Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 47f61c9d7f11
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 115c78c9b399
Choose a head ref
12 contributors

Commits on Feb 24, 2020

  1. maintainers: add lexuge

    @LEXUGE
    LEXUGE committed Feb 24, 2020
    Copy the full SHA
    9bdb928 View commit details

Commits on Mar 11, 2020

  1. duplicity: 0.8.10 -> 0.8.11.1596

    @B4dM4n
    B4dM4n committed Mar 11, 2020
    Copy the full SHA
    766f89d View commit details

Commits on Mar 12, 2020

  1. smartdns: init at 30

    @LEXUGE
    LEXUGE committed Mar 12, 2020
    Copy the full SHA
    25300d7 View commit details

Commits on Mar 14, 2020

  1. nix-generate-from-cpan: remove unkown license 

    Leave license empty when it is not provided. This prevents packages from
failing to build because the license is set to
`stdenv.lib.licenses.unkown`.

There will still be a warning about the unkown license.
    @ydlr
    ydlr committed Mar 14, 2020
    Copy the full SHA
    5e2beaf View commit details

  2. nix-generate-from-cpan: use Module::CoreList to detect core modules 

    The previous way of detecting core modules failed to filter "if" and
possibly other core modules.
    @ydlr
    ydlr committed Mar 14, 2020
    Copy the full SHA
    9035381 View commit details

  3. xfce4-12: remove alias

    @Ekleog
    Ekleog committed Mar 14, 2020
    Copy the full SHA
    175f9ef View commit details

Commits on Mar 15, 2020

  1. nixos/smartdns: init first generation config

    @LEXUGE
    LEXUGE committed Mar 15, 2020
    Copy the full SHA
    629d3ba View commit details

  2. retdec: fix build 

    The build was broken by the gcc9 update. Pinning to gcc8 for now.
    @timokau
    timokau committed Mar 15, 2020
    Copy the full SHA
    e5642d4 View commit details

  3. Merge pull request #82614 from Ekleog/xfce4-remove-alias 

    xfce4-12: remove alias
    @Ekleog
    Ekleog authored Mar 15, 2020
    Copy the full SHA
    7566b4f View commit details

  4. nixos/tpm2: init 

    This commit adds udev rules, the userspace resource manager and
PKCS#11 module support.
    @lschuermann
    lschuermann committed Mar 15, 2020
    Copy the full SHA
    156b879 View commit details

  5. Merge pull request #82541 from ydlr/nix-generate-from-cpan 

    nix-generate-from-cpan: remove "unkown" license and improve core module detection
    @rycee
    rycee authored Mar 15, 2020
    Copy the full SHA
    2fc67ac View commit details

  6. Merge pull request #82400 from B4dM4n/duplicity-update 

    duplicity: 0.8.10 -> 0.8.11.1596
    @jtojnar
    jtojnar authored Mar 15, 2020
    Copy the full SHA
    fb9b0e7 View commit details

  7. mariadb: remove withoutClient 

    When used as a global override, it breaks most of the options in the
mysql module, such as ensureDatabases, ensureUsers, initialDatabases,
initialScript.

We could use `.client` there, but if the reasoning behind this was
closure size reduction, we now end up with the same (or a bigger)
runtime closure and more complexity.

Apart from the options exposed by the mysql module, the client is also
likely to be required for local backups or DBA tasks anyways.

Instead of dealing with all the increased complexity of this for no
arguable benefit, let's just remove the `withoutClient` argument.
Storage space on mysql servers shouldn't be that much of an issue.

