diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index f5d1d3016a787..cae573c3452a4 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -252,7 +252,7 @@ In addition to numerous new and updated packages, this release has the following } ``` -- The default module options for [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall), [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) and [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) have been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. +- The default module options for [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall), [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) and `services.unifi-video.openFirewall` have been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. - The option `i18n.inputMethod.fcitx5.enableRimeData` has been removed. Default RIME data is now included in `fcitx5-rime` by default, and can be customized using diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 569c03ec3497a..fe5294d6c6f23 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -187,6 +187,12 @@ - `transmission-gtk`: `~/.config/transmission` - `transmission-daemon` using NixOS module: `${config.services.transmission.home}/.config/transmission-daemon` (defaults to `/var/lib/transmission/.config/transmission-daemon`) +- The default `mongodb` version has been updated from 5.0 to 7.0. + For more information, see the compatibility changes for MongoDB [6.0](https://www.mongodb.com/docs/manual/release-notes/6.0-compatibility/) and [7.0](https://www.mongodb.com/docs/manual/release-notes/7.0-compatibility/). + +- `unifi` has been updated to UniFi 8. + `unifi7` was removed as it is vulnerable to CVE-2024-42025 and required a version of MongoDB that has reached end of life. + - `androidenv.androidPkgs_9_0` has been removed, and replaced with `androidenv.androidPkgs` for a more complete Android SDK including support for Android 9 and later. - `grafana` has been updated to version 11.1. This version doesn't support setting `http_addr` to a hostname anymore, an IP address is expected. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bf9b3db4b9677..193cb43118f4c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1375,7 +1375,6 @@ ./services/video/mirakurun.nix ./services/video/photonvision.nix ./services/video/mediamtx.nix - ./services/video/unifi-video.nix ./services/video/v4l2-relayd.nix ./services/wayland/cage.nix ./services/wayland/hypridle.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 63f612eec960c..762c3ddbae9a9 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -108,6 +108,7 @@ in used instead. '') (mkRemovedOptionModule [ "services" "tvheadend" ] "The tvheadend package and the corresponding module have been removed as nobody was willing to maintain them and they were stuck on an unmaintained version that required FFmpeg 4; please see https://github.com/NixOS/nixpkgs/pull/332259 if you are interested in maintaining a newer version.") + (mkRemovedOptionModule [ "services" "unifi-video" ] "The unifi-video package and the corresponding module have been removed as the software has been unsupported since 2021 and requires a MongoDB version that has reached end of life.") (mkRemovedOptionModule [ "services" "venus" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "wakeonlan"] "This module was removed in favor of enabling it with networking.interfaces..wakeOnLan") (mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.") diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index 38908e3d6f1d1..8c5bc82ffcb1a 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -2,8 +2,8 @@ let cfg = config.services.unifi; stateDir = "/var/lib/unifi"; - cmd = lib.escapeShellArgs ([ "@${cfg.jrePackage}/bin/java" "java" ] - ++ lib.optionals (lib.versionAtLeast (lib.getVersion cfg.jrePackage) "16") [ + cmd = lib.escapeShellArgs ([ + "@${cfg.jrePackage}/bin/java" "java" "--add-opens=java.base/java.lang=ALL-UNNAMED" "--add-opens=java.base/java.time=ALL-UNNAMED" "--add-opens=java.base/sun.security.util=ALL-UNNAMED" @@ -27,24 +27,19 @@ in ''; }; - services.unifi.jrePackage = lib.mkOption { - type = lib.types.package; - default = if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3") then pkgs.jdk11 else pkgs.jre8; - defaultText = lib.literalExpression ''if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8''; - description = '' - The JRE package to use. Check the release notes to ensure it is supported. + services.unifi.jrePackage = lib.mkPackageOption pkgs "jdk" { + default = "jdk17_headless"; + extraDescription = '' + Check the UniFi controller release notes to ensure it is supported. ''; }; - services.unifi.unifiPackage = lib.mkPackageOption pkgs "unifi5" { }; + services.unifi.unifiPackage = lib.mkPackageOption pkgs "unifi" { + default = "unifi8"; + }; services.unifi.mongodbPackage = lib.mkPackageOption pkgs "mongodb" { - default = "mongodb-5_0"; - extraDescription = '' - ::: {.note} - unifi7 officially only supports mongodb up until 4.4 but works with 5.0. - ::: - ''; + default = "mongodb-7_0"; }; services.unifi.openFirewall = lib.mkOption { @@ -92,6 +87,29 @@ in config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = lib.versionAtLeast config.system.stateVersion "24.11" + || ( + options.services.unifi.unifiPackage.highestPrio < (lib.mkOptionDefault { }).priority + && options.services.unifi.mongodbPackage.highestPrio < (lib.mkOptionDefault { }).priority + ); + message = '' + Support for UniFi < 8 has been dropped; please explicitly set + `services.unifi.unifiPackage` and `services.unifi.mongodbPackage`. + + Note that the previous default MongoDB version was 5.0 and MongoDB + only supports migrating one major version at a time; therefore, you + may wish to set `services.unifi.mongodbPackage = pkgs.mongodb-6_0;` + and activate your configuration before upgrading again to the default + `mongodb-7_0` supported by `unifi8`. + + For more information, see the MongoDB upgrade notes: + + ''; + } + ]; + users.users.unifi = { isSystemUser = true; group = "unifi"; diff --git a/nixos/modules/services/video/unifi-video.nix b/nixos/modules/services/video/unifi-video.nix deleted file mode 100644 index 99c04bafd1410..0000000000000 --- a/nixos/modules/services/video/unifi-video.nix +++ /dev/null @@ -1,252 +0,0 @@ -{ config, lib, options, pkgs, utils, ... }: -with lib; -let - cfg = config.services.unifi-video; - opt = options.services.unifi-video; - mainClass = "com.ubnt.airvision.Main"; - cmd = '' - ${pkgs.jsvc}/bin/jsvc \ - -cwd ${stateDir} \ - -debug \ - -verbose:class \ - -nodetach \ - -user unifi-video \ - -home ${cfg.jrePackage}/lib/openjdk \ - -cp ${pkgs.commonsDaemon}/share/java/commons-daemon-1.2.4.jar:${stateDir}/lib/airvision.jar \ - -pidfile ${cfg.pidFile} \ - -procname unifi-video \ - -Djava.security.egd=file:/dev/./urandom \ - -Xmx${toString cfg.maximumJavaHeapSize}M \ - -Xss512K \ - -XX:+UseG1GC \ - -XX:+UseStringDeduplication \ - -XX:MaxMetaspaceSize=768M \ - -Djava.library.path=${stateDir}/lib \ - -Djava.awt.headless=true \ - -Djavax.net.ssl.trustStore=${stateDir}/etc/ufv-truststore \ - -Dfile.encoding=UTF-8 \ - -Dav.tempdir=/var/cache/unifi-video - ''; - - mongoConf = pkgs.writeTextFile { - name = "mongo.conf"; - executable = false; - text = '' - # for documentation of all options, see https://www.mongodb.com/docs/manual/reference/configuration-options/ - - storage: - dbPath: ${cfg.dataDir}/db - journal: - enabled: true - syncPeriodSecs: 60 - - systemLog: - destination: file - logAppend: true - path: ${stateDir}/logs/mongod.log - - net: - port: 7441 - bindIp: 127.0.0.1 - http: - enabled: false - - operationProfiling: - slowOpThresholdMs: 500 - mode: off - ''; - }; - - - mongoWtConf = pkgs.writeTextFile { - name = "mongowt.conf"; - executable = false; - text = '' - # for documentation of all options, see: - # https://www.mongodb.com/docs/manual/reference/configuration-options/ - - storage: - dbPath: ${cfg.dataDir}/db-wt - journal: - enabled: true - wiredTiger: - engineConfig: - cacheSizeGB: 1 - - systemLog: - destination: file - logAppend: true - path: logs/mongod.log - - net: - port: 7441 - bindIp: 127.0.0.1 - - operationProfiling: - slowOpThresholdMs: 500 - mode: off - ''; - }; - - stateDir = "/var/lib/unifi-video"; - -in -{ - - options.services.unifi-video = { - - enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether or not to enable the unifi-video service. - ''; - }; - - jrePackage = mkPackageOption pkgs "jre8" { }; - - unifiVideoPackage = mkPackageOption pkgs "unifi-video" { }; - - mongodbPackage = mkPackageOption pkgs "mongodb" { - default = "mongodb-5_0"; - }; - - logDir = mkOption { - type = types.str; - default = "${stateDir}/logs"; - description = '' - Where to store the logs. - ''; - }; - - dataDir = mkOption { - type = types.str; - default = "${stateDir}/data"; - description = '' - Where to store the database and other data. - ''; - }; - - openFirewall = mkOption { - type = types.bool; - default = false; - description = '' - Whether or not to open the required ports on the firewall. - ''; - }; - - maximumJavaHeapSize = mkOption { - type = types.nullOr types.int; - default = 1024; - example = 4096; - description = '' - Set the maximum heap size for the JVM in MB. - ''; - }; - - pidFile = mkOption { - type = types.path; - default = "${cfg.dataDir}/unifi-video.pid"; - defaultText = literalExpression ''"''${config.