diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 60ceb304ee8a8..74906aa4410a8 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -24,7 +24,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs - uses: korthout/backport-action@v1.2.0 + uses: korthout/backport-action@v2.1.1 with: # Config README: https://github.com/korthout/backport-action#backport-action copy_labels_pattern: 'severity:\ssecurity' diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 4172bc6fbe1e7..6150efcd55365 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -689,7 +689,7 @@ let ] ++ optional cfg.ttyAudit.openOnly "open_only" ++ optional (cfg.ttyAudit.enablePattern != null) "enable=${cfg.ttyAudit.enablePattern}" ++ optional (cfg.ttyAudit.disablePattern != null) "disable=${cfg.ttyAudit.disablePattern}" - )) + + ) + "\n") + optionalString config.services.homed.enable '' session required ${config.systemd.package}/lib/security/pam_systemd_home.so '' + diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index d5aaa4fe3b033..459e9d4a2264f 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -57,7 +57,7 @@ let prometheus_listen_addr = "localhost:9236" [git] - bin_path = "${gitPackage}/bin/git" + bin_path = "${cfg.packages.git}/bin/git" [gitlab-shell] dir = "${cfg.packages.gitlab-shell}" @@ -193,7 +193,7 @@ let runtimeDeps = with pkgs; [ nodejs gzip - gitPackage + cfg.packages.git gnutar postgresqlPackage coreutils @@ -272,6 +272,14 @@ in { ''; }; + packages.git = mkOption { + type = types.package; + default = gitPackage; + defaultText = literalExpression "Git 2.41 for Gitlab 16.3 on NixOS 23.05, otherwise just pkgs.git"; + description = lib.mdDoc "Reference to the git package"; + example = literalExpression "pkgs.git_2_41"; + }; + packages.gitlab = mkOption { type = types.package; default = pkgs.gitlab; @@ -1102,11 +1110,6 @@ in { ''Support for container registries other than gitlab-container-registry has ended since GitLab 16.0.0 and is scheduled for removal in a future release. Please back up your data and migrate to the gitlab-container-registry package.'' ) - (mkIf - (versionAtLeast (getVersion cfg.packages.gitlab) "16.2.0" && versionOlder (getVersion cfg.packages.gitlab) "16.5.0") - ''GitLab instances created or updated between versions [15.11.0, 15.11.2] have an incorrect database schema. - Check the upstream documentation for a workaround: https://docs.gitlab.com/ee/update/versions/gitlab_16_changes.html#undefined-column-error-upgrading-to-162-or-later'' - ) ]; assertions = [ @@ -1144,7 +1147,7 @@ in { } ]; - environment.systemPackages = [ gitlab-rake gitlab-rails cfg.packages.gitlab-shell ]; + environment.systemPackages = [ cfg.packages.git gitlab-rake gitlab-rails cfg.packages.gitlab-shell ]; systemd.targets.gitlab = { description = "Common target for all GitLab services."; @@ -1318,7 +1321,7 @@ in { jq openssl replace-secret - gitPackage + cfg.packages.git ]; serviceConfig = { Type = "oneshot"; @@ -1473,7 +1476,7 @@ in { }); path = with pkgs; [ postgresqlPackage - gitPackage + cfg.packages.git ruby openssh nodejs @@ -1503,7 +1506,7 @@ in { partOf = [ "gitlab.target" ]; path = with pkgs; [ openssh - gitPackage + cfg.packages.git gzip bzip2 ]; @@ -1586,7 +1589,7 @@ in { path = with pkgs; [ remarshal exiftool - gitPackage + cfg.packages.git gnutar gzip openssh @@ -1659,7 +1662,7 @@ in { environment = gitlabEnv; path = with pkgs; [ postgresqlPackage - gitPackage + cfg.packages.git openssh nodejs procps diff --git a/pkgs/development/python-modules/batchspawner/default.nix b/pkgs/development/python-modules/batchspawner/default.nix index 09023536a94b4..f2e8acfe7a0e3 100644 --- a/pkgs/development/python-modules/batchspawner/default.nix +++ b/pkgs/development/python-modules/batchspawner/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , fetchFromGitHub , jupyterhub +, packaging , pythonOlder }: @@ -21,6 +22,7 @@ buildPythonPackage rec { propagatedBuildInputs = [ jupyterhub + packaging ]; # Tests require a job scheduler e.g. slurm, pbs, etc. @@ -32,8 +34,9 @@ buildPythonPackage rec { meta = with lib; { description = "A spawner for Jupyterhub to spawn notebooks using batch resource managers"; - homepage = "https://jupyter.org"; + homepage = "https://github.com/jupyterhub/batchspawner"; + changelog = "https://github.com/jupyterhub/batchspawner/blob/v${version}/CHANGELOG.md"; license = licenses.bsd3; - maintainers = [ maintainers.costrouc ]; + maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix b/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix index 7aeaa6cdb2370..1d5cc192032e9 100644 --- a/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix +++ b/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix @@ -1,29 +1,26 @@ { lib +, bash , buildPythonPackage , fetchFromGitHub , jupyterhub +, pythonOlder , tornado -, bash }: buildPythonPackage rec { pname = "jupyterhub-systemdspawner"; - version = "0.15"; + version = "1.0.1"; + format = "setuptools"; + + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "jupyterhub"; repo = "systemdspawner"; - rev = "v${version}"; - hash = "sha256-EUCA+CKCeYr+cLVrqTqe3Q32JkbqeALL6tfOnlVHk8Q="; + rev = "refs/tags/v${version}"; + hash = "sha256-2Pxswa472umovHBUVTIX1l+Glj6bzzgBLsu+p4IA6jA="; }; - propagatedBuildInputs = [ - jupyterhub - tornado - ]; - - buildInputs = [ bash ]; - postPatch = '' substituteInPlace systemdspawner/systemd.py \ --replace "/bin/bash" "${bash}/bin/bash" @@ -32,7 +29,16 @@ buildPythonPackage rec { --replace "/bin/bash" "${bash}/bin/bash" ''; - # no tests + buildInputs = [ + bash + ]; + + propagatedBuildInputs = [ + jupyterhub + tornado + ]; + + # Module has no tests doCheck = false; postInstall = '' @@ -41,9 +47,14 @@ buildPythonPackage rec { patchShebangs $out/bin ''; + pythonImportsCheck = [ + "systemdspawner" + ]; + meta = with lib; { description = "JupyterHub Spawner using systemd for resource isolation"; homepage = "https://github.com/jupyterhub/systemdspawner"; + changelog = "https://github.com/jupyterhub/systemdspawner/blob/v${version}/CHANGELOG.md"; license = licenses.bsd3; maintainers = with maintainers; [ costrouc ]; }; diff --git a/pkgs/development/python-modules/jupyterhub/default.nix b/pkgs/development/python-modules/jupyterhub/default.nix index 9dea973b042fe..782c9379e05b0 100644 --- a/pkgs/development/python-modules/jupyterhub/default.nix +++ b/pkgs/development/python-modules/jupyterhub/default.nix @@ -1,30 +1,38 @@ { lib , stdenv -, buildPythonPackage -, pythonOlder -, fetchPypi -, fetchzip , alembic , async_generator +, beautifulsoup4 +, buildPythonPackage , certipy -, python-dateutil +, cryptography , entrypoints +, fetchPypi +, fetchzip +, importlib-metadata , jinja2 +, jsonschema , jupyter-telemetry +, jupyterlab +, mock +, nbclassic +, nodePackages +, notebook , oauthlib +, packaging , pamela +, playwright , prometheus-client +, pytest-asyncio +, pytestCheckHook +, python-dateutil +, pythonOlder , requests +, requests-mock +, selenium , sqlalchemy , tornado , traitlets -, nodePackages -, beautifulsoup4 -, cryptography -, notebook -, pytest-asyncio -, pytestCheckHook -, requests-mock , virtualenv }: @@ -61,12 +69,14 @@ in buildPythonPackage rec { pname = "jupyterhub"; - version = "1.5.0"; - disabled = pythonOlder "3.6"; + version = "4.0.1"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-3GGPZXwjukYoDjYlflCTGAZnS6Dp5kmK+wke/GIm1p0="; + hash = "sha256-jig/9Z5cQBZxIHfSVJ7XSs2RWjKDb+ACGGeKh4G9ft4="; }; # Most of this only applies when building from source (e.g. js/css assets are @@ -111,7 +121,6 @@ buildPythonPackage rec { ''; propagatedBuildInputs = [ - # https://github.com/jupyterhub/jupyterhub/blob/master/requirements.txt alembic async_generator certipy @@ -119,13 +128,18 @@ buildPythonPackage rec { entrypoints jinja2 jupyter-telemetry + jupyterlab oauthlib + packaging pamela prometheus-client requests + selenium sqlalchemy tornado traitlets + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata ]; preCheck = '' @@ -134,10 +148,14 @@ buildPythonPackage rec { ''; nativeCheckInputs = [ - # https://github.com/jupyterhub/jupyterhub/blob/master/dev-requirements.txt beautifulsoup4 cryptography notebook + jsonschema + nbclassic + mock + jupyterlab + playwright pytest-asyncio pytestCheckHook requests-mock @@ -151,14 +169,39 @@ buildPythonPackage rec { "test_external_service" # attempts to do ssl connection "test_connection_notebook_wrong_certs" + # AttributeError: 'coroutine' object... + "test_valid_events" + "test_invalid_events" + "test_user_group_roles" + ]; + + disabledTestPaths = [ + # Not testing with a running instance + # AttributeError: 'coroutine' object has no attribute 'db' + "docs/test_docs.py" + "jupyterhub/tests/browser/test_browser.py" + "jupyterhub/tests/test_api.py" + "jupyterhub/tests/test_auth_expiry.py" + "jupyterhub/tests/test_auth.py" + "jupyterhub/tests/test_metrics.py" + "jupyterhub/tests/test_named_servers.py" + "jupyterhub/tests/test_orm.py" + "jupyterhub/tests/test_pages.py" + "jupyterhub/tests/test_proxy.py" + "jupyterhub/tests/test_scopes.py" + "jupyterhub/tests/test_services_auth.py" + "jupyterhub/tests/test_singleuser.py" + "jupyterhub/tests/test_spawner.py" + "jupyterhub/tests/test_user.py" ]; meta = with lib; { - broken = lib.versionAtLeast sqlalchemy.version "2.0"; description = "Serves multiple Jupyter notebook instances"; homepage = "https://jupyter.org/"; - changelog = "https://github.com/jupyterhub/jupyterhub/blob/${version}/docs/source/changelog.md"; + changelog = "https://github.com/jupyterhub/jupyterhub/blob/${version}/docs/source/reference/changelog.md"; license = licenses.bsd3; maintainers = with maintainers; [ ixxie cstrahan ]; + # darwin: E OSError: dlopen(/nix/store/43zml0mlr17r5jsagxr00xxx91hz9lky-openpam-20170430/lib/libpam.so, 6): image not found + broken = (stdenv.isLinux && stdenv.isAarch64) || stdenv.isDarwin; }; } diff --git a/pkgs/development/python-modules/pyslurm/default.nix b/pkgs/development/python-modules/pyslurm/default.nix index 97133b20eee89..5649bb460ece5 100644 --- a/pkgs/development/python-modules/pyslurm/default.nix +++ b/pkgs/development/python-modules/pyslurm/default.nix @@ -8,7 +8,7 @@ buildPythonPackage rec { pname = "pyslurm"; - version = "22.5.1"; + version = "23.2.0"; format = "setuptools"; disabled = pythonOlder "3.6"; @@ -17,7 +17,7 @@ buildPythonPackage rec { repo = "pyslurm"; owner = "PySlurm"; rev = "refs/tags/v${version}"; - hash = "sha256-sPZELCxe2e7/gUmRxvP2aOwqsbaR/x+0grHwuDdx0Dg="; + hash = "sha256-HIidm53pV8A7pwrl6k6/B3GpzXaIxKQiB3L4s7/dqHY="; }; buildInputs = [ cython slurm ]; diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index ab2775ab922d7..1eaff71793499 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -12,8 +12,8 @@ "hash": "sha256:0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln" }, "6.1": { - "version": "6.1.60", - "hash": "sha256:02pvymr1dgd36mp7yikxqqv0sfrpwi1grnvxvx6jbbx6wmx0wljq" + "version": "6.1.61", + "hash": "sha256:1kk4d7ph6pvgdrdmaklg15wf58nw9n7yqgkag7jdvqinzh99sb5d" }, "5.15": { "version": "5.15.137",