: vroad <396351+vroad@users.noreply.github.com> Date: Fri, 19 Mar 2021 10:56:00 +0900 Subject: [PATCH 02/17] dockerTools.streamLayeredImage: simplify inherit statements Co-authored-by: Sandro --- pkgs/build-support/docker/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 8453ea4deedd..bf0b512fa1ea 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -767,8 +767,7 @@ rec { customisationLayer = symlinkJoin { name = "${baseName}-customisation-layer"; paths = contentsList; - inherit extraCommands; - inherit fakeRootCommands; + inherit extraCommands fakeRootCommands; nativeBuildInputs = [ fakeroot ]; postBuild = '' mv $out old_out From 057c7a2d58d28fc63c733728a591d7ecd30755ca Mon Sep 17 00:00:00 2001 From: vroad <396351+vroad@users.noreply.github.com> Date: Fri, 19 Mar 2021 11:01:10 +0900 Subject: [PATCH 03/17] dockerTools.streamLayeredImage: source $stdenv/setup before running fakeRootCommands --- pkgs/build-support/docker/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index bf0b512fa1ea..7837406f8d46 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -776,7 +776,7 @@ rec { mkdir $out fakeroot bash -c ' - set -e + source $stdenv/setup cd old_out eval "$fakeRootCommands" tar \ From 2dce2253bcf4b1b7eacd823783d1abedb857234f Mon Sep 17 00:00:00 2001 From: vroad <396351+vroad@users.noreply.github.com> Date: Fri, 19 Mar 2021 11:54:13 +0900 Subject: [PATCH 04/17] dockerTools.streamLayeredImage: document fakeRootCommands --- doc/builders/images/dockertools.section.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/builders/images/dockertools.section.md b/doc/builders/images/dockertools.section.md index 40d4dba1b85e..99b901e9b862 100644 --- a/doc/builders/images/dockertools.section.md +++ b/doc/builders/images/dockertools.section.md @@ -141,6 +141,10 @@ Create a Docker image with many of the store paths being on their own layer to i : Shell commands to run while building the final layer, without access to most of the layer contents. Changes to this layer are "on top" of all the other layers, so can create additional directories and files. +`fakeRootCommands` _optional_ + +: Shell commands to run while creating the archive for the final layer in a fakeroot environment. Unlike `extraCommands`, you can run chown to change the owners of the files in the archive, without actually persisting the change to the filesystem. By default all files in the archive will be owned by root. + ### Behavior of `contents` in the final image {#dockerTools-buildLayeredImage-arg-contents} Each path directly listed in `contents` will have a symlink in the root of the image. From c420e650c9d230fe9329f2ec9ad5b4cad5c21f5d Mon Sep 17 00:00:00 2001 From: vroad <396351+vroad@users.noreply.github.com> Date: Wed, 24 Mar 2021 08:24:21 +0900 Subject: [PATCH 05/17] dockerTools.streamLayeredImage: Update documentation Co-authored-by: Robert Hensing --- doc/builders/images/dockertools.section.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/builders/images/dockertools.section.md b/doc/builders/images/dockertools.section.md index 99b901e9b862..2573fc272f7d 100644 --- a/doc/builders/images/dockertools.section.md +++ b/doc/builders/images/dockertools.section.md @@ -143,7 +143,7 @@ Create a Docker image with many of the store paths being on their own layer to i `fakeRootCommands` _optional_ -: Shell commands to run while creating the archive for the final layer in a fakeroot environment. Unlike `extraCommands`, you can run chown to change the owners of the files in the archive, without actually persisting the change to the filesystem. By default all files in the archive will be owned by root. +: Shell commands to run while creating the archive for the final layer in a fakeroot environment. Unlike `extraCommands`, you can run `chown` to change the owners of the files in the archive, changing fakeroot's state instead of the real filesystem. The latter would require privileges that the build user does not have. Static binaries do not interact