Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: a6f3555ccb0f
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 35fe837b6259
Choose a head ref
  • 9 commits
  • 10 files changed
  • 6 contributors

Commits on Mar 27, 2020

  1. poetry2nix: 1.6.1 -> 1.7.0

    @adisbladis
    adisbladis committed Mar 27, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    176cb5c View commit details

  2. poetry2nix: 1.7.0 -> 1.7.1

    @adisbladis
    adisbladis committed Mar 27, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    d940214 View commit details

Commits on Mar 28, 2020

  1. ion: 1.0.5 -> unstable-2020-03-22 

    The app is still maintained upstream, but they aren't cutting releases on
crates.io anymore:
https://crates.io/crates/ion-shell

This fixes the build with the latest Rust toolchain by upgrading to the current
commit off the project's `master`.

ZHF: #80379

(cherry picked from commit 16cdff0)
    @bhipple
    bhipple committed Mar 28, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    409e70d View commit details

  2. Merge pull request #83550 from bhipple/bp/ion 

    [20.03] ion: 1.0.5 -> unstable-2020-03-22
    @worldofpeace
    worldofpeace authored Mar 28, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    3488803 View commit details

  3. python27Packages.gym: 0.15.4 -> 0.16.0 

    Fixes broken build by backporting NixOS/nixpkgs#81577
and previous update.

CC @NixOS/nixos-release-managers

ZHF: #80379

(cherry picked from commit 908c6e8214a3933d43f55f5c4ae6df0572c34568)
    @r-ryantm @bhipple
    r-ryantm authored and bhipple committed Mar 28, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    9bd852f View commit details

  4. pounce: 1.0p1 -> 1.1 

    (cherry picked from commit 88e4258)
    @alyssais @bhipple
    alyssais authored and bhipple committed Mar 28, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    34b75d1 View commit details

  5. Merge pull request #83558 from bhipple/bp/pounce 

    [20.03] pounce: 1.0p1 -> 1.1 to fix build
    @worldofpeace
    worldofpeace authored Mar 28, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7780ba4 View commit details

  6. Merge pull request #83553 from bhipple/bp/gym 

    [20.03] python27Packages.gym: 0.15.4 -> 0.16.0 to fix build
    @worldofpeace
    worldofpeace authored Mar 28, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    16d4f17 View commit details

  7. nginx: Fix ETag patch to ignore realpath(3) error 

    While our ETag patch works pretty fine if it comes to serving data off
store paths, it unfortunately broke something that might be a bit more
common, namely when using regexes to extract path components of
location directives for example.

Recently, @devhell has reported a bug with a nginx location directive
like this:

  location ~^/\~([a-z0-9_]+)(/.*)?$" {
    alias /home/$1/public_html$2;
  }

While this might look harmless at first glance, it does however cause
issues with our ETag patch. The alias directive gets broken up by nginx
like this:

  *2 http script copy: "/home/"
  *2 http script capture: "foo"
  *2 http script copy: "/public_html/"
  *2 http script capture: "bar.txt"

In our patch however, we use realpath(3) to get the canonicalised path
from ngx_http_core_loc_conf_s.root, which returns the *configured* value
from the root or alias directive. So in the example above, realpath(3)
boils down to the following syscalls:

  lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory)

During my review[1] of the initial patch, I didn't actually notice that
what we're doing here is returning NGX_ERROR if the realpath(3) call
fails, which in turn causes an HTTP 500 error.

Since our patch actually made the canonicalisation (and thus additional
syscalls) necessary, we really shouldn't introduce an additional error
so let's - at least for now - silently skip return value if realpath(3)
has failed.

However since we're using the unaltered root from the config we have
another issue, consider this root:

  /nix/store/...-abcde/$1

Calling realpath(3) on this path will fail (except if there's a file
called "$1" of course), so even this fix is not enough because it
results in the ETag not being set to the store path hash.

While this is very ugly and we should fix this very soon, it's not as
serious as getting HTTP 500 errors for serving static files.