${opt.dataDir}}/unifi-video.pid"''; - description = "Location of unifi-video pid file."; - }; - - }; - - config = mkIf cfg.enable { - - warnings = optional - (options.services.unifi-video.openFirewall.highestPrio >= (mkOptionDefault null).priority) - "The current services.unifi-video.openFirewall = true default is deprecated and will change to false in 22.11. Set it explicitly to silence this warning."; - - users.users.unifi-video = { - description = "UniFi Video controller daemon user"; - home = stateDir; - group = "unifi-video"; - isSystemUser = true; - }; - users.groups.unifi-video = {}; - - networking.firewall = mkIf cfg.openFirewall { - # https://help.ui.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used - allowedTCPPorts = [ - 7080 # HTTP portal - 7443 # HTTPS portal - 7445 # Video over HTTP (mobile app) - 7446 # Video over HTTPS (mobile app) - 7447 # RTSP via the controller - 7442 # Camera management from cameras to NVR over WAN - ]; - allowedUDPPorts = [ - 6666 # Inbound camera streams sent over WAN - ]; - }; - - systemd.tmpfiles.rules = [ - "d '${stateDir}' 0700 unifi-video unifi-video - -" - "d '/var/cache/unifi-video' 0700 unifi-video unifi-video - -" - - "d '${stateDir}/logs' 0700 unifi-video unifi-video - -" - "C '${stateDir}/etc' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc" - "C '${stateDir}/webapps' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/webapps" - "C '${stateDir}/email' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/email" - "C '${stateDir}/fw' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/fw" - "C '${stateDir}/lib' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/lib" - - "d '${stateDir}/data' 0700 unifi-video unifi-video - -" - "d '${stateDir}/data/db' 0700 unifi-video unifi-video - -" - "C '${stateDir}/data/system.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/etc/system.properties" - - "d '${stateDir}/bin' 0700 unifi-video unifi-video - -" - "f '${stateDir}/bin/evostreamms' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/evostreamms" - "f '${stateDir}/bin/libavcodec.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavcodec.so.54" - "f '${stateDir}/bin/libavformat.so.54' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavformat.so.54" - "f '${stateDir}/bin/libavutil.so.52' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/libavutil.so.52" - "f '${stateDir}/bin/ubnt.avtool' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.avtool" - "f '${stateDir}/bin/ubnt.updater' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/bin/ubnt.updater" - "C '${stateDir}/bin/mongo' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongo" - "C '${stateDir}/bin/mongod' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongod" - "C '${stateDir}/bin/mongoperf' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongoperf" - "C '${stateDir}/bin/mongos' 0700 unifi-video unifi-video - ${cfg.mongodbPackage}/bin/mongos" - - "d '${stateDir}/conf' 0700 unifi-video unifi-video - -" - "C '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/evostream" - "Z '${stateDir}/conf/evostream' 0700 unifi-video unifi-video - -" - "L+ '${stateDir}/conf/mongodv3.0+.conf' 0700 unifi-video unifi-video - ${mongoConf}" - "L+ '${stateDir}/conf/mongodv3.6+.conf' 0700 unifi-video unifi-video - ${mongoConf}" - "L+ '${stateDir}/conf/mongod-wt.conf' 0700 unifi-video unifi-video - ${mongoWtConf}" - "L+ '${stateDir}/conf/catalina.policy' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.policy" - "L+ '${stateDir}/conf/catalina.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/catalina.properties" - "L+ '${stateDir}/conf/context.