Closes #82428.
    @flokli
    flokli committed Mar 15, 2020
    Copy the full SHA
    4b8d66a View commit details

  8. nodePackages.coc-prettier: init

    @ersinakinci @adisbladis
    ersinakinci authored and adisbladis committed Mar 15, 2020
    Copy the full SHA
    47069c0 View commit details

  9. vimPlugins.overrides: add coc-prettier

    @ersinakinci @adisbladis
    ersinakinci authored and adisbladis committed Mar 15, 2020
    Copy the full SHA
    347479b View commit details

  10. neovim: use TMPDIR as home during initilizaiton

    @ersinakinci @adisbladis
    ersinakinci authored and adisbladis committed Mar 15, 2020
    Copy the full SHA
    588ca6e View commit details

  11. nodePackages: regenerate set

    @adisbladis
    adisbladis committed Mar 15, 2020
    Copy the full SHA
    79ca23b View commit details

  12. Merge pull request #72506 from earksiinni/ersin/vim-coc-prettier 

    vimPlugins.coc-prettier: Add override
    @adisbladis
    adisbladis authored Mar 15, 2020
    Copy the full SHA
    864be2e View commit details

  13. Merge pull request #82647 from timokau/retdec-fix 

    retdec: fix build
    @timokau
    timokau authored Mar 15, 2020
    Copy the full SHA
    2e68526 View commit details

  14. Merge pull request #80931 from LEXUGE/master 

    smartdns: init at 30
    @infinisil
    infinisil authored Mar 15, 2020
    Copy the full SHA
    779b7ff View commit details

  15. Merge pull request #72029 from lschuermann/tpm2-module 

    nixos/tpm2: init
    @infinisil
    infinisil authored Mar 15, 2020
    Copy the full SHA
    7c3f3e9 View commit details

  16. Merge pull request #82649 from flokli/mariadb-remove-without-client 

    mariadb: remove withoutClient
    @flokli
    flokli authored Mar 15, 2020
    Copy the full SHA
    115c78c View commit details
10 changes: 10 additions & 0 deletions maintainers/maintainer-list.nix
View file
Original file line number Diff line number Diff line change
@@ -4154,6 +4154,16 @@
githubId = 3425311;
name = "Antoine Eiche";
};
lexuge = {
name = "Harry Ying";
email = "lexugeyky@outlook.com";
github = "LEXUGE";
githubId = 13804737;
keys = [{
longkeyid = "rsa4096/0xAE53B4C2E58EDD45";
fingerprint = "7FE2 113A A08B 695A C8B8 DDE6 AE53 B4C2 E58E DD45";
}];
};
lheckemann = {
email = "git@sphalerite.org";
github = "lheckemann";
13 changes: 4 additions & 9 deletions maintainers/scripts/nix-generate-from-cpan.pl
View file
Original file line number Diff line number Diff line change
@@ -6,6 +6,7 @@

use CPAN::Meta();
use CPANPLUS::Backend();
use Module::CoreList;
use Getopt::Long::Descriptive qw( describe_options );
use JSON::PP qw( encode_json );
use Log::Log4perl qw(:easy);
@@ -164,7 +165,7 @@

# License not provided in metadata.
unknown => {
licenses => [qw( unknown )],
licenses => [],
amb => 1
}
);
@@ -278,14 +279,8 @@ sub get_deps {
foreach my $n ( $deps->required_modules ) {
next if $n eq "perl";

# Figure out whether the module is a core module by attempting
# to `use` the module in a pure Perl interpreter and checking
# whether it succeeded. Note, $^X is a magic variable holding
# the path to the running Perl interpreter.
if ( system("env -i $^X -M$n -e1 >/dev/null 2>&1") == 0 ) {
DEBUG("skipping Perl-builtin module $n");
next;
}
my @core = Module::CoreList->find_modules(qr/^$n$/);
next if (@core);

my $pkg = module_to_pkg( $cb, $n );

