···140140 <section xml:id="sec-overlays-alternatives">141141 <title>Using overlays to configure alternatives</title>142142 <para>143143- Certain software has different implementations of the same144144- interface. Other distributions have functionality to switch143143+ Certain software packages have different implementations of the144144+ same interface. Other distributions have functionality to switch145145 between these. For example, Debian provides <link146146 xlink:href="https://wiki.debian.org/DebianAlternatives">DebianAlternatives</link>.147147 Nixpkgs has what we call <literal>alternatives</literal>, which···160160 </para>161161 <para>162162 The Nixpkgs attribute is <literal>openblas</literal> for163163- ILP64 and <literal>openblasCompat</literal> for LP64. This164164- is the default.163163+ ILP64 (integer width = 64 bits) and164164+ <literal>openblasCompat</literal> for LP64 (integer width =165165+ 32 bits). <literal>openblasCompat</literal> is the default.165166 </para>166167 </listitem>167168 <listitem>···191190 #83888</link>, we are able to override the ‘blas’ and ‘lapack’192191 packages to use different implementations, through the193192 ‘blasProvider’ and ‘lapackProvider’ argument. This can be used194194- to select a different provider. For example, an overlay can be195195- created that looks like:193193+ to select a different provider. BLAS providers will have194194+ symlinks in <literal>$out/lib/libblas.so.3</literal> and195195+ <literal>$out/lib/libcblas.so.3</literal> to their respective196196+ BLAS libraries. Likewise, LAPACK providers will have symlinks197197+ in <literal>$out/lib/liblapack.so.3</literal> and198198+ <literal>$out/lib/liblapacke.so.3</literal> to their respective199199+ LAPCK libraries. For example, Intel MKL is both a BLAS and200200+ LAPACK provider. An overlay can be created to use Intel MKL201201+ that looks like:196202 </para>197203 <programlisting>198204self: super:···216208 <para>217209 This overlay uses Intel’s MKL library for both BLAS and LAPACK218210 interfaces. Note that the same can be accomplished at runtime219219- using <literal>LD_PRELOAD</literal> of libblas.so.3 and220220- liblapack.so.3.211211+ using <literal>LD_LIBRARY_PATH</literal> of libblas.so.3 and212212+ liblapack.so.3. For instance:221213 </para>214214+ <programlisting>215215+$ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib:$LD_LIBRARY_PATH nix-shell -p octave --run octave216216+ </programlisting>222217 <para>223218 Intel MKL requires an <literal>openmp</literal> implementation224219 when running with multiple processors. By default,···232221 set it with <literal>LD_PRELOAD</literal>. Note that233222 <literal>mkl</literal> is only available on234223 <literal>x86_64-linux</literal> and235235- <literal>x86_64-darwin</literal>. Moreover, Hydra is not build236236- and distributing pre-compiled binaries using it.224224+ <literal>x86_64-darwin</literal>. Moreover, Hydra is not225225+ building and distributing pre-compiled binaries using it.237226 </para>238227 <para>239228 For BLAS/LAPACK switching to work correctly, all packages must
···442442 Whether this NixOS machine is a lightweight container running443443 in another NixOS system. If set to true, support for nested444444 containers is disabled by default, but can be reenabled by445445- setting <config>boot.enableContainers</config> to true.445445+ setting <option>boot.enableContainers</option> to true.446446 '';447447 };448448
+66-73
nixos/tests/systemd-confinement.nix