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/context.xml" - "L+ '${stateDir}/conf/logging.properties' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/logging.properties" - "L+ '${stateDir}/conf/server.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/server.xml" - "L+ '${stateDir}/conf/tomcat-users.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/tomcat-users.xml" - "L+ '${stateDir}/conf/web.xml' 0700 unifi-video unifi-video - ${pkgs.unifi-video}/lib/unifi-video/conf/web.xml" - ]; - - systemd.services.unifi-video = { - description = "UniFi Video NVR daemon"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ] ; - unitConfig.RequiresMountsFor = stateDir; - # Make sure package upgrades trigger a service restart - restartTriggers = [ cfg.unifiVideoPackage cfg.mongodbPackage ]; - path = with pkgs; [ gawk coreutils busybox which jre8 lsb-release libcap util-linux ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${(removeSuffix "\n" cmd)} ${mainClass} start"; - ExecStop = "${(removeSuffix "\n" cmd)} stop ${mainClass} stop"; - Restart = "on-failure"; - UMask = "0077"; - User = "unifi-video"; - WorkingDirectory = "${stateDir}"; - }; - }; - }; - - imports = [ - (mkRenamedOptionModule [ "services" "unifi-video" "openPorts" ] [ "services" "unifi-video" "openFirewall" ]) - ]; - - meta.maintainers = with lib.maintainers; [ rsynnest ]; -} diff --git a/nixos/tests/mongodb.nix b/nixos/tests/mongodb.nix index 1a260814f8b87..d82d5080e69c2 100644 --- a/nixos/tests/mongodb.nix +++ b/nixos/tests/mongodb.nix @@ -34,7 +34,7 @@ import ./make-test-python.nix ({ pkgs, ... }: node = {...}: { environment.systemPackages = with pkgs; [ # remember to update mongodb.passthru.tests if you change this - mongodb-5_0 + mongodb-7_0 ]; }; }; @@ -42,7 +42,7 @@ import ./make-test-python.nix ({ pkgs, ... }: testScript = '' node.start() '' - + runMongoDBTest pkgs.mongodb-5_0 + + runMongoDBTest pkgs.mongodb-7_0 + '' node.shutdown() ''; diff --git a/nixos/tests/unifi.nix b/nixos/tests/unifi.nix index 789b11b55985c..15de780455016 100644 --- a/nixos/tests/unifi.nix +++ b/nixos/tests/unifi.nix @@ -31,6 +31,5 @@ let ''; }; in with pkgs; { - unifi7 = makeAppTest unifi7; unifi8 = makeAppTest unifi8; } diff --git a/pkgs/servers/nosql/mongodb/5.0.nix b/pkgs/servers/nosql/mongodb/5.0.nix deleted file mode 100644 index 84c0991515b0d..0000000000000 --- a/pkgs/servers/nosql/mongodb/5.0.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ stdenv, callPackage, lib, sasl, boost -, Security, CoreFoundation, cctools -, avxSupport ? stdenv.hostPlatform.avxSupport -, nixosTests -}: - -let - buildMongoDB = callPackage ./mongodb.nix { - inherit sasl boost Security CoreFoundation cctools; - }; - variants = if stdenv.hostPlatform.isLinux then - { - version = "5.0.29"; - sha256 = "sha256-27+SXo0fjFwJFFm/NhpDhq95dMwiN8RCJO7j5ic49Ls="; - patches = [ ./fix-build-with-boost-1.79-5_0-linux.patch ]; - } - else lib.optionalAttrs stdenv.hostPlatform.isDarwin - { - version = "5.0.3"; # at least darwin has to stay on 5.0.3 until the SDK used by nixpkgs is bumped to 10.13 - sha256 = "1p9pq0dfd6lynvnz5p1c8dqp4filzrz86j840xwxwx82dm1zl6p0"; - patches = [ ./fix-build-with-boost-1.79-5_0.patch ]; # no darwin in name to prevent unnecessary rebuild - }; -in -buildMongoDB { - inherit avxSupport; - version = variants.version; - sha256 = variants.sha256; - patches = [ - ./forget-build-dependencies-4-4.patch - ./asio-no-experimental-string-view-4-4.patch - ./fix-gcc-Wno-exceptions-5.0.patch - # Fix building with python 3.12 since the imp module was removed - ./mongodb-python312.patch - ] ++ variants.patches; - passthru.tests = { inherit (nixosTests) mongodb; }; -} diff --git a/pkgs/servers/nosql/mongodb/6.0.nix b/pkgs/servers/nosql/mongodb/6.0.nix index 7132039908b06..a3567e5234d80 100644 --- a/pkgs/servers/nosql/mongodb/6.0.nix +++ b/pkgs/servers/nosql/mongodb/6.0.nix @@ -25,5 +25,5 @@ buildMongoDB { # Fix building with python 3.12 since the imp module was removed ./mongodb-python312.patch ]; - # passthru.tests = { inherit (nixosTests) mongodb; }; # currently tests mongodb-5_0 + # passthru.tests = { inherit (nixosTests) mongodb; }; # currently tests mongodb-7_0 } diff --git a/pkgs/servers/nosql/mongodb/7.0.nix b/pkgs/servers/nosql/mongodb/7.0.nix index ec71361194722..ccd5eade79b8e 100644 --- a/pkgs/servers/nosql/mongodb/7.0.nix +++ b/pkgs/servers/nosql/mongodb/7.0.nix @@ -7,6 +7,7 @@ CoreFoundation, cctools, avxSupport ? stdenv.hostPlatform.avxSupport, + nixosTests, }: let @@ -34,4 +35,7 @@ buildMongoDB { # Fix building with python 3.12 since the imp module was removed ./mongodb-python312.patch ]; + passthru.tests = { + inherit (nixosTests) mongodb; + }; } diff --git a/pkgs/servers/nosql/mongodb/asio-no-experimental-string-view-4-4.patch b/pkgs/servers/nosql/mongodb/asio-no-experimental-string-view-4-4.patch deleted file mode 100644 index b27145d57ecf9..0000000000000 --- a/pkgs/servers/nosql/mongodb/asio-no-experimental-string-view-4-4.