From 142d83f90e2903c92a78c8f4fa84a87fe37a0409 Mon Sep 17 00:00:00 2001 From: George Shammas Date: Sat, 16 Sep 2023 07:47:52 -0400 Subject: nixos/postfix: postalias should not use source file permissions Our postfix-setup service ensures that the directory is only writable by root. postalias by default drops permissions to the user of the source file. In the case of NixOS that file is in the nix store and thus always owned by root and everything works. The problem is that when using a nixos-container with user namespaces (`-U`) then the nix store is owned by nobody/nogroup, and postfix-setup.service will be unable to create or modify `aliases.db`. Since the file would otherwise be owned by root, we should tell postfix to not assume the user and permissions of the `aliases` file by setting -o and -p From postalias(1) > -o Do not release root privileges when processing a non-root input file. By > default, postalias(1) drops root privileges and runs as the source file owner > instead. > -p Do not inherit the file access permissions from the input file when > creating a new file. Instead, create a new file with default access > permissions (mode 0644). --- nixos/modules/services/mail/postfix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 23c47aaca7e2..bfc4b6ccbfee 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -747,7 +747,7 @@ in ${concatStringsSep "\n" (mapAttrsToList (to: from: '' ln -sf ${from} /var/lib/postfix/conf/${to} - ${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/${to} + ${pkgs.postfix}/bin/postalias -o -p /var/lib/postfix/conf/${to} '') cfg.aliasFiles)} ${concatStringsSep "\n" (mapAttrsToList (to: from: '' ln -sf ${from} /var/lib/postfix/conf/${to} -- cgit 1.4.1 From c16ffa0a125a6098c094fcb19d63c6c4512072d7 Mon Sep 17 00:00:00 2001 From: Jacob Moody Date: Sat, 23 Dec 2023 15:53:20 -0600 Subject: drawterm: add nixos tests --- nixos/tests/all-tests.nix | 1 + nixos/tests/drawterm.nix | 58 +++++++++++++++++++++++++++++++++++ pkgs/tools/admin/drawterm/default.nix | 6 +++- 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/drawterm.nix (limited to 'nixos') diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 0ef5c4d8d3cb..c173f753228e 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -257,6 +257,7 @@ in { dolibarr = handleTest ./dolibarr.nix {}; domination = handleTest ./domination.nix {}; dovecot = handleTest ./dovecot.nix {}; + drawterm = discoverTests (import ./drawterm.nix); drbd = handleTest ./drbd.nix {}; dublin-traceroute = handleTest ./dublin-traceroute.nix {}; earlyoom = handleTestOn ["x86_64-linux"] ./earlyoom.nix {}; diff --git a/nixos/tests/drawterm.nix b/nixos/tests/drawterm.nix new file mode 100644 index 000000000000..1d444bb55433 --- /dev/null +++ b/nixos/tests/drawterm.nix @@ -0,0 +1,58 @@ +{ system, pkgs }: +let + tests = { + xorg = { + node = { pkgs, ... }: { + imports = [ ./common/user-account.nix ./common/x11.nix ]; + services.xserver.enable = true; + services.xserver.displayManager.sessionCommands = '' + ${pkgs.drawterm}/bin/drawterm -g 1024x768 & + ''; + test-support.displayManager.auto.user = "alice"; + }; + systems = [ "x86_64-linux" "aarch64-linux" ]; + }; + wayland = { + node = { pkgs, ... }: { + imports = [ ./common/wayland-cage.nix ]; + services.cage.program = "${pkgs.drawterm-wayland}/bin/drawterm"; + }; + systems = [ "x86_64-linux" ]; + }; + }; + + mkTest = name: machine: + import ./make-test-python.nix ({ pkgs, ... }: { + inherit name; + + nodes = { "${name}" = machine; }; + + meta = with pkgs.lib.maintainers; { + maintainers = [ moody ]; + }; + + enableOCR = true; + + testScript = '' + @polling_condition + def drawterm_running(): + machine.succeed("pgrep