8 changes: 4 additions & 4 deletions nixos/doc/manual/release-notes/rl-2003.xml
View file
Original file line number Diff line number Diff line change
@@ -196,10 +196,10 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
</listitem>
<listitem>
<para>
There is now only one Xfce package-set and module. This means attributes, <literal>xfce4-14</literal>
<literal>xfce4-12</literal>, and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in future NixOS releases will be the latest released version of Xfce available at the
time during the releases development (if viable).
There is now only one Xfce package-set and module. This means that attributes <literal>xfce4-14</literal>
and <literal>xfceUnstable</literal> all now point to the latest Xfce 4.14
packages. And in the future NixOS releases will be the latest released version of Xfce available at the
time of the release's development (if viable).
</para>
</listitem>
<listitem>
2 changes: 2 additions & 0 deletions nixos/modules/module-list.nix
View file
Original file line number Diff line number Diff line change
@@ -200,6 +200,7 @@
./security/wrappers/default.nix
./security/sudo.nix
./security/systemd-confinement.nix
./security/tpm2.nix
./services/admin/oxidized.nix
./services/admin/salt/master.nix
./services/admin/salt/minion.nix
@@ -709,6 +710,7 @@
./services/networking/shorewall6.nix
./services/networking/shout.nix
./services/networking/sniproxy.nix
./services/networking/smartdns.nix
./services/networking/smokeping.nix
./services/networking/softether.nix
./services/networking/spacecookie.nix
185 changes: 185 additions & 0 deletions nixos/modules/security/tpm2.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
{ lib, pkgs, config, ... }:
let
cfg = config.security.tpm2;

# This snippet is taken from tpm2-tss/dist/tpm-udev.rules, but modified to allow custom user/groups
# The idea is that the tssUser is allowed to acess the TPM and kernel TPM resource manager, while
# the tssGroup is only allowed to access the kernel resource manager
# Therefore, if either of the two are null, the respective part isn't generated
udevRules = tssUser: tssGroup: ''
${lib.optionalString (tssUser != null) ''KERNEL=="tpm[0-9]*", MODE="0660", OWNER="${tssUser}"''}
${lib.optionalString (tssUser != null || tssGroup != null)
''KERNEL=="tpmrm[0-9]*", MODE="0660"''
+ lib.optionalString (tssUser != null) '', OWNER="${tssUser}"''
+ lib.optionalString (tssGroup != null) '', GROUP="${tssGroup}"''
}
'';

in {
options.security.tpm2 = {
enable = lib.mkEnableOption "Trusted Platform Module 2 support";

tssUser = lib.mkOption {
description = ''
Name of the tpm device-owner and service user, set if applyUdevRules is
set.
'';
type = lib.types.nullOr lib.types.str;
default = if cfg.abrmd.enable then "tss" else "root";
defaultText = ''"tss" when using the userspace resource manager,'' +
''"root" otherwise'';
};

tssGroup = lib.mkOption {
description = ''
Group of the tpm kernel resource manager (tpmrm) device-group, set if
applyUdevRules is set.
'';
type = lib.types.nullOr lib.types.str;
default = "tss";
};

applyUdevRules = lib.mkOption {
description = ''
Whether to make the /dev/tpm[0-9] devices accessible by the tssUser, or
the /dev/tpmrm[0-9] by tssGroup respectively
'';
type = lib.types.bool;
default = true;
};

abrmd = {
enable = lib.mkEnableOption ''
Trusted Platform 2 userspace resource manager daemon
'';

package = lib.mkOption {
description = "tpm2-abrmd package to use";
type = lib.types.package;
default = pkgs.tpm2-abrmd;
defaultText = "pkgs.tpm2-abrmd";
};
};

pkcs11 = {
enable = lib.mkEnableOption ''
TPM2 PKCS#11 tool and shared library in system path
(<literal>/run/current-system/sw/lib/libtpm2_pkcs11.so</literal>)
'';

package = lib.mkOption {
description = "tpm2-pkcs11 package to use";
type = lib.types.package;
default = pkgs.tpm2-pkcs11;
defaultText = "pkgs.tpm2-pkcs11";
};
};

