Merge remote-tracking branch 'upstream/master' into HEAD

NixOS · Nov 25, 2017 · d087463 · d087463
2 parents c06bc73 + 45a85ea
commit d087463
Show file tree

Hide file tree

Showing 50 changed files with 1,725 additions and 822 deletions.
diff --git a/doc/languages-frameworks/rust.md b/doc/languages-frameworks/rust.md
@@ -9,11 +9,12 @@ date: 2017-03-05
 To install the rust compiler and cargo put
 
 ```
-rust
+rustc
+cargo
 ```
 
 into the `environment.systemPackages` or bring them into
-scope with `nix-shell -p rust`.
+scope with `nix-shell -p rustc cargo`.
 
 For daily builds (beta and nightly) use either rustup from
 nixpkgs or use the [Rust nightlies

diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml
@@ -262,8 +262,18 @@ startAll;
     <literal>waitForWindow(qr/Terminal/)</literal>.</para></listitem>
   </varlistentry>
 
+  <varlistentry>
+    <term><methodname>copyFileFromHost</methodname></term>
+    <listitem><para>Copies a file from host to machine, e.g.,
+    <literal>copyFileFromHost("myfile", "/etc/my/important/file")</literal>.</para>
+    <para>The first argument is the file on the host. The file needs to be
+    accessible while building the nix derivation. The second argument is
+    the location of the file on the machine.</para>
+    </listitem>
+  </varlistentry>
+
 </variablelist>
 
 </para>
 
-</section>
+</section>
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -226,6 +226,7 @@
   ./services/hardware/bluetooth.nix
   ./services/hardware/brltty.nix
   ./services/hardware/freefall.nix
+  ./services/hardware/fwupd.nix
   ./services/hardware/illum.nix
   ./services/hardware/interception-tools.nix
   ./services/hardware/irqbalance.nix

diff --git a/nixos/modules/programs/sway.nix b/nixos/modules/programs/sway.nix
@@ -8,8 +8,11 @@ let
 
   swayWrapped = pkgs.writeScriptBin "sway" ''
     #! ${pkgs.stdenv.shell}
+    if [ "$1" != "" ]; then
+      sway-setcap "$@"
+      exit
+    fi
     ${cfg.extraSessionCommands}
-    PATH="${sway}/bin:$PATH"
     exec ${pkgs.dbus.dbus-launch} --exit-with-session sway-setcap
   '';
   swayJoined = pkgs.symlinkJoin {

diff --git a/nixos/modules/services/hardware/fwupd.nix b/nixos/modules/services/hardware/fwupd.nix
@@ -0,0 +1,90 @@
+# fwupd daemon.
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.fwupd;
+  originalEtc =
+    let
+      isRegular = v: v == "regular";
+      listFiles = d: builtins.attrNames (filterAttrs (const isRegular) (builtins.readDir d));
+      copiedDirs = [ "fwupd/remotes.d" "pki/fwupd" "pki/fwupd-metadata" ];
+      originalFiles = concatMap (d: map (f: "${d}/${f}") (listFiles "${pkgs.fwupd}/etc/${d}")) copiedDirs;
+      mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; };
+    in listToAttrs (map mkEtcFile originalFiles);
+  extraTrustedKeys =
+    let
+      mkName = p: "pki/fwupd/${baseNameOf (toString p)}";
+      mkEtcFile = p: nameValuePair (mkName p) { source = p; };
+    in listToAttrs (map mkEtcFile cfg.extraTrustedKeys);
+in {
+
+  ###### interface
+  options = {
+    services.fwupd = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable fwupd, a DBus service that allows
+          applications to update firmware.
+        '';
+      };
+
+      blacklistDevices = mkOption {
+        type = types.listOf types.string;
+        default = [];
+        example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ];
+        description = ''
+          Allow blacklisting specific devices by their GUID
+        '';
+      };
+
+      blacklistPlugins = mkOption {
+        type = types.listOf types.string;
+        default = [];
+        example = [ "udev" ];
+        description = ''
+          Allow blacklisting specific plugins
+        '';
+      };
+
+      extraTrustedKeys = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        example = literalExample "[ /etc/nixos/fwupd/myfirmware.pem ]";
+        description = ''
+          Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default.
+        '';
+      };
+    };
+  };
+
+
+  ###### implementation
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.fwupd ];
+
+    environment.etc = {
+      "fwupd/daemon.conf" = {
+        source = pkgs.writeText "daemon.conf" ''
+          [fwupd]
+          BlacklistDevices=${lib.concatStringsSep ";" cfg.blacklistDevices}
+          BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
+        '';
+      };
+    } // originalEtc // extraTrustedKeys;
+
+    services.dbus.packages = [ pkgs.fwupd ];
+
+    services.udev.packages = [ pkgs.fwupd ];
+
+    systemd.packages = [ pkgs.fwupd ];
+
+    systemd.tmpfiles.rules = [
+      "d /var/lib/fwupd 0755 root root -"
+    ];
+  };
+}
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
@@ -125,6 +125,9 @@ let
       ip46tables -t raw -N nixos-fw-rpfilter 2> /dev/null || true
       ip46tables -t raw -A nixos-fw-rpfilter -m rpfilter ${optionalString (cfg.checkReversePath == "loose") "--loose"} -j RETURN
 