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- a/src/third_party/asio-master/asio/include/asio/detail/config.hpp ---- b/src/third_party/asio-master/asio/include/asio/detail/config.hpp -@@ -831,20 +831,8 @@ - # endif // (__cplusplus >= 201402) - # endif // (_LIBCPP_VERSION < 7000) - # else // defined(ASIO_HAS_CLANG_LIBCXX) --# if (__cplusplus >= 201402) --# if __has_include() --# define ASIO_HAS_STD_EXPERIMENTAL_STRING_VIEW 1 --# endif // __has_include() --# endif // (__cplusplus >= 201402) - # endif // // defined(ASIO_HAS_CLANG_LIBCXX) - # endif // defined(__clang__) --# if defined(__GNUC__) --# if ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 9)) || (__GNUC__ > 4) --# if (__cplusplus >= 201402) --# define ASIO_HAS_STD_EXPERIMENTAL_STRING_VIEW 1 --# endif // (__cplusplus >= 201402) --# endif // ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 9)) || (__GNUC__ > 4) --# endif // defined(__GNUC__) - # endif // !defined(ASIO_DISABLE_STD_EXPERIMENTAL_STRING_VIEW) - #endif // !defined(ASIO_HAS_STD_EXPERIMENTAL_STRING_VIEW) - diff --git a/pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0-linux.patch b/pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0-linux.patch deleted file mode 100644 index eb205bd92894a..0000000000000 --- a/pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0-linux.patch +++ /dev/null @@ -1,90 +0,0 @@ -From fb846bdbd07cc3b8ada6179dccd974072c2b69da Mon Sep 17 00:00:00 2001 -From: Et7f3 -Date: Tue, 19 Jul 2022 22:01:56 +0200 -Subject: [PATCH] build: Upgrade boost to 1.79.0 - -We can see in src/third_party/boost/boost/version.hpp that vendored version of -boost is BOOST_LIB_VERSION "1_76" - -We can also see the doc desbribe 2 headers to use filesystems lib: One is -src/third_party/boost/boost/filesystem/fstream.hpp that contains (175-177) - typedef basic_ifstream ifstream; - typedef basic_ofstream ofstream; - typedef basic_fstream fstream; - -So this mean they mostly forgot to include a header and include-what-you-use -would catch this error. - -In upstream they fixed in a simmilar way -https://github.com/mongodb/mongo/commit/13389dc222fc372442be8c147e09685bb9a26a3a ---- - src/mongo/db/storage/storage_repair_observer.cpp | 1 + - src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp | 1 + - src/mongo/shell/shell_utils_extended.cpp | 1 + - src/mongo/util/processinfo_linux.cpp | 1 + - src/mongo/util/stacktrace_threads.cpp | 1 + - 5 files changed, 5 insertions(+) - -diff --git a/src/mongo/db/storage/storage_repair_observer.cpp b/src/mongo/db/storage/storage_repair_observer.cpp -index 22b76a6a39c..453f48229cd 100644 ---- a/src/mongo/db/storage/storage_repair_observer.cpp -+++ b/src/mongo/db/storage/storage_repair_observer.cpp -@@ -42,6 +42,7 @@ - #endif - - #include -+#include - - #include "mongo/db/dbhelpers.h" - #include "mongo/db/operation_context.h" -diff --git a/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp b/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp -index 2f032e4..d1a90e0 100644 ---- a/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp -+++ b/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp -@@ -37,6 +37,7 @@ - - #include - #include -+#include - #include - - #include "mongo/base/simple_string_data_comparator.h" -diff --git a/src/mongo/shell/shell_utils_extended.cpp b/src/mongo/shell/shell_utils_extended.cpp -index fbdddc1318d..e37d4c93a11 100644 ---- a/src/mongo/shell/shell_utils_extended.cpp -+++ b/src/mongo/shell/shell_utils_extended.cpp -@@ -37,6 +37,7 @@ - #endif - - #include -+#include - #include - #include - -diff --git a/src/mongo/util/processinfo_linux.cpp b/src/mongo/util/processinfo_linux.cpp -index eae0e9b7764..d5cd40f6039 100644 ---- a/src/mongo/util/processinfo_linux.cpp -+++ b/src/mongo/util/processinfo_linux.cpp -@@ -52,6 +52,7 @@ - #endif - - #include -+#include - #include - #include - #include -diff --git