This was proposed by abbradar in #150801, but left out of the follow up PR
#221851 by Ma27 to reduce the size of the diff. Compared to the initial
proposal this includes the callPackage call in the recursion, which avoids
breaking the withJIT/withoutJIT helpers.
In terms of nixpkgs, this is a pure refactor, no derivations change. However,
this makes downstream expressions like the following possible:
(postgresql.override { jitSupport = true; }).pkgs.postgis
This would have not worked before without passing another "this" argument,
which is error prone as can be seen in this example:
https://github.com/PostgREST/postgrest/pull/3222/files
This makes it less error-prone to use the llvm package in extensions, because
it will always match the package used by the postgresql derivation itself.
Previously, you could've accidentally used llvm instead of postgresql.llvm
with a different result.
This is a Go program inside the sources of `postgresql_anonymizer` that
allows to perform database dumps, but with anonymized data. I figured
that it's a little awkward to have a client program to be part of the
extension package.
So I decided to create a second package called `pg-dump-anon`. Since
it's one repository, both share `version` & `src`.
Also extended the VM test to make sure we're getting properly anonymized
data when dumping with `pg_dump_anon`.
* Fix test in writing-nixos-tests.section.md
That paren couldn't possibly have been in the right place.
(I do not have nix set up to generate `writing-nixos-tests.section.xml` or verify the test or anything, please do whatever is appropriate with this trivial change)
* doc: fix numpy example test value
Making the test test the right thing made it fail
see PR discussion
We need to make sure systemd-tmpfiles-setup.service ran before we
start systemd-binft.service. Otherwise it might fail to start
due to non-existant files
Fixes#295365
When build using 'nix build' if we hit this default we will fail to
evaluate. Most instances that this should break have been fixed so
we remove this to prevent this from happening further in the future.
Right now the worst case chain of events for building an ISO on Hydra is
- copy everything to squashfs builder
- run squashfs builder
- download squashfs from builder
- compress squashfs
- upload squashfs to S3
- copy squashfs to ISO builder
- run ISO builder
- download ISO from builder
- compress ISO
- upload ISO to S3
This inlines the squashfs build into the ISO build, which makes it
- copy everything to ISO builder
- run ISO builder
- download ISO from builder
- compress ISO
- upload ISO to S3
Which should reduce queue runner load by $alot per ISO, which we have four of on small channels
(one release, one test per arch) and a lot more than four of on large channels (with various desktops)
This ensures a ".dtb" PE section makes it into the UKI so systemd-stub
can install the correct devicetree for use by the Linux kernel. This is
often needed on systems that boot with u-boot since the devicetree used
by u-boot is often a paired down version of what the Linux kernel needs.
On those kinds of boards, the lack of this PE section means that u-boot
will end up installing its internal devicetree into the UEFI
configuration table, which is what the Linux kernel ends up using.
While `/var/lib/lldap` isn't technically accessible by unprivileged
users thanks to `DynamicUser=true`, a user might prefer and change it to
`DynamicUser=false`.
There is currently also a PR open that intends to make `DynamicUser`
configurable via module option.
As such, `jwt_secret_file`, if bootstrapped by the service start
procedure, might be rendered world-readable due to its permissions
(`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and
`/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`.
This would usually be fixed by using `(umask 027; openssl ...)` instead
of just `openssl ...`.
However, it was found that another file (`users.db`), this time
bootstrapped by `lldap` itself, also had insufficient permissions
(`0644/-rw-r--r--`) inherited by the global umask and would be left
world-readable as well.
Due to this, we instead change the service's to `027`.
And to lower the impact for already bootstrapped files on existing
instances like `users.db`, set `StateDirectoryMode=0750`.
ESDM 1.0.1 fixed bugs related to Linux compatibility layer with CUSE.
During these fixes, the compatibility layer was simplified behind a
target in order to start the necessary services together or none of
them (services.esdm.linuxCompatServices).
Furthermore, a small helper was added to ESDM 1.0.1 in order to deal
with resume/suspend/hibernate (FUSE needs to be unblocked).
Removed options are marked.
Signed-off-by: Markus Theil <theil.markus@gmail.com>
this patch enables the creation of a runtime directory with the default
mode 0755 in /run/matrix-sliding-sync to offer a simple option for
SYNCV3_BINDADDR when using unix sockets.