From f2065d81ad9d25bbe581aef5c4c80845d7bb3041 Mon Sep 17 00:00:00 2001 From: Naïm Favier Date: Sun, 19 Dec 2021 01:32:35 +0100 Subject: stdenv/generic: introduce shellDryRun Add `shellDryRun` to the generic stdenv and substitute it for uses of `${stdenv.shell} -n`. The point of this layer of abstraction is to add the flag `-O extglob`, which resolves #126344 in a more direct way. --- nixos/modules/system/activation/top-level.nix | 4 ++-- nixos/modules/system/boot/systemd.nix | 16 +++++----------- 2 files changed, 7 insertions(+), 13 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 501998fa399e2..3c48d6bfd85f5 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -55,8 +55,8 @@ let substituteInPlace $out/dry-activate --subst-var out chmod u+x $out/activate $out/dry-activate unset activationScript dryActivationScript - ${pkgs.stdenv.shell} -n $out/activate - ${pkgs.stdenv.shell} -n $out/dry-activate + ${pkgs.stdenv.shellDryRun} $out/activate + ${pkgs.stdenv.shellDryRun} $out/dry-activate cp ${config.system.build.bootStage2} $out/init substituteInPlace $out/init --subst-var-by systemConfig $out diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index ec5dea075bbce..76c59c047e0fe 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -210,20 +210,14 @@ let makeJobScript = name: text: let scriptName = replaceChars [ "\\" "@" ] [ "-" "_" ] (shellEscape name); - out = pkgs.writeTextFile { + out = (pkgs.writeShellScriptBin scriptName '' + set -e + ${text} + '').overrideAttrs (_: { # The derivation name is different from the script file name # to keep the script file name short to avoid cluttering logs. name = "unit-script-${scriptName}"; - executable = true; - destination = "/bin/${scriptName}"; - text = '' - #!${pkgs.runtimeShell} -e - ${text} - ''; - checkPhase = '' - ${pkgs.stdenv.shell} -n "$out/bin/${scriptName}" - ''; - }; + }); in "${out}/bin/${scriptName}"; unitConfig = { config, options, ... }: { -- cgit 1.4.1 From 2c82929645136d97e568d12184ebb62493c892b5 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 19 Dec 2021 12:01:43 +0100 Subject: iputils: 20210722 -> 20211215 The tools "tftpd" and "traceroute6" were removed. See [0] for more details. [0]: https://github.com/iputils/iputils/releases/tag/20211215 --- nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 13 +++++++++++++ nixos/doc/manual/release-notes/rl-2205.section.md | 6 ++++++ pkgs/os-specific/linux/iputils/default.nix | 14 +++----------- pkgs/top-level/all-packages.nix | 2 +- 4 files changed, 23 insertions(+), 12 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 4a68bc941860d..78a6c6c701b73 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -163,6 +163,19 @@ ~100MB for python itself). + + + The iputils package, which is installed by default, no longer + provides the legacy tools tftpd and + traceroute6. More tools + (ninfod, rarpd, and + rdisc) are going to be removed in the next + release. See + upstream’s + release notes for more details and available + replacements. + +
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 556552723100b..6551df9ee8823 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -60,6 +60,12 @@ In addition to numerous new and upgraded packages, this release has the followin This has the added benefit to reduce the closure size of `ipython` from ~400MB to ~160MB (including ~100MB for python itself). +- The iputils package, which is installed by default, no longer provides the + legacy tools `tftpd` and `traceroute6`. More tools (`ninfod`, `rarpd`, and + `rdisc`) are going to be removed in the next release. See + [upstream's release