Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 62b2bf3f8e8c
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: da92e0566d13
Choose a head ref
18 contributors

Commits on Mar 4, 2020

  1. tensorflow: 1.15.1 -> 1.15.2

    @dylex
    dylex committed Mar 4, 2020
    Copy the full SHA
    0a5ec49 View commit details

Commits on Mar 8, 2020

  1. fetchmail: update from version 6.3.26 to 6.4.2 

    The new version supports OpenSSL 1.x. Should be back-ported to
release-20.03.

See https://sourceforge.net/projects/fetchmail/files/branch_6.4/
for the changelog.

(cherry picked from commit 85befe9)
    @peti @tokudan
    peti authored and tokudan committed Mar 8, 2020

    Unverified

    The email in this signature doesn’t match the committer email.
    GPG key ID: 063CCCAD04182D32
    Expired
    Learn about vigilant mode
    Copy the full SHA
    9226f82 View commit details

  2. borgbackup: 1.1.10 → 1.1.11 

    Version 1.1.11 (2020-03-08)

Compatibility notes:

    When upgrading from borg 1.0.x to 1.1.x, please note:
        read all the compatibility notes for 1.1.0*, starting from 1.1.0b1.
        borg upgrade: you do not need to and you also should not run it.
        borg might ask some security-related questions once after upgrading. You can answer them either manually or via environment variable. One known case is if you use unencrypted repositories, then it will ask about a unknown unencrypted repository one time.
        your first backup with 1.1.x might be significantly slower (it might completely read, chunk, hash a lot files) - this is due to the --files-cache mode change (and happens every time you change mode). You can avoid the one-time slowdown by using the pre-1.1.0rc4-compatible mode (but that is less safe for detecting changed files than the default). See the --files-cache docs for details.
    1.1.11 removes WSL autodetection (Windows 10 Subsystem for Linux). If WSL still has a problem with sync_file_range, you need to set BORG_WORKAROUNDS=basesyncfile in the borg process environment to work around the WSL issue.

Fixes:

    fixed potential index corruption / data loss issue due to bug in hashindex_set, #4829 Please read and follow the more detailled notes close to the top of this document.
    upgrade bundled xxhash to 0.7.3, #4891 0.7.2 is the minimum requirement for correct operations on ARMv6 in non-fixup mode, where unaligned memory accesses cause bus errors. 0.7.3 adds some speedups and libxxhash 0.7.3 even has a pkg-config file now.
    upgrade bundled lz4 to 1.9.2
    upgrade bundled zstd to 1.4.4
    fix crash when upgrading erroneous hints file, #4922
    extract:
        fix KeyError for "partial" extraction, #4607
        fix "partial" extract for hardlinked contentless file types, #4725
        fix preloading for old (0.xx) remote servers, #4652
        fix confusing output of borg extract --list --strip-components, #4934
    delete: after double-force delete, warn about necessary repair, #4704
    create: give invalid repo error msg if repo config not found, #4411
    mount: fix FUSE mount missing st_birthtime, #4763 #4767
    check: do not stumble over invalid item key, #4845
    info: if the archive doesn't exist, print a pretty message, #4793
    SecurityManager.known(): check all files, #4614
    Repository.open: use stat() to check for repo dir, #4695
    Repository.check_can_create_repository: use stat() to check, #4695
    fix invalid archive error message
    fix optional/non-optional location arg, #4541
    commit-time free space calc: ignore bad compact map entries, #4796
    ignore EACCES (errno 13) when hardlinking the old config, #4730
    --prefix / -P: fix processing, avoid argparse issue, #4769

New features:

    enable placeholder usage in all extra archive arguments
    new BORG_WORKAROUNDS mechanism, basesyncfile, #4710
    recreate: support --timestamp option, #4745
    support platforms without os.link (e.g. Android with Termux), #4901 if we don't have os.link, we just extract another copy instead of making a hardlink.
    support linux platforms without sync_file_range (e.g. Android 7 with Termux), #4905

Other:

    ignore --stats when given with --dry-run, but continue, #4373
    add some ProgressIndicator msgids to code / fix docs, #4935
    elaborate on "Calculating size" message
    argparser: always use REPOSITORY in metavar, also use more consistent help phrasing.
    check: improve error output for matching index size, see #4829
    docs:
        changelog: add advisory about hashindex_set bug #4829
        better describe BORG_SECURITY_DIR, BORG_CACHE_DIR, #4919
        infos about cache security assumptions, #4900
        add FAQ describing difference between a local repo vs. repo on a server.
        document how to test exclusion patterns without performing an actual backup
        timestamps in the files cache are now usually ctime, #4583
        fix bad reference to borg compact (does not exist in 1.1), #4660
        create: borg 1.1 is not future any more
        extract: document limitation "needs empty destination", #4598
        how to supply a passphrase, use crypto devices, #4549
        fix osxfuse github link in installation docs
        add example of exclude-norecurse rule in help patterns
        update macOS Brew link
        add note about software for automating backups, #4581
        AUTHORS: mention copyright+license for bundled msgpack
        fix various code blocks in the docs, #4708
        updated docs to cover use of temp directory on remote, #4545
        add restore docs, #4670
        add a pull backup / push restore how-to, #1552
        add FAQ how to retain original paths, #4532
        explain difference between --exclude and --pattern, #4118
        add FAQs for SSH connection issues, #3866
        improve password FAQ, #4591
        reiterate that 'file cache names are absolute' in FAQ
    tests:
        cope with ANY error when importing pytest into borg.testsuite, #4652
        fix broken test that relied on improper zlib assumptions
        test_fuse: filter out selinux xattrs, #4574
    travis / vagrant:
        misc python versions removed / changed (due to openssl 1.1 compatibility) or added (3.7 and 3.8, for better borg compatibility testing)
        binary building is on python 3.5.9 now
    vagrant:
        add new boxes: ubuntu 18.04 and 20.04, debian 10
        update boxes: openindiana, darwin, netbsd
        remove old boxes: centos 6
        darwin: updated osxfuse to 3.10.4
        use debian/ubuntu pip/virtualenv packages
        rather use python 3.6.2 than 3.6.0, fixes coverage/sqlite3 issue
        use requirements.d/development.lock.txt to avoid compat issues
    travis:
        darwin: backport some install code / order from master
        remove deprecated keyword "sudo" from travis config
        allow osx builds to fail, #4955 this is due to travis-ci frequently being so slow that the OS X builds just fail because they exceed 50 minutes and get killed by travis.