with the fakeroot environment. By default all files in the archive will be owned by root. ### Behavior of `contents` in the final image {#dockerTools-buildLayeredImage-arg-contents} From 38df713ed87f531c4102aea966719bc42057a0c3 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Tue, 6 Apr 2021 09:53:00 +0200 Subject: [PATCH 06/17] python3Packages.PyChromecast: 9.1.1 -> 9.1.2 --- pkgs/development/python-modules/pychromecast/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pychromecast/default.nix b/pkgs/development/python-modules/pychromecast/default.nix index cbf96f11a173..cc68d83d02b0 100644 --- a/pkgs/development/python-modules/pychromecast/default.nix +++ b/pkgs/development/python-modules/pychromecast/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "PyChromecast"; - version = "9.1.1"; + version = "9.1.2"; src = fetchPypi { inherit pname version; - sha256 = "sha256-q52h0u9CSx/HVfZDb1RaVgVuxt4kB16T82nqyOuCGDc="; + sha256 = "sha256-kHZWzqRtOdDpPsgVl5V470+29lX9i/TojmQh/NeCToU="; }; disabled = !isPy3k; From 5df9c14ceeb43f64a5f2927cea702054dd769073 Mon Sep 17 00:00:00 2001 From: Austin Butler Date: Tue, 6 Apr 2021 23:10:24 -0700 Subject: [PATCH 07/17] nomachine-client: 7.2.3 -> 7.4.1 --- pkgs/tools/admin/nomachine-client/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/tools/admin/nomachine-client/default.nix b/pkgs/tools/admin/nomachine-client/default.nix index fa5763178bd5..0daa65cc9804 100644 --- a/pkgs/tools/admin/nomachine-client/default.nix +++ b/pkgs/tools/admin/nomachine-client/default.nix @@ -1,10 +1,10 @@ { lib, stdenv, file, fetchurl, makeWrapper, autoPatchelfHook, jsoncpp, libpulseaudio }: let - versionMajor = "7.2"; - versionMinor = "3"; - versionBuild_x86_64 = "8"; - versionBuild_i686 = "8"; + versionMajor = "7.4"; + versionMinor = "1"; + versionBuild_x86_64 = "1"; + versionBuild_i686 = "1"; in stdenv.mkDerivation rec { pname = "nomachine-client"; @@ -14,12 +14,12 @@ in if stdenv.hostPlatform.system == "x86_64-linux" then fetchurl { url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_${versionBuild_x86_64}_x86_64.tar.gz"; - sha256 = "1x60vmngq4927qvy6ljmyvwlz5lapilld3495w3y3jdllwd3dxp4"; + sha256 = "1qir9ii0h5ali87mjzjl72dm1ky626d7y59jfpglakqxzqhjamdz"; } else if stdenv.hostPlatform.system == "i686-linux" then fetchurl { url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_${versionBuild_i686}_i686.tar.gz"; - sha256 = "0dx921g6w3gk0x4p771qqxbbi16vl11hmdzzwhfczrq90pgzrhks"; + sha256 = "1gxiysc09k3jz1pkkyfqgw2fygcnmrnskk6b9vn4fjnvsab4py60"; } else throw "NoMachine client is not supported on ${stdenv.hostPlatform.system}"; From 63e7c4186f43190ca4ee44aeec10f81343573861 Mon Sep 17 00:00:00 2001 From: vroad <396351+vroad@users.noreply.github.com> Date: Wed, 7 Apr 2021 18:11:02 +0900 Subject: [PATCH 08/17] dockerTools.streamLayeredImage: Add test for fakeRootCommands --- nixos/tests/docker-tools.nix | 8 ++++++++ pkgs/build-support/docker/examples.nix | 13 +++++++++++++ 2 files changed, 21 insertions(+) diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 1cc554d002b2..a71cf79c5a78 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -270,5 +270,13 @@ import ./make-test-python.nix ({ pkgs, ... }: { docker.succeed( "docker images --format '{{.Repository}}' | grep -F '${examples.prefixedLayeredImage.imageName}'" ) + + with subtest("buildLayeredImage supports running chown with fakeRootCommands"): + docker.succeed( + "docker load --input='${examples.layeredImageWithFakeRootCommands}'" + ) + docker.succeed( + "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'" + ) ''; }) diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix index 9e33a42af23e..2eab0ede0233 100644 --- a/pkgs/build-support/docker/examples.nix +++ b/pkgs/build-support/docker/examples.nix @@ -441,4 +441,17 @@ rec { tag = "latest"; config.Cmd = [ "${pkgs.hello}/bin/hello" ]; }; + + # layered image with files owned by a user other than root + layeredImageWithFakeRootCommands = pkgs.dockerTools.buildLayeredImage { + name = "layered-image-with-fake-root-commands"; + tag = "latest"; + contents = [ + pkgs.pkgsStatic.busybox + ]; + fakeRootCommands = '' + mkdir -p ./home/jane + chown 1000 ./home/jane + ''; + }; } From 6d49bb239f9ad3198d9717c2f1e8c72ddf484f77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Wed, 7 Apr 2021 12:18:50 +0200 Subject: [PATCH 09/17] python3Packages.transitions: 0.8.7 -> 0.8.8 https://github.com/pytransitions/transitions/releases/tag/0.8.8 --- .../python-modules/transitions/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/python-modules/transitions/default.nix b/pkgs/development/python-modules/transitions/default.nix index 013cf73ee1f9..c469875728cd 100644 --- a/pkgs/development/python-modules/transitions/default.nix +++ b/pkgs/development/python-modules/transitions/default.nix @@ -7,15 +7,16 @@ , mock , graphviz , pycodestyle +, fontconfig }: buildPythonPackage rec { pname = "transitions"; - version = "0.8.7"; + version = "0.8.8"; src = fetchPypi { inherit pname version; - sha256 = "8c60ec0828cd037820726283cad5d4d77a5e31514e058b51250420e9873e9bc7"; + sha256 = "sha256-56hrMaFhp2Ez8Ymzrp2tJ1WoDqTB4O7hgFZI0CH7Z30="; }; propagatedBuildInputs = [ @@ -30,10 +31,9 @@ buildPythonPackage rec { pycodestyle ]; - disabledTests = [ - # Fontconfig error: Cannot load default config file - "test_diagram" - ]; + preCheck = '' + export FONTCONFIG_FILE=${fontconfig.out}/etc/fonts/fonts.conf + ''; meta = with lib; { homepage = "https://github.com/pytransitions/transitions"; From ba6577f8cb38d0b04ac95123253cb20d467bfc3f Mon Sep 17 00:00:00 2001 From: happysalada Date: Wed, 7 Apr 2021 20:45:34 +0900 Subject: [PATCH 10/17] nodejs: 15.13.0 -> 15.14.0 --- pkgs/development/web/nodejs/v15.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/web/nodejs/v15.nix b/pkgs/development/web/nodejs/v15.nix index 953b534e8504..d22c2f213b91 100644 --- a/pkgs/development/web/nodejs/v15.nix +++ b/pkgs/development/web/nodejs/v15.nix @@ -8,6 +8,6 @@ let in buildNodejs { inherit enableNpm; - version = "15.13.0"; - sha256 = "1wd859bxd8j97xl98k61g0vwcmy83wvjj04fgway38aapk9abp4h"; + version = "15.14.0"; + sha256 = "0vm6jdazqjd1plqsgngzvjrafv2d3mdahk6il4ray02gx97dq8l1"; } From 32a5b44b8d6215087f0c74332eafc25bb13662d6 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Wed, 7 Apr 2021 14:17:09 +0200 Subject: [PATCH 11/17] nixos/samba: remove bad example for "securityType" option Setting "security = share" causes silent failures. --- nixos/modules/services/network-filesystems/samba.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index d6e2904b3c36..78ea245cb351 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -156,7 +156,6 @@ in securityType = mkOption { type = types.str; default = "user"; - example = "share"; description = "Samba security type"; }; From 3660d282acaf1e00aecdb38fa9a4d848f599b8ba Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Wed, 7 Apr 2021 14:25:52 +0200 Subject: [PATCH 12/17] Revert "python3Packages.bokeh: 2.2.3 -> 2.3.0" This version of bokeh is apparently incompatible with the current panel (0.9.7). Using it results in all kind of missing models and modules. We should upgrade panel but it is not straightforward. Until then, bokeh should remain at 2.2. This reverts commit ba9b70bcfd2ea5fbceff3d824cff5339e4f85419. --- pkgs/development/python-modules/bokeh/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/bokeh/default.nix b/pkgs/development/python-modules/bokeh/default.nix index 67d5088bf7df..091b020efc25 100644 --- a/pkgs/development/python-modules/bokeh/default.nix +++ b/pkgs/development/python-modules/bokeh/default.nix @@ -33,11 +33,11 @@ buildPythonPackage rec { pname = "bokeh"; - version = "2.3.0"; + version = "2.2.3"; src = fetchPypi { inherit pname version; - sha256 = "dd417708f90702190222b1068a645acae99e66d4b58d7a336d545aeaa04e9b40"; + sha256 = "c4a3f97afe5f525019dd58ee8c4e3d43f53fe1b1ac264ccaae9b02c07b2abc17"; }; patches = [ From caf9668c8b4529321163176e3dd34449cc25605f Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Wed, 