···11-import ./make-test.nix {11+import ./make-test-python.nix {22 name = "systemd-confinement";3344 machine = { pkgs, lib, ... }: let···1717 exit "''${ret:-1}"1818 '';19192020- mkTestStep = num: { description, config ? {}, testScript }: {2020+ mkTestStep = num: { config ? {}, testScript }: {2121 systemd.sockets."test${toString num}" = {2222 description = "Socket for Test Service ${toString num}";2323 wantedBy = [ "sockets.target" ];···3434 };3535 } // removeAttrs config [ "confinement" "serviceConfig" ];36363737- __testSteps = lib.mkOrder num ''3838- subtest '${lib.escape ["\\" "'"] description}', sub {3939- $machine->succeed('echo ${toString num} > /teststep');4040- ${testScript}4141- };4242- '';3737+ __testSteps = lib.mkOrder num (''3838+ machine.succeed("echo ${toString num} > /teststep")3939+ '' + testScript);4340 };44414542 in {4643 imports = lib.imap1 mkTestStep [4747- { description = "chroot-only confinement";4848- config.confinement.mode = "chroot-only";4444+ { config.confinement.mode = "chroot-only";4945 testScript = ''5050- $machine->succeed(5151- 'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix',5252- 'test "$(chroot-exec id -u)" = 0',5353- 'chroot-exec chown 65534 /bin',5454- );4646+ with subtest("chroot-only confinement"):4747+ machine.succeed(4848+ 'test "$(chroot-exec ls -1 / | paste -sd,)" = bin,nix',4949+ 'test "$(chroot-exec id -u)" = 0',5050+ "chroot-exec chown 65534 /bin",5151+ )5552 '';5653 }5757- { description = "full confinement with APIVFS";5858- testScript = ''5959- $machine->fail(6060- 'chroot-exec ls -l /etc',6161- 'chroot-exec ls -l /run',6262- 'chroot-exec chown 65534 /bin',6363- );6464- $machine->succeed(6565- 'test "$(chroot-exec id -u)" = 0',6666- 'chroot-exec chown 0 /bin',6767- );5454+ { testScript = ''5555+ with subtest("full confinement with APIVFS"):5656+ machine.fail(5757+ "chroot-exec ls -l /etc",5858+ "chroot-exec ls -l /run",5959+ "chroot-exec chown 65534 /bin",6060+ )6161+ machine.succeed(6262+ 'test "$(chroot-exec id -u)" = 0', "chroot-exec chown 0 /bin",6363+ )6864 '';6965 }7070- { description = "check existence of bind-mounted /etc";7171- config.serviceConfig.BindReadOnlyPaths = [ "/etc" ];6666+ { config.serviceConfig.BindReadOnlyPaths = [ "/etc" ];7267 testScript = ''7373- $machine->succeed('test -n "$(chroot-exec cat /etc/passwd)"');6868+ with subtest("check existence of bind-mounted /etc"):6969+ machine.succeed('test -n "$(chroot-exec cat /etc/passwd)"')7470 '';7571 }7676- { description = "check if User/Group really runs as non-root";7777- config.serviceConfig.User = "chroot-testuser";7272+ { config.serviceConfig.User = "chroot-testuser";7873 config.serviceConfig.Group = "chroot-testgroup";7974 testScript = ''8080- $machine->succeed('chroot-exec ls -l /dev');8181- $machine->succeed('test "$(chroot-exec id -u)" != 0');8282- $machine->fail('chroot-exec touch /bin/test');7575+ with subtest("check if User/Group really runs as non-root"):7676+ machine.succeed("chroot-exec ls -l /dev")7777+ machine.succeed('test "$(chroot-exec id -u)" != 0')7878+ machine.fail("chroot-exec touch /bin/test")8379 '';8480 }8581 (let···8387 target = pkgs.writeText "symlink-target" "got me\n";8488 } "ln -s \"$target\" \"$out\"";8589 in {8686- description = "check if symlinks are properly bind-mounted";8790 config.confinement.packages = lib.singleton symlink;8891 testScript = ''8989- $machine->fail('chroot-exec test -e /etc');9090- $machine->succeed('chroot-exec cat ${symlink} >&2');9191- $machine->succeed('test "$(chroot-exec cat ${symlink})" = "got me"');9292+ with subtest("check if symlinks are properly bind-mounted"):9393+ machine.fail("chroot-exec