I added a small NixOS VM test, which uses the example above as a
regression test.

It seems that my memory is failing these days, since apparently I *knew*
about this issue since digging for existing issues in nixpkgs, I found
this similar pull request which I even reviewed:

NixOS/nixpkgs#66532

However, since the comments weren't addressed and the author hasn't
responded to the pull request, I decided to keep this very commit and do
a follow-up pull request.

[1]: NixOS/nixpkgs#48337

Signed-off-by: aszlig <aszlig@nix.build>
Reported-by: @devhell
Acked-by: @7c6f434c
Acked-by: @yorickvP
Merges: NixOS/nixpkgs#80671
Fixes: NixOS/nixpkgs#66532
(cherry picked from commit e1d63ad)
    @aszlig
    aszlig committed Mar 28, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lucasfernog Lucas Fernandes Nogueira
    GPG key ID: FFEA6C72E73482F1
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    35fe837 View commit details
1 change: 1 addition & 0 deletions nixos/tests/all-tests.nix
View file
Original file line number Diff line number Diff line change
@@ -206,6 +206,7 @@ in
nghttpx = handleTest ./nghttpx.nix {};
nginx = handleTest ./nginx.nix {};
nginx-etag = handleTest ./nginx-etag.nix {};
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
nginx-sso = handleTest ./nginx-sso.nix {};
nix-ssh-serve = handleTest ./nix-ssh-serve.nix {};
nixos-generate-config = handleTest ./nixos-generate-config.nix {};
20 changes: 20 additions & 0 deletions nixos/tests/nginx-pubhtml.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import ./make-test-python.nix {
name = "nginx-pubhtml";

machine = { pkgs, ... }: {
services.nginx.enable = true;
services.nginx.virtualHosts.localhost = {
locations."~ ^/\\~([a-z0-9_]+)(/.*)?$".alias = "/home/$1/public_html$2";
};
users.users.foo.isNormalUser = true;
};

testScript = ''
machine.wait_for_unit("nginx")
machine.wait_for_open_port(80)
machine.succeed("chmod 0711 /home/foo")
machine.succeed("su -c 'mkdir -p /home/foo/public_html' foo")
machine.succeed("su -c 'echo bar > /home/foo/public_html/bar.txt' foo")
machine.succeed('test "$(curl -fvvv http://localhost/~foo/bar.txt)" = bar')
'';
}
6 changes: 3 additions & 3 deletions pkgs/development/python-modules/gym/default.nix
View file
Original file line number Diff line number Diff line change
@@ -5,11 +5,11 @@

buildPythonPackage rec {
pname = "gym";
version = "0.15.4";
version = "0.16.0";

src = fetchPypi {
inherit pname version;
sha256 = "3b930cbe1c76bbd30455b5e82ba723dea94159a5f988e927f443324bf7cc7ddd";
sha256 = "06h5b639nmzhmy4m1j3vigm86iv5pv7k8jy6xpldyd4jdlf37nn5";
};

postPatch = ''
@@ -26,7 +26,7 @@ buildPythonPackage rec {

meta = with lib; {
description = "A toolkit by OpenAI for developing and comparing your reinforcement learning agents";
homepage = https://gym.openai.com/;
homepage = "https://gym.openai.com/";
license = licenses.mit;
maintainers = with maintainers; [ hyphon81 ];
};
17 changes: 11 additions & 6 deletions pkgs/development/tools/poetry2nix/poetry2nix/bin/poetry2nix
View file
Original file line number Diff line number Diff line change
@@ -8,11 +8,16 @@ import json
import sys


argparser = argparse.ArgumentParser(description="Generate overrides for git hashes",)
argparser.add_argument(
argparser = argparse.ArgumentParser(description="Poetry2nix CLI")

subparsers = argparser.add_subparsers(dest="subcommand")
subparsers.required = True

parser_lock = subparsers.add_parser("lock", help="Generate overrides for git hashes",)
parser_lock.add_argument(
"--lock", default="poetry.lock", help="Path to input poetry.lock",
)
argparser.add_argument(
parser_lock.add_argument(
"--out", default="poetry-git-overlay.nix", help="Output file",
)