(cherry picked from commit dbff9b5)
    @mweinelt
    mweinelt committed Mar 8, 2020

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    9e85946 View commit details

  3. buildbot: 2.6.0 -> 2.7.0 

    (cherry picked from commit 0a545f6)

cc #81283
    @r-ryantm @veprbl
    r-ryantm authored and veprbl committed Mar 8, 2020
    Copy the full SHA
    55cbe7d View commit details

  4. buildbot: 2.6.0 -> 2.7.0 (#81406) 

    (cherry picked from commit 07727db)

cc #81406
    @lopsided98 @veprbl
    lopsided98 authored and veprbl committed Mar 8, 2020
    Copy the full SHA
    645522a View commit details

  5. nixosTests.docker-tools: add bulk-layer test 

    A regression test for NixOS/nixpkgs#78744.

(cherry picked from commit baa78de)
Signed-off-by: Domen Kožar <domen@dev.si>
    @nlewo @domenkozar
    nlewo authored and domenkozar committed Mar 8, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    domenkozar Domen Kožar
    GPG key ID: C2FFBCAFD2C24246
    Verified
    Learn about vigilant mode
    Copy the full SHA
    c34efec View commit details

  6. nixosTests.docker-tools: Port to Python

    @tfc @domenkozar
    tfc authored and domenkozar committed Mar 8, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    domenkozar Domen Kožar
    GPG key ID: C2FFBCAFD2C24246
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f85b4f1 View commit details

  7. buildLayeredImage: Allow empty store, no paths to add 

    This is useful when buildLayeredImage is called in a generic way
that should allow simple (base) images to be built, which may not
reference any store paths.

(cherry picked from commit 6dab1b5)
Signed-off-by: Domen Kožar <domen@dev.si>
    @roberth @domenkozar
    roberth authored and domenkozar committed Mar 8, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    domenkozar Domen Kožar
    GPG key ID: C2FFBCAFD2C24246
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6b21029 View commit details

  8. Merge pull request #82054 from mweinelt/pr/20.03/borgbackup/1.1.11 

    [20.03] borgbackup: 1.1.10 → 1.1.11
    @flokli
    flokli authored Mar 8, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    30cd233 View commit details

Commits on Mar 9, 2020

  1. [20.03] sit: mark as broken 

    Dependencies in the Cargo.lock fail to build due to mutable self borrows.

Backport of NixOS/nixpkgs#82018

ZHF: NixOS/nixpkgs#80379

(cherry picked from commit a2514c2)
    @bhipple
    bhipple committed Mar 9, 2020
    Copy the full SHA
    a81880d View commit details

  2. [ZHF][20.03] heatseeker: 1.5.1 -> 1.7.1 

    Backport of NixOS/nixpkgs#82017

ZHF: #80379

(cherry picked from commit 9044bde)
    @bhipple
    bhipple committed Mar 9, 2020
    Copy the full SHA
    da79582 View commit details

  3. Merge pull request #82106 from bhipple/bp/sit 

    [20.03] sit: mark as broken
    @marsam
    marsam authored Mar 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    45138d3 View commit details

  4. [20.03] ion: mark as broken 

    Backport of NixOS/nixpkgs#82016

ZHF: #80379

(cherry picked from commit d5d648b)
    @bhipple
    bhipple committed Mar 9, 2020
    Copy the full SHA
    dde4748 View commit details

  5. Merge pull request #82108 from bhipple/bp/heatseeker 

    [20.03] heatseeker: 1.5.1 -> 1.7.1
    @marsam
    marsam authored Mar 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    d02d2b0 View commit details

  6. Merge pull request #82113 from bhipple/bp/ion 

    [20.03] ion: mark as broken
    @marsam
    marsam authored Mar 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    9c26d79 View commit details

  7. [20.03] procs: 0.9.6 -> 0.9.18 

    (cherry picked from commit c882a90)
    @bhipple
    bhipple committed Mar 9, 2020
    Copy the full SHA
    e76d4a0 View commit details

  8. youtube-dl: 2020.03.06 -> 2020.03.08 

    https://github.com/ytdl-org/youtube-dl/releases/tag/2020.03.08
(cherry picked from commit 134f8cc)
    @zowoq @Ma27
    zowoq authored and Ma27 committed Mar 9, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    Ma27 Maximilian Bosch
    GPG key ID: 091DBF4D1FC46B8E
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    3bc2b97 View commit details

  9. rkt: add CVEs 

    https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
(cherry picked from commit c4c936f)
    @zowoq @Mic92
    zowoq authored and Mic92 committed Mar 9, 2020

    Verified

    This commit was signed with the committer’s verified signature.
    Mic92 Jörg Thalheim
    GPG key ID: 003F2096411B5F92
    Verified
    Learn about vigilant mode
    Copy the full SHA
    58fa229 View commit details

  10. notable: update license to unfree 

    Notable used to be released under AGPL-v3 until v1.5.x but is is now
nonfree.