test -e /etc")9494+ machine.succeed(9595+ "chroot-exec cat ${symlink} >&2",9696+ 'test "$(chroot-exec cat ${symlink})" = "got me"',9797+ )9298 '';9399 })9494- { description = "check if StateDirectory works";9595- config.serviceConfig.User = "chroot-testuser";100100+ { config.serviceConfig.User = "chroot-testuser";96101 config.serviceConfig.Group = "chroot-testgroup";97102 config.serviceConfig.StateDirectory = "testme";98103 testScript = ''9999- $machine->succeed('chroot-exec touch /tmp/canary');100100- $machine->succeed('chroot-exec "echo works > /var/lib/testme/foo"');101101- $machine->succeed('test "$(< /var/lib/testme/foo)" = works');102102- $machine->succeed('test ! -e /tmp/canary');104104+ with subtest("check if StateDirectory works"):105105+ machine.succeed("chroot-exec touch /tmp/canary")106106+ machine.succeed('chroot-exec "echo works > /var/lib/testme/foo"')107107+ machine.succeed('test "$(< /var/lib/testme/foo)" = works')108108+ machine.succeed("test ! -e /tmp/canary")103109 '';104110 }105105- { description = "check if /bin/sh works";111111+ { testScript = ''112112+ with subtest("check if /bin/sh works"):113113+ machine.succeed(114114+ "chroot-exec test -e /bin/sh",115115+ 'test "$(chroot-exec \'/bin/sh -c "echo bar"\')" = bar',116116+ )117117+ '';118118+ }119119+ { config.confinement.binSh = null;106120 testScript = ''107107- $machine->succeed(108108- 'chroot-exec test -e /bin/sh',109109- 'test "$(chroot-exec \'/bin/sh -c "echo bar"\')" = bar',110110- );121121+ with subtest("check if suppressing /bin/sh works"):122122+ machine.succeed("chroot-exec test ! -e /bin/sh")123123+ machine.succeed('test "$(chroot-exec \'/bin/sh -c "echo foo"\')" != foo')111124 '';112125 }113113- { description = "check if suppressing /bin/sh works";114114- config.confinement.binSh = null;126126+ { config.confinement.binSh = "${pkgs.hello}/bin/hello";115127 testScript = ''116116- $machine->succeed(117117- 'chroot-exec test ! -e /bin/sh',118118- 'test "$(chroot-exec \'/bin/sh -c "echo foo"\')" != foo',119119- );128128+ with subtest("check if we can set /bin/sh to something different"):129129+ machine.succeed("chroot-exec test -e /bin/sh")130130+ machine.succeed('test "$(chroot-exec /bin/sh -g foo)" = foo')120131 '';121132 }122122- { description = "check if we can set /bin/sh to something different";123123- config.confinement.binSh = "${pkgs.hello}/bin/hello";133133+ { config.environment.FOOBAR = pkgs.writeText "foobar" "eek\n";124134 testScript = ''125125- $machine->succeed(126126- 'chroot-exec test -e /bin/sh',127127- 'test "$(chroot-exec /bin/sh -g foo)" = foo',128128- );135135+ with subtest("check if only Exec* dependencies are included"):136136+ machine.succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" != eek')129137 '';130138 }131131- { description = "check if only Exec* dependencies are included";132132- config.environment.FOOBAR = pkgs.writeText "foobar" "eek\n";133133- testScript = ''134134- $machine->succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" != eek');135135- '';136136- }137137- { description = "check if all unit dependencies are included";138138- config.environment.FOOBAR = pkgs.writeText "foobar" "eek\n";139139+ { config.environment.FOOBAR = pkgs.writeText "foobar" "eek\n";139140 config.confinement.fullUnit = true;140141 testScript = ''141141- $machine->succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" = eek');142142+ with subtest("check if all unit dependencies are included"):143143+ machine.succeed('test "$(chroot-exec \'cat "$FOOBAR"\')" = eek')142144 '';143145 }144146 ];···156162 };157163158164 testScript = { nodes, ... }: ''159159- $machine->waitForUnit('multi-user.target');160160- ${nodes.machine.config.__testSteps}161161- '';165165+ machine.wait_for_unit("multi-user.target")166166+ '' + nodes.machine.config.__testSteps;162167}