@@ -74,7 +79,7 @@ if __name__ == "__main__":
indent(
textwrap.dedent(
"""
%s = super.%s.overrideAttrs (
%s = super.%s.overridePythonAttrs (
_: {
src = pkgs.fetchgit {
url = "%s";
@@ -92,7 +97,7 @@ if __name__ == "__main__":

expr = "\n".join(lines)

with open(args.out, "w") as f:
f.write(expr)
with open(args.out, "w") as fout:
fout.write(expr)

print(f"Wrote {args.out}")
3 changes: 2 additions & 1 deletion pkgs/development/tools/poetry2nix/poetry2nix/default.nix
View file
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ let
inherit (poetryLib) isCompatible readTOML;

# Poetry2nix version
version = "1.6.1";
version = "1.7.1";

/* The default list of poetry2nix override overlays */
defaultPoetryOverrides = (import ./overrides.nix { inherit pkgs lib; });
@@ -79,6 +79,7 @@ let
source = pkgMeta.source or null;
files = lockFiles.${name};
pythonPackages = self;
sourceSpec = pyProject.tool.poetry.dependencies.${name} or pyProject.tool.poetry.dev-dependencies.${name};
}
);
}
2 changes: 2 additions & 0 deletions pkgs/development/tools/poetry2nix/poetry2nix/mk-poetry-dep.nix
View file
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@
, pythonPackages
, python-versions
, pwd
, sourceSpec
, supportedExtensions ? lib.importJSON ./extensions.json
, ...
}:
@@ -147,6 +148,7 @@ pythonPackages.callPackage (
builtins.fetchGit {
inherit (source) url;
rev = source.reference;
ref = sourceSpec.branch or sourceSpec.rev or sourceSpec.tag or "HEAD";
}
) else if isLocal then (poetryLib.cleanPythonSources { src = localDepPath; }) else fetchFromPypi {
pname = name;
102 changes: 54 additions & 48 deletions pkgs/development/tools/poetry2nix/poetry2nix/overrides.nix
View file

Large diffs are not rendered by default.

29 changes: 15 additions & 14 deletions pkgs/servers/http/nginx/nix-etag-1.15.4.patch
View file
Original file line number Diff line number Diff line change
@@ -2,38 +2,35 @@ This patch makes it possible to serve static content from Nix store paths, by
using the hash of the store path for the ETag header.

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
index cb49ef74..f88dc77c 100644
index cb49ef74..7b456993 100644
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -1583,6 +1583,7 @@ ngx_http_set_etag(ngx_http_request_t *r)
@@ -1583,6 +1583,8 @@ ngx_http_set_etag(ngx_http_request_t *r)
{
ngx_table_elt_t *etag;
ngx_http_core_loc_conf_t *clcf;
+ u_char *real, *ptr1, *ptr2;
+ ngx_err_t err;

clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);

@@ -1598,16 +1599,62 @@ ngx_http_set_etag(ngx_http_request_t *r)
@@ -1598,16 +1600,60 @@ ngx_http_set_etag(ngx_http_request_t *r)
etag->hash = 1;
ngx_str_set(&etag->key, "ETag");

- etag->value.data = ngx_pnalloc(r->pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3);
- if (etag->value.data == NULL) {
- etag->hash = 0;
- return NGX_ERROR;
+ err = ngx_errno;
+ real = ngx_realpath(clcf->root.data, NULL);
+ ngx_set_errno(err);
+
+ if (real == NULL) {
etag->hash = 0;
return NGX_ERROR;
}

