Merge remote-tracking branch 'upstream/master' into staging

Conflicts: pkgs/build-support/fetchbower/default.nix pkgs/build-support/fetchdarcs/default.nix pkgs/build-support/fetchgx/default.nix pkgs/development/python-modules/botocore/default.nix pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix pkgs/tools/admin/awscli/default.nix
NixOS · Jan 14, 2018 · 6ed0fe7 · 6ed0fe7
2 parents c08042b + b986078
commit 6ed0fe7
Show file tree

Hide file tree

Showing 410 changed files with 41,189 additions and 37,575 deletions.
diff --git a/doc/cross-compilation.xml b/doc/cross-compilation.xml
@@ -61,7 +61,7 @@
         <listitem>
           <para>
             The "target platform" attribute is, unlike the other two attributes, not actually fundamental to the process of building software.
-            Instead, it is only relevant for compatability with building certain specific compilers and build tools.
+            Instead, it is only relevant for compatibility with building certain specific compilers and build tools.
             It can be safely ignored for all other packages.
           </para>
           <para>
@@ -162,7 +162,7 @@
     <para>
       A runtime dependency between 2 packages implies that between them both the host and target platforms match.
       This is directly implied by the meaning of "host platform" and "runtime dependency":
-      The package dependency exists while both packages are runnign on a single host platform.
+      The package dependency exists while both packages are running on a single host platform.
     </para>
     <para>
       A build time dependency, however, implies a shift in platforms between the depending package and the depended-on package.

diff --git a/doc/stdenv.xml b/doc/stdenv.xml
@@ -995,13 +995,14 @@ but only if the <varname>doCheck</varname> variable is enabled.</para>
 
   <varlistentry>
     <term><varname>doCheck</varname></term>
-    <listitem><para>If set to a non-empty string, the check phase is
-    executed, otherwise it is skipped (default).  Thus you should set
-
-    <programlisting>
-doCheck = true;</programlisting>
-
-    in the derivation to enable checks.</para></listitem>
+    <listitem><para>
+      Controls whether the check phase is executed.
+      By default it is skipped, but if <varname>doCheck</varname> is set to true, the check phase is usually executed.
+      Thus you should set <programlisting>doCheck = true;</programlisting> in the derivation to enable checks.
+      The exception is cross compilation.
+      Cross compiled builds never run tests, no matter how <varname>doCheck</varname> is set,
+      as the newly-built program won't run on the platform used to build it.
+    </para></listitem>
   </varlistentry>
 
   <varlistentry>
@@ -1280,12 +1281,14 @@ installcheck</command>.</para>
 
   <varlistentry>
     <term><varname>doInstallCheck</varname></term>
-    <listitem><para>If set to a non-empty string, the installCheck phase is
-    executed, otherwise it is skipped (default).  Thus you should set
-
-    <programlisting>doInstallCheck = true;</programlisting>
-
-    in the derivation to enable install checks.</para></listitem>
+    <listitem><para>
+      Controls whether the installCheck phase is executed.
+      By default it is skipped, but if <varname>doInstallCheck</varname> is set to true, the installCheck phase is usually executed.
+      Thus you should set <programlisting>doInstallCheck = true;</programlisting> in the derivation to enable install checks.
+      The exception is cross compilation.
+      Cross compiled builds never run tests, no matter how <varname>doInstallCheck</varname> is set,
+      as the newly-built program won't run on the platform used to build it.
+    </para></listitem>
   </varlistentry>
 
   <varlistentry>

diff --git a/lib/default.nix b/lib/default.nix
@@ -93,7 +93,7 @@ let
       hiPrioSet;
     inherit (sources) pathType pathIsDirectory cleanSourceFilter
       cleanSource sourceByRegex sourceFilesBySuffices
-      commitIdFromGitRepo;
+      commitIdFromGitRepo cleanSourceWith pathHasContext canCleanSource;
     inherit (modules) evalModules closeModules unifyModuleSyntax
       applyIfFunction unpackSubmodule packSubmodule mergeModules
       mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions

diff --git a/lib/maintainers.nix b/lib/maintainers.nix
@@ -127,7 +127,7 @@
   ciil = "Simon Lackerbauer <simon@lackerbauer.com>";
   ck3d = "Christian Kögler <ck3d@gmx.de>";
   ckampka = "Christian Kampka <christian@kampka.net>";
-  ckauhaus = "Christian Kauhaus <christian@kauhaus.de>";
+  ckauhaus = "Christian Kauhaus <kc@flyingcircus.io>";
   cko = "Christine Koppelt <christine.koppelt@gmail.com>";
   cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
   cmcdragonkai = "Roger Qiu <roger.qiu@matrix.ai>";
@@ -389,6 +389,7 @@
   lufia = "Kyohei Kadota <lufia@lufia.org>";
   luispedro = "Luis Pedro Coelho <luis@luispedro.org>";
   lukego = "Luke Gorrie <luke@snabb.co>";
+  luz = "Luz <luz666@daum.net>";
   lw = "Sergey Sofeychuk <lw@fmap.me>";
   lyt = "Tim Liou <wheatdoge@gmail.com>";
   m3tti = "Mathaeus Sander <mathaeus.peter.sander@gmail.com>";
@@ -505,6 +506,7 @@
   pakhfn = "Fedor Pakhomov <pakhfn@gmail.com>";
   panaeon = "Vitalii Voloshyn <vitalii.voloshyn@gmail.com";
   paperdigits = "Mica Semrick <mica@silentumbrella.com>";
+  paraseba = "Sebastian Galkin <paraseba@gmail.com>";
   pashev = "Igor Pashev <pashev.igor@gmail.com>";
   patternspandemic = "Brad Christensen <patternspandemic@live.com>";
   pawelpacana = "Paweł Pacana <pawel.pacana@gmail.com>";
@@ -593,6 +595,7 @@
   rzetterberg = "Richard Zetterberg <richard.zetterberg@gmail.com>";
   s1lvester = "Markus Silvester <s1lvester@bockhacker.me>";
   samdroid-apps = "Sam Parkinson <sam@sam.today>";
+  samueldr = "Samuel Dionne-Riel <samuel@dionne-riel.com>";
   samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
   sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
   sargon = "Daniel Ehlers <danielehlers@mindeye.net>";
@@ -603,6 +606,7 @@
   scolobb = "Sergiu Ivanov <sivanov@colimite.fr>";
   sdll = "Sasha Illarionov <sasha.delly@gmail.com>";
   SeanZicari = "Sean Zicari <sean.zicari@gmail.com>";
+  sellout = "Greg Pfeil <greg@technomadic.org>";
   sepi = "Raffael Mancini <raffael@mancini.lu>";
   seppeljordan = "Sebastian Jordan <sebastian.jordan.mail@googlemail.com>";
   shanemikel = "Shane Pearlman <shanemikel1@gmail.com>";
@@ -638,6 +642,7 @@
   sternenseemann = "Lukas Epple <post@lukasepple.de>";
   stesie = "Stefan Siegl <stesie@brokenpipe.de>";
   steveej = "Stefan Junker <mail@stefanjunker.de>";
+  StillerHarpo = "Florian Engel <florianengel39@gmail.com>";
   stumoss = "Stuart Moss <samoss@gmail.com>";
   SuprDewd = "Bjarki Ágúst Guðmundsson <suprdewd@gmail.com>";
   swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
@@ -729,6 +734,7 @@
   wyvie = "Elijah Rum <elijahrum@gmail.com>";
   xaverdh = "Dominik Xaver Hörl <hoe.dom@gmx.de>";
   xnwdd = "Guillermo NWDD <nwdd+nixos@no.team>";
+  xurei = "Olivier Bourdoux <olivier.bourdoux@gmail.com>";
   xvapx = "Marti Serra <marti.serra.coscollano@gmail.com>";
   xwvvvvwx = "David Terry <davidterry@posteo.de>";
   xzfc = "Albert Safin <xzfcpw@gmail.com>";

diff --git a/lib/sources.nix b/lib/sources.nix
@@ -26,14 +26,35 @@ rec {
     (type == "symlink" && lib.hasPrefix "result" baseName)
   );
 
-  cleanSource = builtins.filterSource cleanSourceFilter;
+  cleanSource = src: cleanSourceWith { filter = cleanSourceFilter; inherit src; };
+
+  # Like `builtins.filterSource`, except it will compose with itself,
+  # allowing you to chain multiple calls together without any
+  # intermediate copies being put in the nix store.
+  #
+  #     lib.cleanSourceWith f (lib.cleanSourceWith g ./.)     # Succeeds!
+  #     builtins.filterSource f (builtins.filterSource g ./.) # Fails!
+  cleanSourceWith = { filter, src }:
+    let
+      isFiltered = src ? _isLibCleanSourceWith;
+      origSrc = if isFiltered then src.origSrc else src;
+      filter' = if isFiltered then name: type: filter name type && src.filter name type else filter;
+    in {
+      inherit origSrc;
+      filter = filter';
+      outPath = builtins.filterSource filter' origSrc;
+      _isLibCleanSourceWith = true;
+    };
 