a/src/mongo/util/stacktrace_threads.cpp b/src/mongo/util/stacktrace_threads.cpp -index d2ee29d24b4..d485fa22367 100644 ---- a/src/mongo/util/stacktrace_threads.cpp -+++ b/src/mongo/util/stacktrace_threads.cpp -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - #include - #include - #include --- -2.32.1 (Apple Git-133) - diff --git a/pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0.patch b/pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0.patch deleted file mode 100644 index d00ed5e77d671..0000000000000 --- a/pkgs/servers/nosql/mongodb/fix-build-with-boost-1.79-5_0.patch +++ /dev/null @@ -1,90 +0,0 @@ -From fb846bdbd07cc3b8ada6179dccd974072c2b69da Mon Sep 17 00:00:00 2001 -From: Et7f3 -Date: Tue, 19 Jul 2022 22:01:56 +0200 -Subject: [PATCH] build: Upgrade boost to 1.79.0 - -We can see in src/third_party/boost/boost/version.hpp that vendored version of -boost is BOOST_LIB_VERSION "1_76" - -We can also see the doc desbribe 2 headers to use filesystems lib: One is -src/third_party/boost/boost/filesystem/fstream.hpp that contains (175-177) - typedef basic_ifstream ifstream; - typedef basic_ofstream ofstream; - typedef basic_fstream fstream; - -So this mean they mostly forgot to include a header and include-what-you-use -would catch this error. - -In upstream they fixed in a simmilar way -https://github.com/mongodb/mongo/commit/13389dc222fc372442be8c147e09685bb9a26a3a ---- - src/mongo/db/storage/storage_repair_observer.cpp | 1 + - src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp | 1 + - src/mongo/shell/shell_utils_extended.cpp | 1 + - src/mongo/util/processinfo_linux.cpp | 1 + - src/mongo/util/stacktrace_threads.cpp | 1 + - 5 files changed, 5 insertions(+) - -diff --git a/src/mongo/db/storage/storage_repair_observer.cpp b/src/mongo/db/storage/storage_repair_observer.cpp -index 22b76a6a39c..453f48229cd 100644 ---- a/src/mongo/db/storage/storage_repair_observer.cpp -+++ b/src/mongo/db/storage/storage_repair_observer.cpp -@@ -42,6 +42,7 @@ - #endif - - #include -+#include - - #include "mongo/db/dbhelpers.h" - #include "mongo/db/operation_context.h" -diff --git a/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp b/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp -index 07fabadd634..2924a2c74af 100644 ---- a/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp -+++ b/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp -@@ -37,6 +37,7 @@ - - #include - #include -+#include - - #include "mongo/base/simple_string_data_comparator.h" - #include "mongo/bson/bsonobjbuilder.h" -diff --git a/src/mongo/shell/shell_utils_extended.cpp b/src/mongo/shell/shell_utils_extended.cpp -index fbdddc1318d..e37d4c93a11 100644 ---- a/src/mongo/shell/shell_utils_extended.cpp -+++ b/src/mongo/shell/shell_utils_extended.cpp -@@ -37,6 +37,7 @@ - #endif - - #include -+#include - #include - #include - -diff --git a/src/mongo/util/processinfo_linux.cpp b/src/mongo/util/processinfo_linux.cpp -index eae0e9b7764..d5cd40f6039 100644 ---- a/src/mongo/util/processinfo_linux.cpp -+++ b/src/mongo/util/processinfo_linux.cpp -@@ -52,6 +52,7 @@ - #endif - - #include -+#include - #include - #include - #include -diff --git a/src/mongo/util/stacktrace_threads.cpp b/src/mongo/util/stacktrace_threads.cpp -index d2ee29d24b4..d485fa22367 100644 ---- a/src/mongo/util/stacktrace_threads.cpp -+++ b/src/mongo/util/stacktrace_threads.cpp -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - #include - #include - #include --- -2.32.1 (Apple Git-133) - diff --git a/pkgs/servers/nosql/mongodb/fix-gcc-Wno-exceptions-5.0.patch b/pkgs/servers/nosql/mongodb/fix-gcc-Wno-exceptions-5.0.patch deleted file mode 100644 index b8803911968b0..0000000000000 --- a/pkgs/servers/nosql/mongodb/fix-gcc-Wno-exceptions-5.0.