- etag->value.len = ngx_sprintf(etag->value.data, "\"%xT-%xO\"",
- r->headers_out.last_modified_time,
- r->headers_out.content_length_n)
- - etag->value.data;
+ #define NIX_STORE_DIR "@nixStoreDir@"
+ #define NIX_STORE_LEN @nixStoreDirLen@
+
+ if (r->headers_out.last_modified_time == 1
+ && real != NULL
+ && !ngx_strncmp(real, NIX_STORE_DIR, NIX_STORE_LEN)
+ && real[NIX_STORE_LEN] == '/'
+ && real[NIX_STORE_LEN + 1] != '\0')
@@ -76,8 +73,12 @@ index cb49ef74..f88dc77c 100644
+ r->headers_out.last_modified_time,
+ r->headers_out.content_length_n)
+ - etag->value.data;
+ }
+
}

- etag->value.len = ngx_sprintf(etag->value.data, "\"%xT-%xO\"",
- r->headers_out.last_modified_time,
- r->headers_out.content_length_n)
- - etag->value.data;
+ ngx_free(real);

r->headers_out.etag = etag;
24 changes: 3 additions & 21 deletions pkgs/servers/pounce/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,31 +2,13 @@

stdenv.mkDerivation rec {
pname = "pounce";
version = "1.0p1";
version = "1.1";

src = fetchzip {
url = "https://code.causal.agency/june/pounce/archive/${version}.zip";
sha256 = "1fh1cf15ybl962n7x70hlg7zfcmpwgq6q90s74d3jhawmjj01syw";
url = "https://git.causal.agency/pounce/snapshot/pounce-${version}.tar.gz";
sha256 = "07iyh6ikrlf7y57k462jcr00db6aijk9b2s7n7l7i49hk7kmm6wq";
};

patches = [
# Don't always create ${ETCDIR}/rc.d
(fetchpatch {
url = https://code.causal.agency/june/pounce/commit/db65889605a2fa5352e90a573b7584a6b7a59dd5.patch;
sha256 = "0bxhig72g4q0hs8lb7g8lb7kf0w9jdy22qwm9yndlwrdw3vi36zq";
})
# Simplify Linux.mk
(fetchpatch {
url = https://code.causal.agency/june/pounce/commit/b7dc2e3439a37d23d4847e130b37ece39b8efdd7.patch;
sha256 = "0c2pa6w9abkmaaq4957arfmpsrn933vcrs4a2da785v57pgkj4lq";
})
# Reference openssl(1) by absolute path
(fetchpatch {
url = https://code.causal.agency/june/pounce/commit/973f19b4fe73ef956fbb4eeaf963bbb83c926203.patch;
sha256 = "1w4rhwqfcakzb9a6afq788rrsypay0rw75bjk2f3l66spjb7v3ps";
})
];

buildInputs = [ libressl ];

configurePhase = "ln -s Linux.mk config.mk";
17 changes: 6 additions & 11 deletions pkgs/shells/ion/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,24 @@
{ stdenv, fetchFromGitHub, rustPlatform }:

with rustPlatform;

buildRustPackage rec {
rustPlatform.buildRustPackage rec {
pname = "ion";
version = "1.0.5";
version = "unstable-2020-03-22";

src = fetchFromGitHub {
owner = "redox-os";
repo = "ion";
rev = version;
sha256 = "0i0acl5nw254mw8dbfmb4792rr71is98a5wg32yylfnlrk7zlf8z";
rev = "1fbd29a6d539faa6eb0f3186a361e208d0a0bc05";
sha256 = "0r5c87cs8jlc9kpb6bi2aypldw1lngf6gzjirf13gi7iy4q08ik7";
};

cargoSha256 = "1hs01b1rhbpafxlhw661k907rznqhcgyng85njkb99bg4lxwxaap";
cargoSha256 = "0rpq2zy7563z00i1ms0pyyyaplr3hlfagj8c4syc0dw0vbkqhzzw";

meta = with stdenv.lib; {
description = "Modern system shell with simple (and powerful) syntax";
homepage = https://github.com/redox-os/ion;
homepage = "https://gitlab.redox-os.org/redox-os/ion";
license = licenses.mit;
maintainers = with maintainers; [ dywedir ];
platforms = platforms.all;
# This has not had a release since 2017, and no longer compiles with the
# latest Rust compiler.
broken = false;
};

passthru = {