tctiEnvironment = {
enable = lib.mkOption {
description = ''
Set common TCTI environment variables to the specified value.
The variables are
<itemizedlist>
<listitem>
<para>
<literal>TPM2TOOLS_TCTI</literal>
</para>
</listitem>
<listitem>
<para>
<literal>TPM2_PKCS11_TCTI</literal>
</para>
</listitem>
</itemizedlist>
'';
type = lib.types.bool;
default = false;
};

interface = lib.mkOption {
description = ''
The name of the TPM command transmission interface (TCTI) library to
use.
'';
type = lib.types.enum [ "tabrmd" "device" ];
default = "device";
};

deviceConf = lib.mkOption {
description = ''
Configuration part of the device TCTI, e.g. the path to the TPM device.
Applies if interface is set to "device".
The format is specified in the
<link xlink:href="https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md#tcti-options">
tpm2-tools repository</link>.
'';
type = lib.types.str;
default = "/dev/tpmrm0";
};

tabrmdConf = lib.mkOption {
description = ''
Configuration part of the tabrmd TCTI, like the D-Bus bus name.
Applies if interface is set to "tabrmd".
The format is specified in the
<link xlink:href="https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md#tcti-options">
tpm2-tools repository</link>.
'';
type = lib.types.str;
default = "bus_name=com.intel.tss2.Tabrmd";
};
};
};

config = lib.mkIf cfg.enable (lib.mkMerge [
{
# PKCS11 tools and library
environment.systemPackages = lib.mkIf cfg.pkcs11.enable [
(lib.getBin cfg.pkcs11.package)
(lib.getLib cfg.pkcs11.package)
];

services.udev.extraRules = lib.mkIf cfg.applyUdevRules
(udevRules cfg.tssUser cfg.tssGroup);

# Create the tss user and group only if the default value is used
users.users.${cfg.tssUser} = lib.mkIf (cfg.tssUser == "tss") {
isSystemUser = true;
};
users.groups.${cfg.tssGroup} = lib.mkIf (cfg.tssGroup == "tss") {};

environment.variables = lib.mkIf cfg.tctiEnvironment.enable (
lib.attrsets.genAttrs [
"TPM2TOOLS_TCTI"
"TPM2_PKCS11_TCTI"
] (_: ''${cfg.tctiEnvironment.interface}:${
if cfg.tctiEnvironment.interface == "tabrmd" then
cfg.tctiEnvironment.tabrmdConf
else
cfg.tctiEnvironment.deviceConf
}'')
);
}

(lib.mkIf cfg.abrmd.enable {
systemd.services."tpm2-abrmd" = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "dbus";
Restart = "always";
RestartSec = 30;
BusName = "com.intel.tss2.Tabrmd";
StandardOutput = "syslog";
ExecStart = "${cfg.abrmd.package}/bin/tpm2-abrmd";
User = "tss";
Group = "nogroup";
};
};

services.dbus.packages = lib.singleton cfg.abrmd.package;
})
]);

meta.maintainers = with lib.maintainers; [ lschuermann ];
}
61 changes: 61 additions & 0 deletions nixos/modules/services/networking/smartdns.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{ lib, pkgs, config, ... }:

with lib;

let
inherit (lib.types) attrsOf coercedTo listOf oneOf str int bool;
cfg = config.services.smartdns;

confFile = pkgs.writeText "smartdns.conf" (with generators;
toKeyValue {
mkKeyValue = mkKeyValueDefault {
mkValueString = v:
if isBool v then
if v then "yes" else "no"
else
mkValueStringDefault { } v;
} " ";
listsAsDuplicateKeys =
true; # Allowing duplications because we need to deal with multiple entries with the same key.
} cfg.settings);
in {
options.services.smartdns = {
enable = mkEnableOption "SmartDNS DNS server";

bindPort = mkOption {
type = types.port;
default = 53;
description = "DNS listening port number.";
};