See https://github.com/notable/notable/blob/master/SOURCE_CODE.md

(cherry picked from commit 08edf7f)
    @lsix
    lsix committed Mar 9, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    lsix lsix
    GPG key ID: 02E1542BA66FB047
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    cd5d243 View commit details

  11. Merge pull request #82048 from tokudan/20.03/fetchmail642 

    fetchmail: 6.3.26 -> 6.4.2 [security] [20.03]
    @lsix
    lsix authored Mar 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7010635 View commit details

  12. Merge pull request #82126 from bhipple/bp/procs 

    [20.03] procs: 0.9.6 -> 0.9.18
    @marsam
    marsam authored Mar 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    0b5f073 View commit details

  13. python3Packages.acoustics: 0.2.3 -> 0.2.4 

    (cherry picked from commit 634ab6f)
    @FRidh
    FRidh committed Mar 9, 2020
    Copy the full SHA
    d95513b View commit details

  14. gitlab: 12.8.2 -> 12.8.5 (#82142) 

    https://about.gitlab.com/releases/2020/03/09/gitlab-12-8-5-released/
(cherry-picked from f391999)
    Milan committed Mar 9, 2020
    Copy the full SHA
    7f2658b View commit details

  15. Merge pull request #81772 from dylex/tensorflow 

    tensorflow: 1.15.1 -> 1.15.2
    @andir
    andir authored Mar 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6a662cb View commit details

  16. firefox: Fix AArch64 build 

     * The 'arm.patch' patch doesn't apply anymore.
 * The 'build-arm-libopus.patch' patch isn't required anymore.
 * See the mozilla phabricator link for the added patch.

Additionally, we are now *always* undconditionally applying all patches
to all architectures. That is, unless they have undesirable
side-effects, but those might not be fit for inclusion.

By applying all patches all the time, they'll be removed or replaced
when they stop applying.

(cherry picked from commit d4446c5)
    @samueldr
    samueldr committed Mar 9, 2020
    Copy the full SHA
    6291285 View commit details

  17. Merge pull request #82173 from samueldr/20.03/aarch64/firefox 

    [20.03] firefox: Fix AArch64 build
    @samueldr
    samueldr authored Mar 9, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    da92e05 View commit details
2 changes: 1 addition & 1 deletion nixos/tests/buildbot.nix
View file
Original file line number Diff line number Diff line change
@@ -41,7 +41,7 @@ import ./make-test-python.nix {
systemd.services.git-daemon = {
description = "Git daemon for the test";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
after = [ "network.target" "sshd.service" ];

serviceConfig.Restart = "always";
path = with pkgs; [ coreutils git openssh ];
221 changes: 146 additions & 75 deletions nixos/tests/docker-tools.nix
View file
Original file line number Diff line number Diff line change
@@ -1,87 +1,158 @@
# this test creates a simple GNU image with docker tools and sees if it executes

import ./make-test.nix ({ pkgs, ... }: {
import ./make-test-python.nix ({ pkgs, ... }: {
name = "docker-tools";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ lnl7 ];
};

nodes = {
docker =
{ ... }: {
virtualisation = {
diskSize = 2048;
docker.enable = true;
};
docker = { ... }: {
virtualisation = {
diskSize = 2048;
docker.enable = true;
};
};
};