7 Apr 2021 14:31:47 +0200 Subject: [PATCH 13/17] ginkgo: 1.16.0 -> 1.16.1 Signed-off-by: Sascha Grunert --- pkgs/development/tools/ginkgo/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/ginkgo/default.nix b/pkgs/development/tools/ginkgo/default.nix index 75870e487046..e5883501f819 100644 --- a/pkgs/development/tools/ginkgo/default.nix +++ b/pkgs/development/tools/ginkgo/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "ginkgo"; - version = "1.16.0"; + version = "1.16.1"; src = fetchFromGitHub { owner = "onsi"; repo = "ginkgo"; rev = "v${version}"; - sha256 = "sha256-phVpOKgMhebkVQlMDO/9IrETe72hXTgyGJtlKipKgv0="; + sha256 = "sha256-nlNft9jOp8V8ks32LOb4wUTkRrXJ5K49gbHuRmCKz/0="; }; vendorSha256 = "sha256-tS8YCGVOsfQp02vY6brmE3pxi70GG9DYcp1JDkcVG9Y="; doCheck = false; From 99fd96f6a81de3f281763371fba289c3925c3f7c Mon Sep 17 00:00:00 2001 From: Sandro Date: Wed, 7 Apr 2021 15:04:07 +0200 Subject: [PATCH 14/17] pythonPackages.bokeh: add comment to update together with panel --- pkgs/development/python-modules/bokeh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/bokeh/default.nix b/pkgs/development/python-modules/bokeh/default.nix index 091b020efc25..9375aa22a3fe 100644 --- a/pkgs/development/python-modules/bokeh/default.nix +++ b/pkgs/development/python-modules/bokeh/default.nix @@ -33,7 +33,7 @@ buildPythonPackage rec { pname = "bokeh"; - version = "2.2.3"; + version = "2.2.3"; # update together with panel which is not straightforward src = fetchPypi { inherit pname version; From ab79e89081eb7ed0730314c8382a292c5a00e31b Mon Sep 17 00:00:00 2001 From: Sandro Date: Sat, 3 Apr 2021 17:27:32 +0200 Subject: [PATCH 15/17] zigbee2mqtt: add upgrade warning --- pkgs/servers/zigbee2mqtt/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/servers/zigbee2mqtt/default.nix b/pkgs/servers/zigbee2mqtt/default.nix index 85465fd7d145..2a7c31a47a0f 100644 --- a/pkgs/servers/zigbee2mqtt/default.nix +++ b/pkgs/servers/zigbee2mqtt/default.nix @@ -3,6 +3,8 @@ let package = (import ./node.nix { inherit pkgs system; }).package; in package.override rec { + # don't upgrade! Newer versions cause stack overflows and fail trunk-combined + # see https://github.com/NixOS/nixpkgs/pull/118400 version = "1.16.2"; reconstructLock = true; From 8030a8f456850cc2d1a2b6120a76d3c6d2949fa9 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Wed, 7 Apr 2021 15:30:34 +0200 Subject: [PATCH 16/17] home-assistant: enable cast tests --- pkgs/servers/home-assistant/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/servers/home-assistant/default.nix b/pkgs/servers/home-assistant/default.nix index c57ce7747248..11ce6ebb8ce7 100644 --- a/pkgs/servers/home-assistant/default.nix +++ b/pkgs/servers/home-assistant/default.nix @@ -188,6 +188,7 @@ in with py.pkgs; buildPythonApplication rec { "caldav" "calendar" "camera" + "cast" "climate" "cloud" "command_line" From e3c239fa551fb6c9c3e622ad43931cee6c6bd816 Mon Sep 17 00:00:00 2001 From: Jan Tojnar Date: Wed, 7 Apr 2021 15:33:13 +0200 Subject: [PATCH 17/17] gi-docgen: fix patch URL Fixes: https://github.com/NixOS/nixpkgs/issues/118728 --- pkgs/development/tools/documentation/gi-docgen/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/documentation/gi-docgen/default.nix b/pkgs/development/tools/documentation/gi-docgen/default.nix index 186045c9aa84..72b5364eb45d 100644 --- a/pkgs/development/tools/documentation/gi-docgen/default.nix +++ b/pkgs/development/tools/documentation/gi-docgen/default.nix @@ -24,7 +24,7 @@ python3.pkgs.buildPythonApplication rec { # Add pkg-config file so that Meson projects can find this. # https://gitlab.gnome.org/ebassi/gi-docgen/merge_requests/26 (fetchpatch { - url = "https://gitlab.gnome.org/ebassi/gi-docgen/commit/d65ed2e4827c4129d26e3c1df9a48054b4e72c50.patch"; + url = "https://gitlab.gnome.org/jtojnar/gi-docgen/commit/d65ed2e4827c4129d26e3c1df9a48054b4e72c50.patch"; sha256 = "BEefcHiAd/HTW5zo39J2WtfQjGXUkNFB6MDJj8/Ge80="; })