settings = mkOption {
type =
let atom = oneOf [ str int bool ];
in attrsOf (coercedTo atom toList (listOf atom));
example = literalExample ''
{
bind = ":5353 -no-rule -group example";
cache-size = 4096;
server-tls = [ "8.8.8.8:853" "1.1.1.1:853" ];
server-https = "https://cloudflare-dns.com/dns-query -exclude-default-group";
prefetch-domain = true;
speed-check-mode = "ping,tcp:80";
};
'';
description = ''
A set that will be generated into configuration file, see the <link xlink:href="https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter">SmartDNS README</link> for details of configuration parameters.
You could override the options here like <option>services.smartdns.bindPort</option> by writing <literal>settings.bind = ":5353 -no-rule -group example";</literal>.
'';
};
};

config = lib.mkIf cfg.enable {
services.smartdns.settings.bind = mkDefault ":${toString cfg.bindPort}";

systemd.packages = [ pkgs.smartdns ];
systemd.services.smartdns.wantedBy = [ "multi-user.target" ];
environment.etc."smartdns/smartdns.conf".source = confFile;
environment.etc."default/smartdns".source =
"${pkgs.smartdns}/etc/default/smartdns";
};
}
10 changes: 10 additions & 0 deletions pkgs/applications/editors/neovim/wrapper.nix
View file
Original file line number Diff line number Diff line change
@@ -95,6 +95,16 @@ let
'' + optionalString (configure != {}) ''
echo "Generating remote plugin manifest"
export NVIM_RPLUGIN_MANIFEST=$out/rplugin.vim
# Some plugins assume that the home directory is accessible for
# initializing caches, temporary files, etc. Even if the plugin isn't
# actively used, it may throw an error as soon as Neovim is launched
# (e.g., inside an autoload script), causing manifest generation to
# fail. Therefore, let's create a fake home directory before generating
# the manifest, just to satisfy the needs of these plugins.
#
# See https://github.com/Yggdroot/LeaderF/blob/v1.21/autoload/lfMru.vim#L10
# for an example of this behavior.
export HOME="$(mktemp -d)"
# Launch neovim with a vimrc file containing only the generated plugin
# code. Pass various flags to disable temp file generation
# (swap/viminfo) and redirect errors to stderr.
2 changes: 1 addition & 1 deletion pkgs/desktops/xfce/core/xfwm4/default.nix
View file
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@
mkXfceDerivation {
category = "xfce";
pname = "xfwm4";
version = "4.14.0";
version = "4.14.0"; # TODO: remove xfce4-14 alias when this gets bumped

sha256 = "1z5aqij2d8n9wnha88b0qzkvss54jvqs8w1w5m3mzjl4c9mn9n8m";

2 changes: 1 addition & 1 deletion pkgs/development/node-packages/composition-v10.nix
View file
Original file line number Diff line number Diff line change
@@ -14,4 +14,4 @@ in
import ./node-packages-v10.nix {
inherit (pkgs) fetchurl fetchgit;
inherit nodeEnv;
}
}
2 changes: 1 addition & 1 deletion pkgs/development/node-packages/composition-v12.nix
View file
Original file line number Diff line number Diff line change
@@ -14,4 +14,4 @@ in
import ./node-packages-v12.nix {
inherit (pkgs) fetchurl fetchgit;
inherit nodeEnv;
}
}
4 changes: 2 additions & 2 deletions pkgs/development/node-packages/composition-v13.nix
View file
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@

{pkgs ? import <nixpkgs> {
inherit system;
}, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-13_x"}:
}, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-8_x"}:

let
nodeEnv = import ./node-env.nix {
@@ -14,4 +14,4 @@ in
import ./node-packages-v13.nix {
inherit (pkgs) fetchurl fetchgit;
inherit nodeEnv;
}
}
1 change: 1 addition & 0 deletions pkgs/development/node-packages/node-packages-v10.json
View file
Original file line number Diff line number Diff line change
@@ -17,6 +17,7 @@
, "browserify"
, "castnow"
, "clean-css"
, "coc-prettier"
, "coffee-script"
, "coinmon"
, "configurable-http-proxy"
Loading