+      # Allows this host to act as a DHCP4 client without first having to use APIPA
+      iptables -t raw -A nixos-fw-rpfilter -p udp --sport 67 --dport 68 -j RETURN
+
       # Allows this host to act as a DHCPv4 server
       iptables -t raw -A nixos-fw-rpfilter -s 0.0.0.0 -d 255.255.255.255 -p udp --sport 68 --dport 67 -j RETURN
 

diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
@@ -510,10 +510,10 @@ in {
               . " mklabel msdos"
               . " mkpart primary ext2 1M 100MB" # /boot
               . " mkpart extended 100M -1s"
-              . " mkpart logical 102M 1602M" # md0 (root), first device
-              . " mkpart logical 1603M 3103M" # md0 (root), second device
-              . " mkpart logical 3104M 3360M" # md1 (swap), first device
-              . " mkpart logical 3361M 3617M", # md1 (swap), second device
+              . " mkpart logical 102M 2102M" # md0 (root), first device
+              . " mkpart logical 2103M 4103M" # md0 (root), second device
+              . " mkpart logical 4104M 4360M" # md1 (swap), first device
+              . " mkpart logical 4361M 4617M", # md1 (swap), second device
               "udevadm settle",
               "ls -l /dev/vda* >&2",
               "cat /proc/partitions >&2",

diff --git a/pkgs/applications/altcoins/go-ethereum.nix b/pkgs/applications/altcoins/go-ethereum.nix
@@ -2,7 +2,7 @@
 
 buildGoPackage rec {
   name = "go-ethereum-${version}";
-  version = "1.7.2";
+  version = "1.7.3";
   goPackagePath = "github.com/ethereum/go-ethereum";
 
   # Fix for usb-related segmentation faults on darwin
@@ -16,7 +16,7 @@ buildGoPackage rec {
     owner = "ethereum";
     repo = "go-ethereum";
     rev = "v${version}";
-    sha256 = "11n77zlf8qixhx26sqf33v911716msi6h0z4ng8gxhzhznrn2nrd";
+    sha256 = "1w6rbq2qpjyf2v9mr18yiv2af1h2sgyvgrdk4bd8ixgl3qcd5b11";
   };
 
   meta = with stdenv.lib; {

diff --git a/pkgs/applications/altcoins/zcash/default.nix b/pkgs/applications/altcoins/zcash/default.nix
@@ -45,6 +45,6 @@ stdenv.mkDerivation rec {
     homepage = https://z.cash/;
     maintainers = with maintainers; [ rht ];
     license = licenses.mit;
-    platforms = platforms.unix;
+    platforms = platforms.linux;
   };
 }
diff --git a/pkgs/applications/editors/jetbrains/default.nix b/pkgs/applications/editors/jetbrains/default.nix
@@ -77,15 +77,15 @@ let
       };
     });
 
-  buildGogland = { name, version, src, license, description, wmClass, update-channel }:
+  buildGoland = { name, version, src, license, description, wmClass, update-channel }:
     lib.overrideDerivation (mkJetBrainsProduct {
       inherit name version src wmClass jdk;
-      product = "Gogland";
+      product = "Goland";
       meta = with stdenv.lib; {
         homepage = https://www.jetbrains.com/go/;
         inherit description license;
         longDescription = ''
-          Gogland is the codename for a new commercial IDE by JetBrains
+          Goland is the codename for a new commercial IDE by JetBrains
           aimed at providing an ergonomic environment for Go development.
           The new IDE extends the IntelliJ platform with the coding assistance
           and tool integrations specific for the Go language
@@ -96,9 +96,9 @@ let
     }) (attrs: {
       postFixup = (attrs.postFixup or "") + ''
         interp="$(cat $NIX_CC/nix-support/dynamic-linker)"
-        patchelf --set-interpreter $interp $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
+        patchelf --set-interpreter $interp $out/goland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
 
-        chmod +x $out/gogland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
+        chmod +x $out/goland*/plugins/intellij-go-plugin/lib/dlv/linux/dlv
       '';
     });
 
