Merge branch 'master' into staging

Lots of rebuilds from master; at least some of them due to security.
NixOS · Nov 4, 2017 · eed6e0a · eed6e0a
2 parents 2c822b1 + bb87d2c
commit eed6e0a
Show file tree

Hide file tree

Showing 323 changed files with 10,626 additions and 22,815 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -8,51 +8,75 @@
 # Mentioned users will get code review requests.
 
 # This file
-.github/CODEOWNERS @edolstra
+/.github/CODEOWNERS @edolstra
 
 # Boostraping and core infra
-pkgs/stdenv/    @edolstra
-pkgs/build-support/cc-wrapper/  @edolstra
+/pkgs/stdenv                    @edolstra
+/pkgs/build-support/cc-wrapper  @edolstra
 
 # Libraries
-lib/  @edolstra
+/lib                        @edolstra @nbp
+
+# Nixpkgs Internals
+/default.nix                @nbp
+/pkgs/top-level/default.nix @nbp
+/pkgs/top-level/impure.nix  @nbp
+/pkgs/top-level/stage.nix   @nbp
+
+# NixOS Internals
+/nixos/default.nix          @nbp
+/nixos/lib/from-env.nix     @nbp
+/nixos/lib/eval-config.nix  @nbp
+/nixos/doc/manual/configuration/abstractions.xml      @nbp
+/nixos/doc/manual/configuration/config-file.xml       @nbp
+/nixos/doc/manual/configuration/config-syntax.xml     @nbp
+/nixos/doc/manual/configuration/modularity.xml        @nbp
+/nixos/doc/manual/development/assertions.xml          @nbp
+/nixos/doc/manual/development/meta-attributes.xml     @nbp
+/nixos/doc/manual/development/option-declarations.xml @nbp
+/nixos/doc/manual/development/option-def.xml          @nbp
+/nixos/doc/manual/development/option-types.xml        @nbp
+/nixos/doc/manual/development/replace-modules.xml     @nbp
+/nixos/doc/manual/development/writing-modules.xml     @nbp
+/nixos/doc/manual/man-nixos-option.xml                @nbp
+/nixos/modules/installer/tools/nixos-option.sh        @nbp
 
 # Python-related code and docs
-pkgs/top-level/python-packages.nix      @FRidh
-pkgs/development/interpreters/python/*  @FRidh
-pkgs/development/python-modules/*       @FRidh
-doc/languages-frameworks/python.md      @FRidh
+/pkgs/top-level/python-packages.nix     @FRidh
+/pkgs/development/interpreters/python   @FRidh
+/pkgs/development/python-modules        @FRidh
+/doc/languages-frameworks/python.md     @FRidh
 
 # Haskell
-pkgs/development/compilers/ghc                       @peti
-pkgs/development/haskell-modules                     @peti
-pkgs/development/haskell-modules/default.nix         @peti
-pkgs/development/haskell-modules/generic-builder.nix @peti
-pkgs/development/haskell-modules/hoogle.nix          @peti
+/pkgs/development/compilers/ghc                       @peti
+/pkgs/development/haskell-modules                     @peti
+/pkgs/development/haskell-modules/default.nix         @peti
+/pkgs/development/haskell-modules/generic-builder.nix @peti
+/pkgs/development/haskell-modules/hoogle.nix          @peti
 
 # R
-pkgs/applications/science/math/R @peti
-pkgs/development/r-modules       @peti
+/pkgs/applications/science/math/R   @peti
+/pkgs/development/r-modules         @peti
 
 # Ruby
-pkgs/development/interpreters/ruby/* @zimbatm
-pkgs/development/ruby-modules/*      @zimbatm
+/pkgs/development/interpreters/ruby @zimbatm
+/pkgs/development/ruby-modules      @zimbatm
 
 # Darwin-related
-/pkgs/stdenv/darwin/             @org/darwin-maintainers
-/pkgs/os-specific/darwin/        @org/darwin-maintainers
+/pkgs/stdenv/darwin         @NixOS/darwin-maintainers
+/pkgs/os-specific/darwin    @NixOS/darwin-maintainers
 