···11-{ stdenv, fetchgit, qtbase, qtquickcontrols, qmake, makeDesktopItem }:11+{ mkDerivation, stdenv, fetchgit, qtbase, qtquickcontrols, qmake, makeDesktopItem }:2233# we now have libqmatrixclient so a future version of tensor that supports it44# should use that5566-stdenv.mkDerivation rec {66+mkDerivation rec {77 pname = "tensor-git";88 version = "2017-02-21";99
···6363 installPhase = (''6464 mkdir -p $out/lib $dev/include $dev/lib/pkgconfig65656666- libblas="${lib.getLib blasProvider}/lib/libblas${stdenv.hostPlatform.extensions.sharedLibrary}"6666+ libblas="${lib.getLib blasProvider}/lib/libblas${canonicalExtension}"67676868 if ! [ -e "$libblas" ]; then6969 echo "$libblas does not exist, ${blasProvider.name} does not provide libblas."···100100Cflags: -I$dev/include101101EOF102102103103- libcblas="${lib.getLib blasProvider}/lib/libcblas${stdenv.hostPlatform.extensions.sharedLibrary}"103103+ libcblas="${lib.getLib blasProvider}/lib/libcblas${canonicalExtension}"104104105105 if ! [ -e "$libcblas" ]; then106106 echo "$libcblas does not exist, ${blasProvider.name} does not provide libcblas."
···4141 installPhase = (''4242 mkdir -p $out/lib $dev/include $dev/lib/pkgconfig43434444- liblapack="${lib.getLib lapackProvider}/lib/liblapack${stdenv.hostPlatform.extensions.sharedLibrary}"4444+ liblapack="${lib.getLib lapackProvider}/lib/liblapack${canonicalExtension}"45454646 if ! [ -e "$liblapack" ]; then4747 echo "$liblapack does not exist, ${lapackProvider.name} does not provide liblapack."···7474Libs: -L$out/lib -llapack7575EOF76767777- liblapacke="${lib.getLib lapackProvider}/lib/liblapacke${stdenv.hostPlatform.extensions.sharedLibrary}"7777+ liblapacke="${lib.getLib lapackProvider}/lib/liblapacke${canonicalExtension}"78787979 if ! [ -e "$liblapacke" ]; then8080 echo "$liblapacke does not exist, ${lapackProvider.name} does not provide liblapacke."
···103103104104 # for the compositor105105 --prefix PATH : "$out/bin"106106+107107+ # the theme is hardcoded108108+ --prefix XDG_DATA_DIRS : "${elementary-gtk-theme}/share"106109 )107110 '';108111
···6565 patchShebangs meson/post_install.py6666 '';67676868+ preFixup = ''6969+ gappsWrapperArgs+=(7070+ # this theme is required7171+ --prefix XDG_DATA_DIRS : "${elementary-gtk-theme}/share"7272+ )7373+ '';7474+6875 meta = with stdenv.lib; {6976 description = "The extensible top panel for Pantheon";7077 longDescription = ''
+7-2
pkgs/development/libraries/gegl/4.0.nix
···4646 };47474848 patches = [4949- # Remove gegl:simple / backend-file test that times out frequently5050- ./patches/no-simple-backend-file-test.patch4949+ # Prevent deadlock making tests time-out5050+ # https://gitlab.gnome.org/GNOME/gegl/issues/2265151+ # https://gitlab.gnome.org/GNOME/glib/issues/19415252+ (fetchpatch {5353+ url = "https://gitlab.gnome.org/GNOME/gegl/commit/1d530816266b52c8788bbe1504c5b2d6eceba036.patch";5454+ sha256 = "8PlUcLQkuskjDGCA2obUPDW3jE++A6B5YWVgvn+GFrU=";5555+ })5156 ];52575358 nativeBuildInputs = [
···5353 echo 'Version: ${version}' >PKG-INFO54545555 sed -i 's/spec.add_external_build(cmd=cmd/spec.add_external_build(cmd="true"/g' setup.py5656+5757+ # fixing test5858+ sed -i "s/invalid value for \"--verbosity\"/invalid value for \\\'--verbosity\\\'/" tests/system/cli/test_sync.py5659 '';57605861 preBuild = ''