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e78b2bf6eaa0c43bd76dbb841add167b443d2bb0 Mon Sep 17 00:00:00 2001 -From: Mark Benvenuto -Date: Mon, 21 Jun 2021 11:36:56 -0400 -Subject: [PATCH] SERVER-57688 Fix debug gcc 11 and clang 12 builds on Fedora - 34 - ---- - SConstruct | 4 ---- - src/mongo/db/query/plan_summary_stats.h | 4 +++- - src/mongo/util/shim_boost_assert.cpp | 1 + - 3 files changed, 4 insertions(+), 5 deletions(-) - -diff --git a/SConstruct b/SConstruct -index 25fd4a248d0c..23cff6f9da53 100644 ---- a/SConstruct -+++ b/SConstruct -@@ -3108,10 +3108,6 @@ def doConfigure(myenv): - # harmful to capture unused variables we are suppressing for now with a plan to fix later. - AddToCCFLAGSIfSupported(myenv, "-Wno-unused-lambda-capture") - -- # This warning was added in clang-5 and incorrectly flags our implementation of -- # exceptionToStatus(). See https://bugs.llvm.org/show_bug.cgi?id=34804 -- AddToCCFLAGSIfSupported(myenv, "-Wno-exceptions") -- - # Enable sized deallocation support. - AddToCXXFLAGSIfSupported(myenv, '-fsized-deallocation') - -diff --git a/src/mongo/db/query/plan_summary_stats.h b/src/mongo/db/query/plan_summary_stats.h -index 58677ab20d25..cfaa2053d16f 100644 ---- a/src/mongo/db/query/plan_summary_stats.h -+++ b/src/mongo/db/query/plan_summary_stats.h -@@ -29,9 +29,11 @@ - - #pragma once - --#include "mongo/util/container_size_helper.h" -+#include - #include - -+#include "mongo/util/container_size_helper.h" -+ - namespace mongo { - - /** diff --git a/pkgs/servers/nosql/mongodb/forget-build-dependencies-4-4.patch b/pkgs/servers/nosql/mongodb/forget-build-dependencies-4-4.patch deleted file mode 100644 index 1c3e0982a8c1a..0000000000000 --- a/pkgs/servers/nosql/mongodb/forget-build-dependencies-4-4.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- a/site_scons/mongo/generators.py -+++ b/site_scons/mongo/generators.py -@@ -34,30 +34,12 @@ def default_buildinfo_environment_data(): - False, - ), - ( -- 'ccflags', -- '$CCFLAGS', -- True, -- False, -- ), -- ( - 'cxx', - '$CXX_VERSION', - True, - False, - ), - ( -- 'cxxflags', -- '$CXXFLAGS', -- True, -- False, -- ), -- ( -- 'linkflags', -- '$LINKFLAGS', -- True, -- False, -- ), -- ( - 'target_arch', - '$TARGET_ARCH', - True, diff --git a/pkgs/servers/nosql/mongodb/mongodb.nix b/pkgs/servers/nosql/mongodb/mongodb.nix index 5836a925498f1..37fc0a2e8a573 100644 --- a/pkgs/servers/nosql/mongodb/mongodb.nix +++ b/pkgs/servers/nosql/mongodb/mongodb.nix @@ -39,14 +39,10 @@ let psutil setuptools distutils - ] ++ lib.optionals (lib.versionAtLeast version "6.0") [ packaging pymongo ]); - mozjsVersion = "60"; - mozjsReplace = "defined(HAVE___SINCOS)"; - system-libraries = [ "boost" "snappy" @@ -114,13 +110,6 @@ in stdenv.mkDerivation rec { #include ' substituteInPlace src/mongo/db/exec/plan_stats.h --replace '#include ' '#include #include ' - '' + lib.optionalString (stdenv.hostPlatform.isDarwin && lib.versionOlder version "6.0") '' - substituteInPlace src/third_party/mozjs-${mozjsVersion}/extract/js/src/jsmath.cpp --replace '${mozjsReplace}' 0 - '' + lib.optionalString stdenv.hostPlatform.isi686 '' - - # don't fail by default on i686 - substituteInPlace src/mongo/db/storage/storage_options.h \ - --replace 'engine("wiredTiger")' 'engine("mmapv1")' '' + lib.optionalString (!avxSupport) '' substituteInPlace SConstruct \ --replace-fail "default=['+sandybridge']," 'default=[],' @@ -170,9 +159,7 @@ in stdenv.mkDerivation rec { runHook postInstallCheck ''; - installTargets = - if (lib.versionAtLeast version "6.0") then "install-devcore" - else "install-core"; + installTargets = "install-devcore"; prefixKey = "DESTDIR="; @@ -187,6 +174,5 @@ in stdenv.mkDerivation rec { maintainers = with maintainers; [ bluescreen303 offline ]; platforms = subtractLists systems.doubles.i686 systems.doubles.unix; - broken = (versionOlder version "6.0" && stdenv.system == "aarch64-darwin"); }; } diff --git a/pkgs/servers/unifi-video/default.nix b/pkgs/servers/unifi-video/default.nix deleted file mode 100644 index 45a9b5c6fb61e..0000000000000 --- a/pkgs/servers/unifi-video/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ dpkg -, stdenv -, lib -, fetchurl -, jre8 -, jsvc -, lsb-release -, libcap -, util-linux -, makeWrapper -, autoPatchelfHook -, glibc -, gcc-unwrapped -}: - -stdenv.mkDerivation rec { - pname = "unifi-video"; - version = "3.10.13"; - src = fetchurl { - urls = [ "https://dl.ui.com/firmwares/ufv/v${version}/unifi-video.Debian9_amd64.v${version}.deb" "https://archive.org/download/unifi-video.Debian9_amd64.v${version}/unifi-video.Debian9_amd64.v${version}.deb" ]; - sha256 = "06mxjdizs4mhm1by8kj4pg5hhdi8ns6x75ggwyp1k6zb26jvvdny"; - }; - - buildInputs = [ jre8 jsvc lsb-release libcap util-linux ]; - nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook glibc gcc-unwrapped ]; - - unpackCmd = '' - runHook preUnpack - - dpkg-deb -x $src . - rm -r etc - - runHook postUnpack - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out - cp -ar sbin $out/bin - cp -ar lib