 # Beam-related (Erlang, Elixir, LFE, etc)
-pkgs/development/beam-modules/*	@gleber
-pkgs/development/interpreters/erlang/*	@gleber
-pkgs/development/interpreters/lfe/*	@gleber
-pkgs/development/interpreters/elixir/*	@gleber
-pkgs/development/tools/build-managers/rebar/*	@gleber
-pkgs/development/tools/build-managers/rebar3/*	@gleber
-pkgs/development/tools/erlang/*	@gleber
+/pkgs/development/beam-modules                  @gleber
+/pkgs/development/interpreters/erlang           @gleber
+/pkgs/development/interpreters/lfe              @gleber
+/pkgs/development/interpreters/elixir           @gleber
+/pkgs/development/tools/build-managers/rebar    @gleber
+/pkgs/development/tools/build-managers/rebar3   @gleber
+/pkgs/development/tools/erlang                  @gleber
 
 # Jetbrains
-pkgs/applications/editors/jetbrains @edwtjo
+/pkgs/applications/editors/jetbrains @edwtjo
 
 # Eclipse
-pkgs/applications/editors/eclipse @rycee
+/pkgs/applications/editors/eclipse @rycee
diff --git a/doc/configuration.xml b/doc/configuration.xml
@@ -55,6 +55,10 @@ configuration file located at
 </programlisting>
 </para>
 
+<para>Note that we are not able to test or build unfree software on Hydra
+due to policy. Most unfree licenses prohibit us from either executing or
+distributing the software.</para>
+
 <section xml:id="sec-allow-broken">
   <title>Installing broken packages</title>
 

