diff options
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2311.section.md | 1 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/system/boot/systemd/sysupdate.nix | 142 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/common/gpg-keyring.nix | 21 | ||||
-rw-r--r-- | nixos/tests/systemd-nspawn.nix | 22 | ||||
-rw-r--r-- | nixos/tests/systemd-sysupdate.nix | 66 | ||||
-rw-r--r-- | pkgs/applications/networking/browsers/chromium/upstream-info.json | 6 | ||||
-rw-r--r-- | pkgs/development/interpreters/python/hooks/default.nix | 8 | ||||
-rw-r--r-- | pkgs/development/interpreters/python/passthrufun.nix | 5 | ||||
-rw-r--r-- | pkgs/development/libraries/science/math/cudnn/generic.nix | 1 | ||||
-rw-r--r-- | pkgs/development/python-modules/xknx/default.nix | 4 | ||||
-rw-r--r-- | pkgs/development/python-modules/zope_broken/default.nix | 26 | ||||
-rw-r--r-- | pkgs/development/tools/build-managers/scala-cli/sources.json | 10 | ||||
-rw-r--r-- | pkgs/top-level/python-aliases.nix | 1 | ||||
-rw-r--r-- | pkgs/top-level/python-packages.nix | 2 |
16 files changed, 252 insertions, 65 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index d8faa5e11db..add72886e18 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -34,6 +34,7 @@ - [ebusd](https://ebusd.eu), a daemon for handling communication with eBUS devices connected to a 2-wire bus system (“energy bus” used by numerous heating systems). Available as [services.ebusd](#opt-services.ebusd.enable). +- [systemd-sysupdate](https://www.freedesktop.org/software/systemd/man/systemd-sysupdate.html), atomically updates the host OS, container images, portable service images or other sources. Available as [systemd.sysupdate](opt-systemd.sysupdate). ## Backward Incompatibilities {#sec-release-23.11-incompatibilities} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index d1de6da182d..f7acbb59dc2 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1398,6 +1398,7 @@ ./system/boot/systemd/oomd.nix ./system/boot/systemd/repart.nix ./system/boot/systemd/shutdown.nix + ./system/boot/systemd/sysupdate.nix ./system/boot/systemd/tmpfiles.nix ./system/boot/systemd/user.nix ./system/boot/systemd/userdbd.nix diff --git a/nixos/modules/system/boot/systemd/sysupdate.nix b/nixos/modules/system/boot/systemd/sysupdate.nix new file mode 100644 index 00000000000..2921e97f756 --- /dev/null +++ b/nixos/modules/system/boot/systemd/sysupdate.nix @@ -0,0 +1,142 @@ +{ config, lib, pkgs, utils, ... }: + +let + cfg = config.systemd.sysupdate; + + format = pkgs.formats.ini { }; + + listOfDefinitions = lib.mapAttrsToList + (name: format.generate "${name}.conf") + (lib.filterAttrs (k: _: !(lib.hasPrefix "_" k)) cfg.transfers); + + definitionsDirectory = pkgs.runCommand "sysupdate.d" { } '' + mkdir -p $out + ${(lib.concatStringsSep "\n" + (map (pkg: "cp ${pkg} $out/${pkg.name}") listOfDefinitions) + )} + ''; +in +{ + options.systemd.sysupdate = { + + enable = lib.mkEnableOption (lib.mdDoc "systemd-sysupdate") // { + description = lib.mdDoc '' + Atomically update the host OS, container images, portable service + images or other sources. + + If enabled, updates are triggered in regular intervals via a + `systemd.timer` unit. + + Please see + <https://www.freedesktop.org/software/systemd/man/systemd-sysupdate.html> + for more details. + ''; + }; + + timerConfig = utils.systemdUtils.unitOptions.timerOptions.options.timerConfig // { + default = { }; + description = lib.mdDoc '' + The timer configuration for performing the update. + + By default, the upstream configuration is used: + <https://github.com/systemd/systemd/blob/main/units/systemd-sysupdate.timer> + ''; + }; + + reboot = { + enable = lib.mkEnableOption (lib.mdDoc "automatically rebooting after an update") // { + description = lib.mdDoc '' + Whether to automatically reboot after an update. + + If set to `true`, the system will automatically reboot via a + `systemd.timer` unit but only after a new version was installed. + + This uses a unit completely separate from the one performing the + update because it is typically advisable to download updates + regularly while the system is up, but delay reboots until the + appropriate time (i.e. typically at night). + + Set this to `false` if you do not want to reboot after an update. This + is useful when you update a container image or another source where + rebooting is not necessary in order to finalize the update. + ''; + }; + + timerConfig = utils.systemdUtils.unitOptions.timerOptions.options.timerConfig // { + default = { }; + description = lib.mdDoc '' + The timer configuration for rebooting after an update. + + By default, the upstream configuration is used: + <https://github.com/systemd/systemd/blob/main/units/systemd-sysupdate-reboot.timer> + ''; + }; + }; + + transfers = lib.mkOption { + type = with lib.types; attrsOf format.type; + default = { }; + example = { + "10-uki.conf" = { + Transfer = { + ProtectVersion = "%A"; + }; + + Source = { + Type = "url-file"; + Path = "https://download.example.com/"; + MatchPattern = "nixos_@v.efi.xz"; + }; + + Target = { + Type = "regular-file"; + Path = "/EFI/Linux"; + PathRelativeTo = "boot"; + MatchPattern = '' + nixos_@v+@l-@d.efi"; \ + nixos_@v+@l.efi \ + nixos_@v.efi + ''; + Mode = "0444"; + TriesLeft = 3; + TriesDone = 0; + InstancesMax = 2; + }; + }; + }; + description = lib.mdDoc '' + Specify transfers as a set of the names of the transfer files as the + key and the configuration as its value. The configuration can use all + upstream options. See + <https://www.freedesktop.org/software/systemd/man/sysupdate.d.html> + for all available options. + ''; + }; + + }; + + config = lib.mkIf cfg.enable { + + systemd.additionalUpstreamSystemUnits = [ + "systemd-sysupdate.service" + "systemd-sysupdate.timer" + "systemd-sysupdate-reboot.service" + "systemd-sysupdate-reboot.timer" + ]; + + systemd.timers = { + "systemd-sysupdate" = { + wantedBy = [ "timers.target" ]; + timerConfig = cfg.timerConfig; + }; + "systemd-sysupdate-reboot" = lib.mkIf cfg.reboot.enable { + wantedBy = [ "timers.target" ]; + timerConfig = cfg.reboot.timerConfig; + }; + }; + + environment.etc."sysupdate.d".source = definitionsDirectory; + }; + + meta.maintainers = with lib.maintainers; [ nikstur ]; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9ab0bfb21f4..c9ce2ebe91f 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -772,6 +772,7 @@ in { systemd-portabled = handleTest ./systemd-portabled.nix {}; systemd-repart = handleTest ./systemd-repart.nix {}; systemd-shutdown = handleTest ./systemd-shutdown.nix {}; + systemd-sysupdate = runTest ./systemd-sysupdate.nix; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-user-tmpfiles-rules = handleTest ./systemd-user-tmpfiles-rules.nix {}; systemd-misc = handleTest ./systemd-misc.nix {}; diff --git a/nixos/tests/common/gpg-keyring.nix b/nixos/tests/common/gpg-keyring.nix new file mode 100644 index 00000000000..fb8d07b1183 --- /dev/null +++ b/nixos/tests/common/gpg-keyring.