share $out - chmod +x $out/bin/* - wrapProgram $out/bin/unifi-video --set JAVA_HOME "${jre8}" --prefix PATH : ${lib.makeBinPath [ jre8 lsb-release libcap util-linux]} - - runHook postInstall - ''; - - meta = with lib; { - description = "Unifi Video NVR (aka Airvision) is a software package for controlling Unifi cameras"; - longDescription = '' - Unifi Video is the NVR server software which can monitor and - record footage from supported Unifi video cameras - ''; - homepage = "https://www.ui.com"; - downloadPage = "https://www.ui.com/download/unifi-video/"; - sourceProvenance = with sourceTypes; [ - binaryBytecode - binaryNativeCode - ]; - license = licenses.unfree; - maintainers = [ maintainers.rsynnest ]; - platforms = [ "x86_64-linux" ]; - knownVulnerabilities = [ "Upstream support for Unifi Video ended January 1st, 2021." ]; - }; -} diff --git a/pkgs/servers/unifi/default.nix b/pkgs/servers/unifi/default.nix index 1c7684f273a94..f207737ed0805 100644 --- a/pkgs/servers/unifi/default.nix +++ b/pkgs/servers/unifi/default.nix @@ -46,13 +46,6 @@ let in rec { # see https://community.ui.com/releases / https://www.ui.com/download/unifi - unifi7 = generic { - version = "7.5.187"; - suffix = "-f57f5bf7ab"; - sha256 = "sha256-a5kl8gZbRnhS/p1imPl7soM0/QSFHdM0+2bNmDfc1mY="; - knownVulnerabilities = [ "CVE-2024-42025" ]; - }; - unifi8 = generic { version = "8.4.62"; suffix = "-i3q2j125cz"; diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index acffb059ab042..2175a5219cc34 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1035,6 +1035,7 @@ mapAliases { mongodb-4_0 = throw "mongodb-4_0 has been removed, it's end of life since April 2022"; # Added 2023-01-05 mongodb-4_2 = throw "mongodb-4_2 has been removed, it's end of life since April 2023"; # Added 2023-06-06 mongodb-4_4 = throw "mongodb-4_4 has been removed, it's end of life since April 2024"; # Added 2024-04-11 + mongodb-5_0 = throw "mongodb-5_0 has been removed, it's end of life since October 2024"; # Added 2024-10-01 moonlander = throw "'moonlander' has been removed due to it being broken and unmaintained"; # Added 2023-11-26 moz-phab = mozphab; # Added 2022-08-09 mozart-binary = throw "'mozart-binary' has been renamed to/replaced by 'mozart2-binary'"; # Converted to throw 2023-09-10 @@ -1606,8 +1607,10 @@ mapAliases { unicorn-emu = unicorn; # Added 2020-10-29 uniffi-bindgen = throw "uniffi-bindgen has been removed since upstream no longer provides a standalone package for the CLI"; unifi-poller = unpoller; # Added 2022-11-24 + unifi-video = throw "unifi-video has been removed as it has been unsupported upstream since 2021"; # Added 2024-10-01 unifi5 = throw "'unifi5' has been removed since its required MongoDB version is EOL."; # Added 2024-04-11 unifi6 = throw "'unifi6' has been removed since its required MongoDB version is EOL."; # Added 2024-04-11 + unifi7 = throw "'unifi7' has been removed since it is vulnerable to CVE-2024-42025 and its required MongoDB version is EOL."; # Added 2024-10-01 unifiLTS = throw "'unifiLTS' has been removed since UniFi no longer has LTS and stable releases. Use `pkgs.unifi` instead."; # Added 2024-04-11 unifiStable = throw "'unifiStable' has been removed since UniFi no longer has LTS and stable releases. Use `pkgs.unifi` instead."; # Converted to throw 2024-04-11 untrunc = untrunc-anthwlock; # Added 2021-02-01 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 214cf2163e6cd..32b2a2e22d8a9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24851,13 +24851,7 @@ with pkgs; mariadb = mariadb_1011; mariadb-embedded = mariadb.override { withEmbedded = true; }; - mongodb = hiPrio mongodb-6_0; - - mongodb-5_0 = callPackage ../servers/nosql/mongodb/5.0.nix { - sasl = cyrus_sasl; - boost = boost179.override { enableShared = false; }; - inherit (darwin.apple_sdk.frameworks) CoreFoundation Security; - }; + mongodb = hiPrio mongodb-7_0; mongodb-6_0 = darwin.apple_sdk_11_0.callPackage ../servers/nosql/mongodb/6.0.nix { sasl = cyrus_sasl; @@ -25336,15 +25330,12 @@ with pkgs; matomo-beta; inherit (callPackages ../servers/unifi { }) - unifi7 unifi8; - unifi = unifi7; + unifi = unifi8; unifi-protect-backup = callPackage ../applications/backup/unifi-protect-backup { }; - unifi-video = callPackage ../servers/unifi-video { }; - unpackerr = callPackage ../servers/unpackerr { inherit (darwin.apple_sdk.frameworks) Cocoa WebKit; };