notes](https://github.com/iputils/iputils/releases/tag/20211215) + for more details and available replacements. + ## Other Notable Changes {#sec-release-22.05-notable-changes} - The option [services.redis.servers](#opt-services.redis.servers) was added diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index c949069885df4..0ca6d8aa187f3 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -6,7 +6,7 @@ }: let - version = "20210722"; + version = "20211215"; sunAsIsLicense = { fullName = "AS-IS, SUN MICROSYSTEMS license"; url = "https://github.com/iputils/iputils/blob/s${version}/rdisc.c"; @@ -19,14 +19,9 @@ in stdenv.mkDerivation rec { owner = pname; repo = pname; rev = version; - sha256 = "139fyifsjm0i012rhcx3ra3pxx2wxh77dfd551d8lgiv2mqd742j"; + sha256 = "1vzdch1xi2x2j8mvnsr4wwwh7kdkgf926xafw5kkb74yy1wac5qv"; }; - postPatch = lib.optionalString (!doCheck) '' - # There isn't a Meson option for this yet: - sed -i '/##### TESTS #####/q' ping/meson.build - ''; - outputs = ["out" "apparmor"]; # We don't have the required permissions inside the build sandbox: @@ -35,11 +30,10 @@ in stdenv.mkDerivation rec { mesonFlags = [ "-DBUILD_RARPD=true" - "-DBUILD_TRACEROUTE6=true" - "-DBUILD_TFTPD=true" "-DNO_SETCAP_OR_SUID=true" "-Dsystemdunitdir=etc/systemd/system" "-DINSTALL_SYSTEMD_UNITS=true" + "-DSKIP_TESTS=${lib.boolToString (!doCheck)}" ] # Disable idn usage w/musl (https://github.com/iputils/iputils/pull/111): ++ lib.optional stdenv.hostPlatform.isMusl "-DUSE_IDN=false"; @@ -87,9 +81,7 @@ in stdenv.mkDerivation rec { ping rarpd rdisc - tftpd tracepath - traceroute6 ''; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fa787dbe4eaee..8e061cf7ad356 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22294,7 +22294,7 @@ with pkgs; iproute_mptcp = callPackage ../os-specific/linux/iproute/mptcp.nix { }; iputils = hiPrio (callPackage ../os-specific/linux/iputils { }); - # hiPrio for collisions with inetutils (ping and tftpd.8.gz) + # hiPrio for collisions with inetutils (ping) iptables = callPackage ../os-specific/linux/iptables { }; iptables-legacy = callPackage ../os-specific/linux/iptables { nftablesCompat = false; }; -- cgit 1.4.1 From 0715ef59683a2f8091c7c4edceaff8d892ac1707 Mon Sep 17 00:00:00 2001 From: Winter Date: Sat, 1 Jan 2022 15:28:52 -0500 Subject: linux-pam: don't create dangling symlink during build --- nixos/modules/security/pam.nix | 2 +- pkgs/os-specific/linux/pam/default.nix | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 0944b36c6d197..e2026de131702 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -1035,7 +1035,7 @@ in setuid = true; owner = "root"; group = "root"; - source = "${pkgs.pam}/sbin/unix_chkpwd.orig"; + source = "${pkgs.pam}/sbin/unix_chkpwd"; }; }; diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix index 12ff9f493a373..33ab4f784fcb2 100644 --- a/pkgs/os-specific/linux/pam/default.nix +++ b/pkgs/os-specific/linux/pam/default.nix @@ -23,18 +23,6 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - postInstall = '' - mv -v $out/sbin/unix_chkpwd{,.orig} - ln -sv /run/wrappers/bin/unix_chkpwd $out/sbin/unix_chkpwd - ''; /* - rm -rf $out/etc - mkdir -p $modules/lib - mv $out/lib/security $modules/lib/ - '';*/ - # don't move modules, because libpam needs to (be able to) find them, - # which is done by dlopening $out/lib/security/pam_foo.so - # $out/etc was also missed: pam_env(login:session): Unable to open config file - preConfigure = lib.optionalString (stdenv.hostPlatform.libc == "musl") '' # export ac_cv_search_crypt=no # (taken from Alpine linux, apparently insecure but also doesn't build O:)) -- cgit 1.4.1