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +pkgs.runCommand "gpg-keyring" { nativeBuildInputs = [ pkgs.gnupg ]; } '' + mkdir -p $out + export GNUPGHOME=$out + cat > foo <<EOF + %echo Generating a basic OpenPGP key + %no-protection + Key-Type: EdDSA + Key-Curve: ed25519 + Name-Real: Bob Foobar + Name-Email: bob@foo.bar + Expire-Date: 0 + # Do a commit here, so that we can later print "done" + %commit + %echo done + EOF + gpg --batch --generate-key foo + rm $out/S.gpg-agent $out/S.gpg-agent.* + gpg --export bob@foo.bar -a > $out/pubkey.gpg +'' diff --git a/nixos/tests/systemd-nspawn.nix b/nixos/tests/systemd-nspawn.nix index bc77ee2a4d1..1a4251ef069 100644 --- a/nixos/tests/systemd-nspawn.nix +++ b/nixos/tests/systemd-nspawn.nix @@ -1,26 +1,6 @@ import ./make-test-python.nix ({pkgs, lib, ...}: let - gpgKeyring = (pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } '' - mkdir -p $out - export GNUPGHOME=$out - cat > foo <<EOF - %echo Generating a basic OpenPGP key - %no-protection - Key-Type: DSA - Key-Length: 1024 - Subkey-Type: ELG-E - Subkey-Length: 1024 - Name-Real: Bob Foobar - Name-Email: bob@foo.bar - Expire-Date: 0 - # Do a commit here, so that we can later print "done" - %commit - %echo done - EOF - gpg --batch --generate-key foo - rm $out/S.gpg-agent $out/S.gpg-agent.* - gpg --export bob@foo.bar -a > $out/pubkey.gpg - ''); + gpgKeyring = import ./common/gpg-keyring.nix { inherit pkgs; }; nspawnImages = (pkgs.runCommand "localhost" { buildInputs = [ pkgs.coreutils pkgs.gnupg ]; } '' mkdir -p $out diff --git a/nixos/tests/systemd-sysupdate.nix b/nixos/tests/systemd-sysupdate.nix new file mode 100644 index 00000000000..37811605dbb --- /dev/null +++ b/nixos/tests/systemd-sysupdate.nix @@ -0,0 +1,66 @@ +# Tests downloading a signed update aritfact from a server to a target machine. +# This test does not rely on the `systemd.timer` units provided by the +# `systemd-sysupdate` module but triggers the `systemd-sysupdate` service +# manually to make the test more robust. + +{ lib, pkgs, ... }: + +let + gpgKeyring = import ./common/gpg-keyring.nix { inherit pkgs; }; +in +{ + name = "systemd-sysupdate"; + + meta.maintainers = with lib.maintainers; [ nikstur ]; + + nodes = { + server = { pkgs, ... }: { + networking.firewall.enable = false; + services.nginx = { + enable = true; + virtualHosts."server" = { + root = pkgs.runCommand "sysupdate-artifacts" { buildInputs = [ pkgs.gnupg ]; } '' + mkdir -p $out + cd $out + + echo "nixos" > nixos_1.efi + sha256sum nixos_1.efi > SHA256SUMS + + export GNUPGHOME="$(mktemp -d)" + cp -R ${gpgKeyring}/* $GNUPGHOME + + gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS + ''; + }; + }; + }; + + target = { + systemd.sysupdate = { + enable = true; + transfers = { + "uki" = { + Source = { + Type = "url-file"; + Path = "http://server/"; + MatchPattern = "nixos_@v.efi"; + }; + Target = { + Path = "/boot/EFI/Linux"; + MatchPattern = "nixos_@v.efi"; + }; + }; + }; + }; + + environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg"; + }; + }; + + testScript = '' + server.wait_for_unit("nginx.service") + + target.succeed("systemctl start systemd-sysupdate") + assert "nixos" in target.wait_until_succeeds("cat /boot/EFI/Linux/nixos_1.efi", timeout=5) + ''; +} diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index 0ff34287e30..00553d8383e 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -1,8 +1,8 @@ { "stable": { - "version": "115.0.5790.102", - "sha256": "0sxhhsrn4cg9akpnb2qpn7kkgp286rh8y2mmypm2409s5grf1xh6", - "sha256bin64": "18n7xqbvcdd68856wmbrxx1f5lqj61g9cyiir9dzlfmf0a9wxvml", + "version": "115.0.5790.110", + "sha256": "0wgp44qnvmdqf2kk870ndm51rcvar36li2qq632ay4n8gfpbrm79", + "sha256bin64": "1w2jl92x78s4vxv4p1imkz7qaq51yvs0wiz2bclbjz0hjlw9akr3", "deps": { "gn": { "version": "2023-05-19", diff --git a/pkgs/development/interpreters/python/hooks/default.nix b/pkgs/development/interpreters/python/hooks/default.nix index 001e477b918..338e15f0248 100644 --- a/pkgs/development/interpreters/python/hooks/default.nix +++ b/pkgs/development/interpreters/python/hooks/default.nix @@ -1,9 +1,9 @@ -self: super: with self; +self: dontUse: with self; let - pythonInterpreter = super.python.pythonForBuild.interpreter; - pythonSitePackages = super.python.sitePackages; - pythonCheckInterpreter = super.python.interpreter; + pythonInterpreter = python.pythonForBuild.interpreter; + pythonSitePackages = python.sitePackages; + pythonCheckInterpreter = python.interpreter; setuppy = ../run_setup.py; in { makePythonHook = args: pkgs.makeSetupHook ({passthru.provides.setupHook = true; } // args); diff --git a/pkgs/development/interpreters/python/passthrufun.nix b/pkgs/development/interpreters/python/passthrufun.nix index aa63f354e08..b73885b5e29 100644 --- a/pkgs/development/interpreters/python/passthrufun.nix +++ b/pkgs/development/interpreters/python/passthrufun.nix @@ -47,12 +47,13 @@ selfTargetTarget = pythonOnTargetForTarget.pkgs or {}; # There is no Python TargetTarget. }; hooks = import ./hooks/default.nix; - keep = lib.extends hooks pythonPackagesFun; + keep = self: hooks self {}; extra = _: {}; optionalExtensions = cond: as: lib.optionals cond as; pythonExtension = import ../../../top-level/python-packages.nix; python2Extension = import ../../../top-level/python2-packages.nix; extensions = lib.composeManyExtensions ([ + hooks pythonExtension ] ++ (optionalExtensions (!self.isPy3k) [ python2Extension @@ -64,7 +65,7 @@ otherSplices keep extra - (lib.extends (lib.composeExtensions aliases extensions) keep)) + (lib.extends (lib.composeExtensions aliases extensions) pythonPackagesFun)) { overrides = packageOverrides; python = self; diff --git a/pkgs/development/libraries/science/math/cudnn/generic.nix b/pkgs/development/libraries/science/math/cudnn/generic.nix index cdfa924b224..e0a6ffd9d54 100644 --- a/pkgs/development/libraries/science/math/cudnn/generic.nix +++ b/pkgs/development/libraries/science/math/cudnn/generic.nix @@ -94,6 +94,7 @@ in # Without --add-needed autoPatchelf forgets $ORIGIN on cuda>=8.0.5. postFixup = strings.optionalString (strings.versionAtLeast versionTriple "8.0.5") '' patchelf $out/lib/libcudnn.so --add-needed libcudnn_cnn_infer.so + patchelf $out/lib/libcudnn_ops_infer.so --add-needed libcublas.so --add-needed libcublasLt.so ''; passthru = { diff --git a/pkgs/development/python-modules/xknx/default.nix b/pkgs/development/python-modules/xknx/default.nix index ba03f1bf04c..07615180608 100644 --- a/pkgs/development/python-modules/xknx/default.nix +++ b/pkgs/development/python-modules/xknx/default.nix @@ -12,7 +12,7 @@ buildPythonPackage rec { pname = "xknx"; - version = "2.11.1"; + version = "2.11.2"; format = "pyproject"; disabled = pythonOlder "3.8"; @@ -21,7 +21,7 @@ buildPythonPackage rec { owner = "XKNX"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-9H5LQX6uXWr9pQ/WosNl1LrcbR+MAwVtZv8Cdb+WFvg="; + hash = "sha256-rKvHb0wkWVuZO8M8uIQdOiY1N6DmGSpqUgz4YYbUfSM="; }; nativeBuildInputs = [ diff --git a/pkgs/development/python-modules/zope_broken/default.nix b/pkgs/development/python-modules/zope_broken/default.nix deleted file mode 100644 index a3583654e66..00000000000 --- a/pkgs/development/python-modules/zope_broken/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, zope_interface -}: - -buildPythonPackage rec { - pname = "zope.broken"; - version = "3.6.0"; - - src = fetchPypi { - inherit pname version; - extension = "zip"; - sha256 = "b9b8776002da4f7b6b12dfcce77eb642ae62b39586dbf60e1d9bdc992c9f2999"; - }; - - buildInputs = [ zope_interface ]; - - meta = with lib; { - homepage = "http://pypi.python.org/pypi/zope.broken"; - description = "Zope Broken Object Interfaces"; - license = licenses.zpl20; - maintainers = with maintainers; [ goibhniu ]; - }; - -} diff --git a/pkgs/development/tools/build-managers/scala-cli/sources.json b/pkgs/development/tools/build-managers/scala-cli/sources.json index 031d71a7bab..c6fc0bf6912 100644 --- a/pkgs/development/tools/build-managers/scala-cli/sources.json +++ b/pkgs/development/tools/build-managers/scala-cli/sources.json @@ -1,21 +1,21 @@ { - "version": "1.0.1", + "version": "1.0.2", "assets": { "aarch64-darwin": { "asset": "scala-cli-aarch64-apple-darwin.gz", - "sha256": "0n6jlxbfw21ck1qg2xzkrp0p4hlvr21cxfp3p27svp01104n6ig8" + "sha256": "0a1gsrzavflyp6vk7qghb7az9ki1mq4vkncsbjwq0b5hrmy4mxry" }, "aarch64-linux": { "asset": "scala-cli-aarch64-pc-linux.gz", - "sha256": "05rmxi7nwxkvx6as6sbfvrsyll2lp06iq77z22glkkv8y1dd6334" + "sha256": "0six9qcrihshn4sbiyzkbxdnkflqq5az166fdi5wz4rq0l4jj02z" }, "x86_64-darwin": { "asset": "scala-cli-x86_64-apple-darwin.gz", - "sha256": "1vsjp3sdnclx5w4bv1kzkk23q848374phlx3ix0qln04ih821q0l" + "sha256": "1c6dsidgcjscqzknvn1sl66kjvjbg400dxxb9lp134zm2sn8r3r2" }, "x86_64-linux": { "asset": "scala-cli-x86_64-pc-linux.gz", - "sha256": "1904f2z3hvkl2rmj0czk5qkw9327zqf5m8i4ad0bzyrri5q7q4ki" + "sha256": "1a35xhkvri5nlk65ms0rwlcgsbl8264j6c60665ds2h9dwph06n7" } } } diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index f20d8a2d6b5..8b9160d2a5c 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -376,4 +376,5 @@ mapAliases ({ zake = throw "zake has been removed because it is abandoned"; # added 2023-06-20 zc-buildout221 = zc-buildout; # added 2021-07-21 zc_buildout_nix = throw "zc_buildout_nix was pinned to a version no longer compatible with other modules"; + zope_broken = throw "zope_broken has been removed because it is obsolete and not needed in zodb>=3.10"; # added 2023-07-26 }) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e643cf5861c..e41d42adb3e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -13894,8 +13894,6 @@ self: super: with self; { zodbpickle = callPackage ../development/python-modules/zodbpickle { }; - zope_broken = callPackage ../development/python-modules/zope_broken { }; - zope-cachedescriptors = callPackage ../development/python-modules/zope-cachedescriptors { }; zope_component = callPackage ../development/python-modules/zope_component { }; |