testScript =
''
$docker->waitForUnit("sockets.target");
# Ensure Docker images use a stable date by default
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("[ '1970-01-01T00:00:01Z' = \"\$(docker inspect ${pkgs.dockerTools.examples.bash.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.bash.imageName} bash --version");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.bash.imageName}");
# Check if the nix store is correctly initialized by listing dependencies of the installed Nix binary
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nix}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.nix.imageName} nix-store -qR ${pkgs.nix}");
$docker->succeed("docker rmi ${pkgs.dockerTools.examples.nix.imageName}");
# To test the pullImage tool
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nixFromDockerHub}'");
$docker->succeed("docker run --rm nix:2.2.1 nix-store --version");
$docker->succeed("docker rmi nix:2.2.1");
# To test runAsRoot and entry point
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.nginx}'");
$docker->succeed("docker run --name nginx -d -p 8000:80 ${pkgs.dockerTools.examples.nginx.imageName}");
$docker->waitUntilSucceeds('curl http://localhost:8000/');
$docker->succeed("docker rm --force nginx");
$docker->succeed("docker rmi '${pkgs.dockerTools.examples.nginx.imageName}'");
# An pulled image can be used as base image
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.onTopOfPulledImage}'");
$docker->succeed("docker run --rm ontopofpulledimage hello");
$docker->succeed("docker rmi ontopofpulledimage");
# Regression test for issue #34779
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.runAsRootExtraCommands}'");
$docker->succeed("docker run --rm runasrootextracommands cat extraCommands");
$docker->succeed("docker run --rm runasrootextracommands cat runAsRoot");
$docker->succeed("docker rmi '${pkgs.dockerTools.examples.runAsRootExtraCommands.imageName}'");
# Ensure Docker images can use an unstable date
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.bash}'");
$docker->succeed("[ '1970-01-01T00:00:01Z' != \"\$(docker inspect ${pkgs.dockerTools.examples.unstableDate.imageName} | ${pkgs.jq}/bin/jq -r .[].Created)\" ]");
# Ensure Layered Docker images work
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-image}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-image.imageName}");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-image.imageName} cat extraCommands");
# Ensure building an image on top of a layered Docker images work
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-on-top}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-on-top.imageName}");
# Ensure layers are shared between images
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.another-layered-image}'");
$docker->succeed("docker inspect ${pkgs.dockerTools.examples.layered-image.imageName} | ${pkgs.jq}/bin/jq -r '.[] | .RootFS.Layers | .[]' | sort > layers1.sha256");
$docker->succeed("docker inspect ${pkgs.dockerTools.examples.another-layered-image.imageName} | ${pkgs.jq}/bin/jq -r '.[] | .RootFS.Layers | .[]' | sort > layers2.sha256");
$docker->succeed('[ $(comm -1 -2 layers1.sha256 layers2.sha256 | wc -l) -ne 0 ]');
# Ensure order of layers is correct
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layersOrder}'");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer1 | grep -q layer1");
# This is to be sure the order of layers of the parent image is preserved
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer2 | grep -q layer2");
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer3 | grep -q layer3");
# Ensure image with only 2 layers can be loaded
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.two-layered-image}'");
'';
testScript = with pkgs.dockerTools; ''
unix_time_second1 = "1970-01-01T00:00:01Z"
docker.wait_for_unit("sockets.target")
with subtest("Ensure Docker images use a stable date by default"):
docker.succeed(
"docker load --input='${examples.bash}'"
)
assert unix_time_second1 in docker.succeed(
"docker inspect ${examples.bash.imageName} "
+ "| ${pkgs.jq}/bin/jq -r .[].Created",
)
docker.succeed("docker run --rm ${examples.bash.imageName} bash --version")
docker.succeed("docker rmi ${examples.bash.imageName}")
with subtest(
"Check if the nix store is correctly initialized by listing "
"dependencies of the installed Nix binary"
):
docker.succeed(
"docker load --input='${examples.nix}'",
"docker run --rm ${examples.nix.imageName} nix-store -qR ${pkgs.nix}",
"docker rmi ${examples.nix.imageName}",
)
with subtest("The pullImage tool works"):
docker.succeed(
"docker load --input='${examples.nixFromDockerHub}'",
"docker run --rm nix:2.2.1 nix-store --version",
"docker rmi nix:2.2.1",
)
with subtest("runAsRoot and entry point work"):
docker.succeed(
"docker load --input='${examples.nginx}'",
"docker run --name nginx -d -p 8000:80 ${examples.nginx.imageName}",
)
docker.wait_until_succeeds("curl http://localhost:8000/")
docker.succeed(
"docker rm --force nginx", "docker rmi '${examples.nginx.imageName}'",
)
with subtest("A pulled image can be used as base image"):
docker.succeed(
"docker load --input='${examples.onTopOfPulledImage}'",
"docker run --rm ontopofpulledimage hello",
"docker rmi ontopofpulledimage",
)
with subtest("Regression test for issue #34779"):
docker.succeed(
"docker load --input='${examples.runAsRootExtraCommands}'",
"docker run --rm runasrootextracommands cat extraCommands",
"docker run --rm runasrootextracommands cat runAsRoot",
"docker rmi '${examples.runAsRootExtraCommands.imageName}'",
)
with subtest("Ensure Docker images can use an unstable date"):
docker.succeed(
"docker load --input='${examples.bash}'"
)
assert unix_time_second1 not in docker.succeed(
"docker inspect ${examples.unstableDate.imageName} "
+ "| ${pkgs.jq}/bin/jq -r .[].Created"
)
with subtest("Ensure Layered Docker images work"):
docker.succeed(
"docker load --input='${examples.layered-image}'",
"docker run --rm ${examples.layered-image.imageName}",
"docker run --rm ${examples.layered-image.imageName} cat extraCommands",
)
with subtest("Ensure building an image on top of a layered Docker images work"):
docker.succeed(
"docker load --input='${examples.layered-on-top}'",
"docker run --rm ${examples.layered-on-top.imageName}",
)
def set_of_layers(image_name):
return set(
docker.succeed(
f"docker inspect {image_name} "
+ "| ${pkgs.jq}/bin/jq -r '.[] | .RootFS.Layers | .[]'"
).split()
)
with subtest("Ensure layers are shared between images"):
docker.succeed(
"docker load --input='${examples.another-layered-image}'"
)
layers1 = set_of_layers("${examples.layered-image.imageName}")
layers2 = set_of_layers("${examples.another-layered-image.imageName}")
assert bool(layers1 & layers2)
with subtest("Ensure order of layers is correct"):
docker.succeed(
"docker load --input='${examples.layersOrder}'"
)
for index in 1, 2, 3:
assert f"layer{index}" in docker.succeed(
f"docker run --rm ${examples.layersOrder.imageName} cat /tmp/layer{index}"
)
with subtest("Ensure image with only 2 layers can be loaded"):
docker.succeed(
"docker load --input='${examples.two-layered-image}'"
)
with subtest(
"Ensure the bulk layer doesn't miss store paths (regression test for #78744)"
):
docker.succeed(
"docker load --input='${pkgs.dockerTools.examples.bulk-layer}'",
# Ensure the two output paths (ls and hello) are in the layer
"docker run bulk-layer ls /bin/hello",
)
with subtest("Ensure correct behavior when no store is needed"):
# This check tests two requirements simultaneously
# 1. buildLayeredImage can build images that don't need a store.
# 2. Layers of symlinks are eliminated by the customization layer.
#
docker.succeed(
"docker load --input='${pkgs.dockerTools.examples.no-store-paths}'"
)
# Busybox will not recognize argv[0] and print an error message with argv[0],
# but it confirms that the custom-true symlink is present.
docker.succeed("docker run --rm no-store-paths custom-true |& grep custom-true")
# This check may be loosened to allow an *empty* store rather than *no* store.
docker.succeed("docker run --rm no-store-paths ls /")
docker.fail("docker run --rm no-store-paths ls /nix/store")
'';
})
6 changes: 3 additions & 3 deletions pkgs/applications/misc/fetchmail/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
{ stdenv, fetchurl, openssl }:

let
version = "6.3.26";
version = "6.4.2";
in
stdenv.mkDerivation {
pname = "fetchmail";
inherit version;

src = fetchurl {
url = "mirror://sourceforge/fetchmail.berlios/fetchmail-${version}.tar.bz2";
sha256 = "08rafrs1dlr11myr0p99kg4k80qyy0fa63gg3ac88zn49174lwhw";
url = "mirror://sourceforge/fetchmail/fetchmail-${version}.tar.xz";
sha256 = "0c563if3kribnj771l14aj06irmrlhm61dc68w6dp7zj4qrnn7z2";
};

buildInputs = [ openssl ];
2 changes: 1 addition & 1 deletion pkgs/applications/misc/notable/default.nix
View file
Original file line number Diff line number Diff line change
@@ -23,7 +23,7 @@ appimageTools.wrapType2 rec {
meta = with lib; {
description = "The markdown-based note-taking app that doesn't suck";
homepage = https://github.com/notable/notable;
license = licenses.agpl3;
license = licenses.unfree;
platforms = [ "x86_64-linux" ];
maintainers = with maintainers; [ dtzWill ];
};
14 changes: 5 additions & 9 deletions pkgs/applications/networking/browsers/firefox/common.nix
View file
Original file line number Diff line number Diff line change
@@ -93,16 +93,12 @@ stdenv.mkDerivation ({

patches = [
./env_var_for_system_dir.patch
] ++ lib.optionals (stdenv.isAarch64) [
(fetchpatch {
url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/arm.patch";
sha256 = "1vbpih23imhv5r3g21m3m541z08n9n9j1nvmqax76bmyhn7mxp32";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/archlinuxarm/PKGBUILDs/09c7fa0dc1d87922e3b464c0fa084df1227fca79/extra/firefox/build-arm-libopus.patch";
sha256 = "1zg56v3lc346fkzcjjx21vjip2s9hb2xw4pvza1dsfdnhsnzppfp";
})
]
++ lib.optional (lib.versionAtLeast ffversion "73") (fetchpatch {
# https://phabricator.services.mozilla.com/D60667
url = "https://hg.mozilla.org/mozilla-central/raw-rev/b3d8b08265b800165d684281d19ac845a8ff9a66";
sha256 = "0b4s75w7sl619rglcjmlyvyibpj2ar5cpy6pnywl1xpd9qzyb27p";
})
++ patches;


8 changes: 4 additions & 4 deletions pkgs/applications/version-management/gitlab/data.json
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
{
"version": "12.8.2",
"repo_hash": "1d27s61kglryr5pashwfq55z7fh16fxkx1m4gc82xihwfzarf4x9",
"version": "12.8.5",
"repo_hash": "1y5606p793w1js39420jcd2bj42cripczgrdxgg2cq0r2kq8axk8",
"owner": "gitlab-org",
"repo": "gitlab",
"rev": "v12.8.2-ee",
"rev": "v12.8.5-ee",
"passthru": {
"GITALY_SERVER_VERSION": "12.8.2",
"GITALY_SERVER_VERSION": "12.8.5",
"GITLAB_PAGES_VERSION": "1.16.0",
"GITLAB_SHELL_VERSION": "11.0.0",
"GITLAB_WORKHORSE_VERSION": "8.21.0"
4 changes: 2 additions & 2 deletions pkgs/applications/version-management/gitlab/gitaly/default.nix
View file
Original file line number Diff line number Diff line change
@@ -19,14 +19,14 @@ let
};
};
in buildGoPackage rec {
version = "12.8.2";
version = "12.8.5";
pname = "gitaly";

src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
sha256 = "1zc44y5yl799vqg12w3iaivk4xwj9i4k6f198svplipa760nl9ic";
sha256 = "19pwffncihhywfac7ybry38vyj3pmdz66g5nqrvwn4xxw7ypvd24";
};

# Fix a check which assumes that hook files are writeable by their
4 changes: 2 additions & 2 deletions pkgs/applications/version-management/gitlab/gitaly/deps.nix
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion pkgs/applications/version-management/sit/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, rustPlatform, cmake, libzip, gnupg,
{ stdenv, fetchFromGitHub, rustPlatform, cmake, libzip, gnupg,
# Darwin
libiconv, CoreFoundation, Security }:

@@ -28,5 +28,8 @@ rustPlatform.buildRustPackage rec {
license = with licenses; [ asl20 /* or */ mit ];
maintainers = with maintainers; [ dywedir yrashk ];
platforms = platforms.all;
# Upstream has not had a release in several years, and dependencies no
# longer compile with the latest Rust compiler.
broken = true;
};
}
5 changes: 5 additions & 0 deletions pkgs/applications/virtualization/rkt/default.nix
View file
Original file line number Diff line number Diff line change
@@ -69,5 +69,10 @@ in stdenv.mkDerivation rec {
license = licenses.asl20;
maintainers = with maintainers; [ ragge steveej ];
platforms = [ "x86_64-linux" ];
knownVulnerabilities = [
"CVE-2019-10144: processes run with `rkt enter` are given all capabilities during stage 2"
"CVE-2019-10145: processes run with `rkt enter` do not have seccomp filtering during stage 2"
"CVE-2019-10147: processes run with `rkt enter` are not limited by cgroups during stage 2"
];
};
}
9 changes: 5 additions & 4 deletions pkgs/build-support/docker/default.nix
View file
Original file line number Diff line number Diff line change
@@ -319,6 +319,8 @@ rec {
enableParallelBuilding = true;
}
''
mkdir layers
# Delete impurities for store path layers, so they don't get
# shared and taint other projects.
cat ${configJson} \
@@ -330,13 +332,12 @@ rec {
# created, and that no paths are missed. If you change the
# following head and tail call lines, double-check that your
# code behaves properly when the number of layers equals:
# maxLayers-1, maxLayers, and maxLayers+1
# maxLayers-1, maxLayers, and maxLayers+1, 0
paths() {
cat $paths ${lib.concatMapStringsSep " " (path: "| grep -v ${path}") (closures ++ [ overallClosure ])}
cat $paths ${lib.concatMapStringsSep " " (path: "| (grep -v ${path} || true)") (closures ++ [ overallClosure ])}
}
# We need to sponge to avoid grep broken pipe error when maxLayers == 1
paths | sponge | head -n $((maxLayers - 1)) | cat -n | xargs -r -P$NIX_BUILD_CORES -n2 ${storePathToLayer}
paths | head -n $((maxLayers - 1)) | cat -n | xargs -r -P$NIX_BUILD_CORES -n2 ${storePathToLayer}
if [ $(paths | wc -l) -ge $maxLayers ]; then
paths | tail -n+$maxLayers | xargs ${storePathToLayer} $maxLayers
fi
34 changes: 34 additions & 0 deletions pkgs/build-support/docker/examples.nix
View file
Original file line number Diff line number Diff line change
@@ -246,4 +246,38 @@ rec {
contents = [ pkgs.bash pkgs.hello ];
maxLayers = 2;
};

# 16. Create a layered image with more packages than max layers.
# coreutils and hello are part of the same layer
bulk-layer = pkgs.dockerTools.buildLayeredImage {
name = "bulk-layer";
tag = "latest";
contents = with pkgs; [
coreutils hello
];
maxLayers = 2;
};

# 17. Create a "layered" image without nix store layers. This is not
# recommended, but can be useful for base images in rare cases.
no-store-paths = pkgs.dockerTools.buildLayeredImage {
name = "no-store-paths";
tag = "latest";
extraCommands = ''
chmod a+w bin
# This removes sharing of busybox and is not recommended. We do this
# to make the example suitable as a test case with working binaries.
cp -r ${pkgs.pkgsStatic.busybox}/* .
'';
contents = [
# This layer has no dependencies and its symlinks will be dereferenced
# when creating the customization layer.
(pkgs.runCommand "layer-to-flatten" {} ''
mkdir -p $out/bin
ln -s /bin/true $out/bin/custom-true
''
)
];
};
}
4 changes: 2 additions & 2 deletions pkgs/development/python-modules/acoustics/default.nix
View file
Original file line number Diff line number Diff line change
@@ -3,14 +3,14 @@

buildPythonPackage rec {
pname = "acoustics";
version = "0.2.3";
version = "0.2.4";

checkInputs = [ pytest ];
propagatedBuildInputs = [ numpy scipy matplotlib pandas tabulate ];

src = fetchPypi {
inherit pname version;
sha256 = "ca663059d61fbd2899aed4e3cedbc3f983aa67afd3ae1617db3c59b724206fb3";
sha256 = "8ccb68ac258ba81a0b9064523e85eae013f9bfce7244d01db42d7d2d21d712cc";
};

checkPhase = ''
7 changes: 4 additions & 3 deletions pkgs/development/python-modules/buildbot/default.nix
View file
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
sqlalchemy_migrate, dateutil, txaio, autobahn, pyjwt, pyyaml, treq,
txrequests, pyjade, boto3, moto, mock, python-lz4, setuptoolsTrial,
isort, pylint, flake8, buildbot-worker, buildbot-pkg, buildbot-plugins,
parameterized, git, openssh, glibcLocales }:
parameterized, git, openssh, glibcLocales, nixosTests }:

let
withPlugins = plugins: buildPythonPackage {
@@ -25,11 +25,11 @@ let

package = buildPythonPackage rec {
pname = "buildbot";
version = "2.6.0";
version = "2.7.0";

src = fetchPypi {
inherit pname version;
sha256 = "1l3ajhy68jddbgbizaa5hq65lgqkll6389hss4p2j36cbxbn7hiv";
sha256 = "0jj8fh611n7xc3vsfbgpqsllp38cfj3spkr2kz3ara2x7jvh3406";
};

propagatedBuildInputs = [
@@ -91,6 +91,7 @@ let

passthru = {
inherit withPlugins;
tests.buildbot = nixosTests.buildbot;
};