   # Filter sources by a list of regular expressions.
   #
   # E.g. `src = sourceByRegex ./my-subproject [".*\.py$" "^database.sql$"]`
-  sourceByRegex = src: regexes: builtins.filterSource (path: type:
-    let relPath = lib.removePrefix (toString src + "/") (toString path);
-    in lib.any (re: builtins.match re relPath != null) regexes) src;
+  sourceByRegex = src: regexes: cleanSourceWith {
+    filter = (path: type:
+      let relPath = lib.removePrefix (toString src + "/") (toString path);
+      in lib.any (re: builtins.match re relPath != null) regexes);
+    inherit src;
+  };
 
   # Get all files ending with the specified suffices from the given
   # directory or its descendants.  E.g. `sourceFilesBySuffices ./dir
@@ -42,7 +63,7 @@ rec {
     let filter = name: type:
       let base = baseNameOf (toString name);
       in type == "directory" || lib.any (ext: lib.hasSuffix ext base) exts;
-    in builtins.filterSource filter path;
+    in cleanSourceWith { inherit filter; src = path; };
 
 
   # Get the commit id of a git repo
@@ -72,4 +93,8 @@ rec {
                 else lib.head matchRef
            else throw ("Not a .git directory: " + path);
     in lib.flip readCommitFromFile "HEAD";
+
+  pathHasContext = builtins.hasContext or (lib.hasPrefix builtins.storeDir);
+
+  canCleanSource = src: src ? _isLibCleanSourceWith || !(pathHasContext (toString src));
 }
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -139,12 +139,6 @@ following incompatible changes:</para>
       will be accessible at <literal>/run/memcached/memcached.sock</literal>.
     </para>
   </listitem>
-  <listitem>
-    <para>
-      The DNSCrypt proxy module has been removed, the upstream project
-      is no longer maintained.
-    </para>
-  </listitem>
 </itemizedlist>
 
 </section>

diff --git a/nixos/lib/make-ext4-fs.nix b/nixos/lib/make-ext4-fs.nix
@@ -10,7 +10,7 @@
 pkgs.stdenv.mkDerivation {
   name = "ext4-fs.img";
 
-  buildInputs = with pkgs; [e2fsprogs libfaketime perl];
+  nativeBuildInputs = with pkgs; [e2fsprogs libfaketime perl];
 
   # For obtaining the closure of `storePaths'.
   exportReferencesGraph =

diff --git a/nixos/lib/make-squashfs.nix b/nixos/lib/make-squashfs.nix
@@ -8,7 +8,7 @@
 stdenv.mkDerivation {
   name = "squashfs.img";
 
-  buildInputs = [perl squashfsTools];
+  nativeBuildInputs = [perl squashfsTools];
 
   # For obtaining the closure of `storeContents'.
   exportReferencesGraph =

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -446,6 +446,7 @@
   ./services/networking/dhcpd.nix
   ./services/networking/dnscache.nix
   ./services/networking/dnschain.nix
+  ./services/networking/dnscrypt-proxy.nix
   ./services/networking/dnscrypt-wrapper.nix
   ./services/networking/dnsmasq.nix
   ./services/networking/ejabberd.nix

diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
@@ -89,9 +89,6 @@ with lib;
     # Tarsnap
     (mkRenamedOptionModule [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ])
 
-    # dnscrypt-proxy
-    (mkRemovedOptionModule [ "services" "dnscrypt-proxy" "enable" ] "")
-
     # ibus
     (mkRenamedOptionModule [ "programs" "ibus" "plugins" ] [ "i18n" "inputMethod" "ibus" "engines" ])
 

diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
@@ -139,6 +139,14 @@ in
         '';
       };
 
+      tosHash = mkOption {
+        type = types.string;
+        default = "cc88d8d9517f490191401e7b54e9ffd12a2b9082ec7a1d4cec6101f9f1647e7b";
+        description = ''
+          SHA256 of the Terms of Services document. This changes once in a while.
+        '';
+      };
+
       production = mkOption {
         type = types.bool;
         default = true;
@@ -188,7 +196,7 @@ in
                 domain = if data.domain != null then data.domain else cert;
                 cpath = "${cfg.directory}/${cert}";
                 rights = if data.allowKeysForGroup then "750" else "700";
-                cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ]
+                cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ]
                           ++ optionals (data.email != null) [ "--email" data.email ]
                           ++ concatMap (p: [ "-f" p ]) data.plugins
                           ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
@@ -17,7 +17,7 @@ let
     hardeningEnable = [ "pie" ];
     installPhase = ''
       mkdir -p $out/bin
-      gcc -Wall -O2 -DWRAPPER_DIR=\"${parentWrapperDir}\" \
+      $CC -Wall -O2 -DWRAPPER_DIR=\"${parentWrapperDir}\" \
           -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper
     '';
   };
@@ -79,7 +79,7 @@ let
                  ({ owner = "root";
                     group = "root";
                   } // s)
-          else if 
+          else if
              (s ? "setuid" && s.setuid) ||
              (s ? "setgid" && s.setgid) ||
              (s ? "permissions")