drawterm") + + start_all() + + machine.wait_for_unit("graphical.target") + drawterm_running.wait() # type: ignore[union-attr] + machine.wait_for_text("cpu") + machine.send_chars("cpu\n") + machine.wait_for_text("auth") + machine.send_chars("cpu\n") + machine.wait_for_text("ending") + machine.screenshot("out.png") + ''; + + }); + mkTestOn = systems: name: machine: + if pkgs.lib.elem system systems then mkTest name machine + else { ... }: { }; +in +builtins.mapAttrs (k: v: mkTestOn v.systems k v.node { inherit system; }) tests diff --git a/pkgs/tools/admin/drawterm/default.nix b/pkgs/tools/admin/drawterm/default.nix index ad839b495172..0fafd28ae3c2 100644 --- a/pkgs/tools/admin/drawterm/default.nix +++ b/pkgs/tools/admin/drawterm/default.nix @@ -14,6 +14,7 @@ , wlr-protocols , pulseaudio , config +, nixosTests }: stdenv.mkDerivation { @@ -56,7 +57,10 @@ stdenv.mkDerivation { installManPage drawterm.1 ''; - passthru.updateScript = unstableGitUpdater { shallowClone = false; }; + passthru = { + updateScript = unstableGitUpdater { shallowClone = false; }; + tests = nixosTests.drawterm; + }; meta = with lib; { description = "Connect to Plan 9 CPU servers from other operating systems."; -- cgit 1.4.1 From 92c3800caf7e2ab578bd3b3bce683efa0fc72c5e Mon Sep 17 00:00:00 2001 From: Maxime Brunet Date: Fri, 29 Dec 2023 14:12:02 -0800 Subject: mockgen: change upstream to uber-go fork --- nixos/doc/manual/release-notes/rl-2405.section.md | 2 ++ pkgs/development/tools/mockgen/default.nix | 39 +++++++++++++++++------ 2 files changed, 32 insertions(+), 9 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index a1d26f6a12f7..0e6b7b06a3d1 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -128,6 +128,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m `globalRedirect` can now have redirect codes other than 301 through `redirectCode`. +- The source of the `mockgen` package has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock). + - [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11. - `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module diff --git a/pkgs/development/tools/mockgen/default.nix b/pkgs/development/tools/mockgen/default.nix index 51cd2428c2e9..ed2aa4e50d93 100644 --- a/pkgs/development/tools/mockgen/default.nix +++ b/pkgs/development/tools/mockgen/default.nix @@ -1,28 +1,49 @@ -{ buildGoModule, fetchFromGitHub, lib }: +{ buildGoModule +, fetchFromGitHub +, lib +, testers +, mockgen +}: buildGoModule rec { pname = "mockgen"; - version = "1.6.0"; + version = "0.4.0"; src = fetchFromGitHub { - owner = "golang"; + owner = "uber-go"; repo = "mock"; rev = "v${version}"; - sha256 = "sha256-5Kp7oTmd8kqUN+rzm9cLqp9nb3jZdQyltGGQDiRSWcE="; + sha256 = "sha256-3nt70xrZisK5vgQa+STZPiY4F9ITKw8PbBWcKoBn4Vc="; }; - vendorHash = "sha256-5gkrn+OxbNN8J1lbgbxM8jACtKA7t07sbfJ7gVJWpJM="; + vendorHash = "sha256-mcNVud2jzvlPPQEaar/eYZkP71V2Civz+R5v10+tewA="; + + CGO_ENABLED = 0; subPackages = [ "mockgen" ]; - preCheck = '' - export GOROOT="$(go env GOROOT)" - ''; + ldflags = [ + "-X=main.version=${version}" + "-X=main.date=1970-01-01T00:00:00Z" + "-X=main.commit=unknown" + ]; + + passthru.tests.version = testers.testVersion { + package = mockgen; + command = "mockgen -version"; + version = '' + v${version} + Commit: unknown + Date: 1970-01-01T00:00:00Z + ''; + }; meta = with lib; { description = "GoMock is a mocking framework for the Go programming language"; - homepage = "https://github.com/golang/mock"; + homepage = "https://github.com/uber-go/mock"; + changelog = "https://github.com/uber-go/mock/blob/v${version}/CHANGELOG.md"; license = licenses.asl20; maintainers = with maintainers; [ bouk ]; + mainProgram = "mockgen"; }; } -- cgit 1.4.1