meta = with lib; {
4 changes: 2 additions & 2 deletions pkgs/development/python-modules/buildbot/pkg.nix
View file
Original file line number Diff line number Diff line change
@@ -2,11 +2,11 @@

buildPythonPackage rec {
pname = "buildbot-pkg";
version = "2.6.0";
version = "2.7.0";

src = fetchPypi {
inherit pname version;
sha256 = "07ynk46c9h47ibbdm93h15xbrzflsl4llm0jr4c8pm6krs6byb4z";
sha256 = "03zb09r8w8dvd9qas7h6gdwlqc7q482ikph6h3708lpnkn72xdkb";
};

postPatch = ''
14 changes: 6 additions & 8 deletions pkgs/development/python-modules/buildbot/plugins.nix
View file
Original file line number Diff line number Diff line change
@@ -7,14 +7,12 @@

src = fetchPypi {
inherit pname version;
sha256 = "0njix8g6g1dgfviick55p9calm82nnkhhgkikh7a5yvqk524cprg";
sha256 = "1d8xdk4rq4p3fw03cvz7d1pmpjjbyrnzzjifzv46q88vk7jakgxi";
};

# Remove unneccessary circular dependency on buildbot
postPatch = ''
sed -i setup.py \
-e "/import buildbot/d" \
-e "s/'buildbot',//"
sed -i "s/'buildbot'//" setup.py
'';

buildInputs = [ buildbot-pkg mock ];
@@ -36,7 +34,7 @@

src = fetchPypi {
inherit pname version;
sha256 = "1wmay9bbb1wwf0zh9rw95swmdc7bxabgvx2n6dyyzs4p8k92px10";
sha256 = "03pl75avi6cmmhjvfn0a0b4drn35yv37kvgn04zjdwa3m6p3haa8";
};

buildInputs = [ buildbot-pkg ];
@@ -58,7 +56,7 @@

src = fetchPypi {
inherit pname version;
sha256 = "14b28vpkk68yk6zmdd64n7izb1r3barb7y711n4g37skqd13jygb";
sha256 = "0rzjk3qmlvid8qag3r00zaszchncl1nl8l2yapvc1zqh2dqlln58";
};

buildInputs = [ buildbot-pkg ];
@@ -80,7 +78,7 @@

src = fetchPypi {
inherit pname version;
sha256 = "1m8kbycjq7jsl72xbrzjj48hb65r53lfxx78yvlnhc2f9ian5vnh";
sha256 = "1n4j73y9kwfqk7dz1fh1bpan68vlpnbz7idxpmsphyay8w8y9dd4";
};

buildInputs = [ buildbot-pkg ];
@@ -102,7 +100,7 @@

src = fetchPypi {
inherit pname version;
sha256 = "1sbp13qimv8kc7dp0xz1pmda1x1n4948zgrz2pc45rwlbbn5h69r";
sha256 = "1babkcgxczs6zfk2b6jmsy2vwbrgdydrp2px1mfwa3wmv8fwlssg";
};

buildInputs = [ buildbot-pkg ];
4 changes: 2 additions & 2 deletions pkgs/development/python-modules/buildbot/worker.nix
View file
Original file line number Diff line number Diff line change
@@ -3,11 +3,11 @@

buildPythonPackage (rec {
pname = "buildbot-worker";
version = "2.6.0";
version = "2.7.0";

src = fetchPypi {
inherit pname version;
sha256 = "0hr42fp3sw6c59qahihm9440618z7prwsy4z0ax553zvw47pc22l";
sha256 = "1vwy46acvczgk1hhpsqdwpcw55j4hm5pkw6j01f92axiga8r5jk6";
};

propagatedBuildInputs = [ twisted future ];
8 changes: 4 additions & 4 deletions pkgs/development/python-modules/tensorflow/default.nix
View file
Original file line number Diff line number Diff line change
@@ -69,7 +69,7 @@ let

tfFeature = x: if x then "1" else "0";

version = "1.15.1";
version = "1.15.2";
variant = if cudaSupport then "-gpu" else "";
pname = "tensorflow${variant}";

@@ -100,7 +100,7 @@ let
owner = "tensorflow";
repo = "tensorflow";
rev = "v${version}";
sha256 = "1j8vysfblkyydrr67qr3i7kvaq5ygnjlx8hw9a9pc95ac462jq7i";
sha256 = "1q0848drjvnaaa38dgns8knmpmkj5plzsc98j20m5ybv68s55w78";
};

patches = [
@@ -297,9 +297,9 @@ let

# cudaSupport causes fetch of ncclArchive, resulting in different hashes
sha256 = if cudaSupport then
"1p544yk7jcspgc4qr4amw11ds16c2an5yxvagx5pmwawz0s083pf"
"05fx3jwgdh1nlr1kfy6w3mlbl5m8165lggcqgk5mpxx4kzicvr1y"
else
"1dqbw3k3avqiy9xpgs44l6z65ab5rjjlxwig8z7gcl7fw9h6sbq9";
"0q0rwsb2yginqm6vv11zmbs7z2rdk7blyg5fk2jjkmkjrwzpazzg";
};