diff --git a/doc/languages-frameworks/python.md b/doc/languages-frameworks/python.md
@@ -165,7 +165,7 @@ run the script in the `python3` shell.
 
 ```py
 #! /usr/bin/env nix-shell
-#! nix-shell -i 'python3.withPackages(ps: [ps.numpy])'
+#! nix-shell -i python3 -p "python3.withPackages(ps: [ps.numpy])"
 
 import numpy
 

diff --git a/doc/package-notes.xml b/doc/package-notes.xml
@@ -664,4 +664,34 @@ cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
 
 </section>
 
+<section xml:id="sec-weechat">
+<title>Weechat</title>
+<para>
+Weechat can currently be configured to include your choice of plugins.
+To make use of this functionality, install an expression that overrides its configuration such as
+<programlisting>weechat.override {configure = {availablePlugins, ...}: {
+        plugins = with availablePlugins; [ python perl ];
+    }
+}</programlisting>
+</para>
+<para>
+The plugins currently available are <literal>python</literal>,
+<literal>perl</literal>, <literal>ruby</literal>, <literal>guile</literal>,
+<literal>tcl</literal> and <literal>lua</literal>.
+</para>
+<para>
+The python plugin allows the addition of extra libraries. For instance,
+the <literal>inotify.py</literal> script in weechat-scripts requires
+D-Bus or libnotify, and the <literal>fish.py</literal> script requires
+pycrypto. To use these scripts, use the <literal>python</literal>
+plugin's <literal>withPackages</literal> attribute:
+<programlisting>weechat.override {configure = {availablePlugins, ...}: {
+    plugins = with availablePlugins; [
+            (python.withPackages (ps: with ps; [ pycrypto python-dbus ]))
+        ];
+    }
+}
+</programlisting>
+</para>
+</section>
 </chapter>
diff --git a/doc/stdenv.xml b/doc/stdenv.xml
@@ -698,8 +698,14 @@ nothing.</para>
     <listitem><para>A list of strings passed as additional flags to
     <command>make</command>.  These flags are also used by the default
     install and check phase.  For setting make flags specific to the
-    build phase, use <varname>buildFlags</varname> (see
-    below).</para></listitem>
+    build phase, use <varname>buildFlags</varname> (see below).
+
+<programlisting>
+makeFlags = [ "PREFIX=$(out)" ];
+</programlisting>
+
+    <note><para>The flags are quoted in bash, but environment variables can
+    be specified by using the make syntax.</para></note></para></listitem>
   </varlistentry>
 
   <varlistentry>

diff --git a/lib/maintainers.nix b/lib/maintainers.nix
@@ -44,6 +44,7 @@
   anderspapitto = "Anders Papitto <anderspapitto@gmail.com>";
   andir = "Andreas Rammhold <andreas@rammhold.de>";
   andres = "Andres Loeh <ksnixos@andres-loeh.de>";
+  andrestylianos = "Andre S. Ramos <andre.stylianos@gmail.com>";
   andrewrk = "Andrew Kelley <superjoe30@gmail.com>";
   andsild = "Anders Sildnes <andsild@gmail.com>";
   aneeshusa = "Aneesh Agrawal <aneeshusa@gmail.com>";
@@ -443,7 +444,7 @@
   nicknovitski = "Nick Novitski <nixpkgs@nicknovitski.com>";
   nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
   NikolaMandic = "Ratko Mladic <nikola@mandic.email>";
-  nixy = "Andrew R. M. <andrewmiller237@gmail.com>";
+  nixy = "Andrew R. M. <nixy@nixy.moe>";
   nocoolnametom = "Tom Doggett <nocoolnametom@gmail.com>";
   notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
   np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
@@ -585,6 +586,7 @@
   snyh = "Xia Bin <snyh@snyh.org>";
   solson = "Scott Olson <scott@solson.me>";
   sorpaas = "Wei Tang <hi@that.world>";
+  sorki = "Richard Marko <srk@48.io>";
   spacefrogg = "Michael Raitza <spacefrogg-nixos@meterriblecrew.net>";
   spencerjanssen = "Spencer Janssen <spencerjanssen@gmail.com>";
   spinus = "Tomasz Czyż <tomasz.czyz@gmail.com>";

diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -63,6 +63,15 @@ following incompatible changes:</para>
       pass literal dollar signs through Postfix, double them.
     </para>
   </listitem>
+  <listitem>
+    <para>
+      The <literal>postage</literal> package (for web-based PostgreSQL
+      administration) has been renamed to <literal>pgmanage</literal>. The
+      corresponding module has also been renamed. To migrate please rename all
+      <option>services.postage</option> options to
+      <option>services.pgmanage</option>.
+    </para>
+  </listitem>
 </itemizedlist>
 
 </section>

diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix
@@ -93,7 +93,7 @@ in
     hardware.opengl.extraPackages = mkOption {
       type = types.listOf types.package;
       default = [];
-      example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
+      example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]";
       description = ''
         Additional packages to add to OpenGL drivers. This can be used
         to add OpenCL drivers, VA-API/VDPAU drivers etc.

diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl
@@ -8,6 +8,7 @@
 use File::Slurp;
 use File::stat;
 
+umask(0022);
 
 sub uniq {
     my %seen;

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -185,7 +185,7 @@
   ./services/databases/neo4j.nix
   ./services/databases/openldap.nix
   ./services/databases/opentsdb.nix
-  ./services/databases/postage.nix
+  ./services/databases/pgmanage.nix
   ./services/databases/postgresql.nix
   ./services/databases/redis.nix
   ./services/databases/riak.nix

diff --git a/nixos/modules/programs/sway.nix b/nixos/modules/programs/sway.nix
@@ -10,7 +10,7 @@ let
     #! ${pkgs.stdenv.shell}
     ${cfg.extraSessionCommands}
     PATH="${sway}/bin:$PATH"
-    exec ${pkgs.dbus.dbus-launch} --exit-with-session "${sway}/bin/sway"
+    exec ${pkgs.dbus.dbus-launch} --exit-with-session sway-setcap
   '';
   swayJoined = pkgs.symlinkJoin {
     name = "sway-wrapped";
@@ -53,7 +53,8 @@ in
   config = mkIf cfg.enable {
     environment.systemPackages = [ swayJoined ] ++ cfg.extraPackages;
     security.wrappers.sway = {
-      source = "${swayJoined}/bin/sway";
+      program = "sway-setcap";
+      source = "${sway}/bin/sway";
       capabilities = "cap_sys_ptrace,cap_sys_tty_config=eip";
       owner = "root";
       group = "sway";

diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
@@ -139,6 +139,20 @@ in
         '';
       };
 
+      production = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          If set to true, use Let's Encrypt's production environment
+          instead of the staging environment. The main benefit of the
+          staging environment is to get much higher rate limits.
+
+          See
+          <literal>https://letsencrypt.org/docs/staging-environment</literal>
+          for more detail.
+        '';
+      };
+
       certs = mkOption {
         default = { };
         type = with types; attrsOf (submodule certOpts);
@@ -177,7 +191,9 @@ in
                 cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ]
                           ++ optionals (data.email != null) [ "--email" data.email ]
                           ++ concatMap (p: [ "-f" p ]) data.plugins
-                          ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains);
+                          ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)
+                          ++ (if cfg.production then []
+                              else ["--server" "https://acme-staging.api.letsencrypt.org/directory"]);
                 acmeService = {
                   description = "Renew ACME Certificate for ${cert}";
                   after = [ "network.target" "network-online.target" ];