@@ -239,28 +239,28 @@ in
 
   datagrip = buildDataGrip rec {
     name = "datagrip-${version}";
-    version = "2017.2.2"; /* updated by script */
+    version = "2017.2.3"; /* updated by script */
     description = "Your Swiss Army Knife for Databases and SQL";
     license = stdenv.lib.licenses.unfree;
     src = fetchurl {
       url = "https://download.jetbrains.com/datagrip/${name}.tar.gz";
-      sha256 = "1l8y65fw9g5ckzwpcgigm2qwy8fhpw2hil576rphsnx6qvnh4swn"; /* updated by script */
+      sha256 = "0yp5h8ps5hfi07gsz14pp61skibfx48klg8qmc4f6q6xzcfdqxsf"; /* updated by script */
     };
     wmClass = "jetbrains-datagrip";
     update-channel = "datagrip_2017_2";
   };
 
-  gogland = buildGogland rec {
-    name = "gogland-${version}";
-    version = "173.2696.28"; /* updated by script */
+  goland = buildGoland rec {
+    name = "goland-${version}";
+    version = "173.3727.79"; /* updated by script */
     description = "Up and Coming Go IDE";
     license = stdenv.lib.licenses.unfree;
     src = fetchurl {
       url = "https://download.jetbrains.com/go/${name}.tar.gz";
-      sha256 = "07nz2pf7fnjxsvc82vihk2i880cji349czxzshr1dk50ixlydq7n"; /* updated by script */
+      sha256 = "0bmd7r3h76pg0s9m3i5qv7zfkcj3gannj0c12cw087b831ga7ccz"; /* updated by script */
     };
-    wmClass = "jetbrains-gogland";
-    update-channel = "gogland_1.0_EAP";
+    wmClass = "jetbrains-goland";
+    update-channel = "goland_1.0_EAP";
   };
 
   idea-community = buildIdea rec {

diff --git a/pkgs/applications/editors/texstudio/default.nix b/pkgs/applications/editors/texstudio/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "texstudio";
-  version = "2.12.4";
+  version = "2.12.6";
   name = "${pname}-${version}";
   altname="Texstudio";
 
   src = fetchurl {
     url = "mirror://sourceforge/texstudio/${name}.tar.gz";
-    sha256 = "03917faqyy0a1k6b86blc2fcards5a1819ydgkc4jlhwiaym4iyw";
+    sha256 = "18rxd7ra5k2f7s4c296b3v3pqhxjmfix9xpy9i1g4jm87ygqrbnd";
   };
 
   nativeBuildInputs = [ qmake4Hook pkgconfig ];

diff --git a/pkgs/applications/editors/vscode/default.nix b/pkgs/applications/editors/vscode/default.nix
@@ -2,7 +2,7 @@
   makeWrapper, libXScrnSaver, libxkbfile, libsecret }:
 
 let
-  version = "1.18.0";
+  version = "1.18.1";
   channel = "stable";
 
   plat = {
@@ -12,9 +12,9 @@ let
   }.${stdenv.system};
 
   sha256 = {
-    "i686-linux" = "0xwfnw15792lxr5npc71yyw5yyaqi3nifqgv6vpi8ibl6c8zs97d";
-    "x86_64-linux" = "0qzj2qrzbdk27mggh0f9fs3s99bffvnrnbsparbzdag5jjmry2py";
-    "x86_64-darwin" = "1g5rf6g9q9hh4gzg6nb37pyq9dpjj0wapivv5dsvmn0j3cp69cv4";
+    "i686-linux" = "13gs0spqkbxw4i3a0b060v5bi68zfkp3i8vqk41i0fkbshnc7c7i";
+    "x86_64-linux" = "0h7nfyrn4ybm9p1czjb48p3cd3970hpyn6pj8l4ir1hqygcq6dwi";
+    "x86_64-darwin" = "093k8s2msi0xz11wy2yf1rppwkx6kv5psgii4w44l59ji8qgpamk";
   }.${stdenv.system};
 
   archive_fmt = if stdenv.system == "x86_64-darwin" then "zip" else "tar.gz";

diff --git a/pkgs/applications/networking/cluster/terraform/default.nix b/pkgs/applications/networking/cluster/terraform/default.nix
@@ -91,8 +91,15 @@ in {
   };
 
   terraform_0_10 = pluggable (generic {
-    version = "0.10.7";
-    sha256 = "0gjvrra255m973nzi7rpqp5dn5npnd79cnv8vjcs7wmkdj1hli0l";
+    version = "0.10.8";
+    sha256 = "11hhij0hq99xhwlg5dx5nv7y074x79wkr8hr3wc6ln0kwdk5scdf";
+    patches = [ ./provider-path.patch ];
+    passthru = { inherit plugins; };
+  });
+
+  terraform_0_11 = pluggable (generic {
+    version = "0.11.0";
+    sha256 = "0qsydg6bn7k6d68pd1y4j5iys9i66c690yq21axcpnjfibxgqyff";
     patches = [ ./provider-path.patch ];
     passthru = { inherit plugins; };
   });