buildAttrs = {
4 changes: 2 additions & 2 deletions pkgs/development/python-modules/tensorflow/lift-gast-restriction.patch
View file
Original file line number Diff line number Diff line change
@@ -3,9 +3,9 @@ index 992f2eae22..d9386f9b13 100644
--- a/tensorflow/tools/pip_package/setup.py
+++ b/tensorflow/tools/pip_package/setup.py
@@ -54,7 +54,7 @@ REQUIRED_PACKAGES = [
'astor >= 0.6.0',
'backports.weakref >= 1.0rc1;python_version<"3.4"',
'enum34 >= 1.1.6;python_version<"3.4"',
# functools comes with python3, need to install the backport for python2
'functools32 >= 3.2.3;python_version<"3"',
- 'gast == 0.2.2',
+ 'gast >= 0.2.2',
'google_pasta >= 0.1.6',
6 changes: 4 additions & 2 deletions pkgs/shells/ion/default.nix
View file
Original file line number Diff line number Diff line change
@@ -21,10 +21,12 @@ buildRustPackage rec {
license = licenses.mit;
maintainers = with maintainers; [ dywedir ];
platforms = platforms.all;
broken = stdenv.isDarwin;
# This has not had a release since 2017, and no longer compiles with the
# latest Rust compiler.
broken = false;
};

passthru = {
shellPath = "/bin/ion";
shellPath = "/bin/ion";
};
}
6 changes: 3 additions & 3 deletions pkgs/tools/admin/procs/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,16 +2,16 @@

rustPlatform.buildRustPackage rec {
pname = "procs";
version = "0.9.6";
version = "0.9.18";

src = fetchFromGitHub {
owner = "dalance";
repo = pname;
rev = "v${version}";
sha256 = "06q18ynb4r9dcxc690291z9vvll9rfpc8j1gkkgfav2f1xdndzq3";
sha256 = "0bqaj4a56h26sgiw2r453k6f252sy6lrb71ammr0ki3bqqqjhvdi";
};

cargoSha256 = "11wv02nn6gp32zzcd6kmsh6ky0dzyk1qqhb5vxvmq2nxhxjlddwv";
cargoSha256 = "1fvb2gk7ab799d16fiq0sb0fxs5ha1jg38wfm58k15nnn5c1hmrc";

buildInputs = stdenv.lib.optional stdenv.isDarwin Security;

6 changes: 3 additions & 3 deletions pkgs/tools/backup/borg/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,11 +2,11 @@

python3.pkgs.buildPythonApplication rec {
pname = "borgbackup";
version = "1.1.10";
version = "1.1.11";

src = python3.pkgs.fetchPypi {
inherit pname version;
sha256 = "1pp70p4n5kamvcbl4d8021ggrxhyykmg9isjg4yd3wags8b19d7g";
sha256 = "190gjzx83b6p64nqj840x382dgz9gfv0gm7wj585lnkrpa90j29n";
};

nativeBuildInputs = with python3.pkgs; [
@@ -58,7 +58,7 @@ python3.pkgs.buildPythonApplication rec {
HOME=$(mktemp -d) py.test --pyargs borg.testsuite
'';

# 63 failures, needs pytest-benchmark
# 64 failures, needs pytest-benchmark
doCheck = false;

meta = with stdenv.lib; {
12 changes: 5 additions & 7 deletions pkgs/tools/misc/heatseeker/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,25 @@
{ stdenv, fetchFromGitHub, rustPlatform }:

with rustPlatform;

buildRustPackage rec {
rustPlatform.buildRustPackage rec {
pname = "heatseeker";
version = "1.5.1";
version = "1.7.1";

src = fetchFromGitHub {
owner = "rschmitt";
repo = "heatseeker";
rev = "v${version}";
sha256 = "1fcrbjwnhcz71i70ppy0rcgk5crwwmbkm9nrk1kapvks33pv0az7";
sha256 = "1x7mdyf1m17s55f6yjdr1j510kb7a8f3zkd7lb2kzdc7nd3vgaxg";
};

cargoSha256 = "0m3sxbz1iii31s30cnv1970i1mwfhl6gm19k8wv0n7zji30ayx07";
cargoSha256 = "0qfjsgfywp3brmmkp6nmwnwp0gwljyi3ddfa35kzfqylsdn1x91b";

# some tests require a tty, this variable turns them off for Travis CI,
# which we can also make use of
TRAVIS = "true";

meta = with stdenv.lib; {
description = "A general-purpose fuzzy selector";
homepage = https://github.com/rschmitt/heatseeker;
homepage = "https://github.com/rschmitt/heatseeker";
license = licenses.mit;
maintainers = [ maintainers.michaelpj ];
platforms = platforms.unix;
4 changes: 2 additions & 2 deletions pkgs/tools/misc/youtube-dl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -18,11 +18,11 @@ buildPythonPackage rec {
# The websites youtube-dl deals with are a very moving target. That means that
# downloads break constantly. Because of that, updates should always be backported
# to the latest stable release.
version = "2020.03.06";
version = "2020.03.08";

src = fetchurl {
url = "https://yt-dl.org/downloads/${version}/${pname}-${version}.tar.gz";
sha256 = "16c10rgkjrjv115w4r7gsr9hcakqq5s2cg250b1hwvxdsxqp8vnv";
sha256 = "1xbka14wnalcqkhibfcqw8f5bw1m9b1f44719yifv1jk0614q4bn";
};

nativeBuildInputs = [ makeWrapper ];
4 changes: 1 addition & 3 deletions pkgs/top-level/all-packages.nix
View file
Original file line number Diff line number Diff line change
@@ -18907,9 +18907,7 @@ in

fehlstart = callPackage ../applications/misc/fehlstart { };

fetchmail = callPackage ../applications/misc/fetchmail {
openssl = openssl_1_0_2;
};
fetchmail = callPackage ../applications/misc/fetchmail { };

fff = callPackage ../applications/misc/fff { };