commit 35b146ca31ea5f6cfdeee11dc7ca737fa9fbc1dd · pyrox.dev/nixpkgs

+1 -2

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

···

       610
        
             <listitem>

     

       611
        
               <para>

     

       612
        
                 The <literal>openssl</literal>-extension for the PHP

     

       613
       -
                 interpreter used by <literal>services.nextcloud</literal> is

     

       614
       -
                 built against OpenSSL 1.1 if

     

       615
        
                 <xref linkend="opt-system.stateVersion" /> is below

     

       616
        
                 <literal>22.11</literal>. This is to make sure that people

     

       617
        
                 using

···

       610
        
             <listitem>

     

       611
        
               <para>

     

       612
        
                 The <literal>openssl</literal>-extension for the PHP

     

       613
       +
                 interpreter used by Nextcloud is built against OpenSSL 1.1 if

     

       0
        
       
     

       614
        
                 <xref linkend="opt-system.stateVersion" /> is below

     

       615
        
                 <literal>22.11</literal>. This is to make sure that people

     

       616
        
                 using

+1 -1

nixos/doc/manual/release-notes/rl-2211.section.md

···

       196
        
       

     

       197
        
       - The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead.

     

       198
        
       

     

       199
       -
       - The `openssl`-extension for the PHP interpreter used by `services.nextcloud` is built against OpenSSL 1.1 if

     

       200
        
         [](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html)

     

       201
        
         don't loose access to their files.

     

       202

···

       196
        
       

     

       197
        
       - The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead.

     

       198
        
       

     

       199
       +
       - The `openssl`-extension for the PHP interpreter used by Nextcloud is built against OpenSSL 1.1 if

     

       200
        
         [](#opt-system.stateVersion) is below `22.11`. This is to make sure that people using [server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html)

     

       201
        
         don't loose access to their files.

     

       202

+18 -13

nixos/modules/services/web-apps/nextcloud.nix

···

       14
        
           extensions = { enabled, all }:

     

       15
        
             (with all;

     

       16
        
               # disable default openssl extension

     

       17
       -
               (lib.filter (e: e.pname != "openssl") enabled)

     

       18
        
               # use OpenSSL 1.1 for RC4 Nextcloud encryption if user

     

       19
        
               # has acknowledged the brokeness of the ciphers (RC4).

     

       20
        
               # TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed.

     
···

       91
        
             default = versionOlder stateVersion "22.11";

     

       92
        
             defaultText = literalExpression "versionOlder system.stateVersion \"22.11\"";

     

       93
        
             description = lib.mdDoc ''

     

       94
       -
               This option uses OpenSSL PHP extension linked against OpenSSL 1.1 rather

     

       95
       -
               than latest OpenSSL (≥ 3), this is not recommended except if you need

     

       96
       -
               it.

     

       97
       -
       

     

       98
       -
               Server-side encryption in Nextcloud uses RC4 ciphers, a broken cipher

     

       99
       -
               since ~2004.

     

       100
        
       

     

       101
        
               This cipher has been disabled in OpenSSL ≥ 3 and requires

     

       102
        
               a specific legacy profile to re-enable it.

     

       103
        
       

     

       104
       -
               If you upgrade to a Nextcloud using OpenSSL ≥ 3 and have

     

       105
        
               server-side encryption configured, you will not be able to access

     

       106
        
               your files anymore. Enabling this option can restore access to your files.

     

       107
        
               Upon testing we didn't encounter any data corruption when turning

     

       108
        
               this on and off again, but this cannot be guaranteed for

     

       109
        
               each Nextcloud installation.

     

       110
        
       

     

       111
       -
               Unless you are using external storage,

     

       112
       -
               it is advised to [disable server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption) as it is unclear

     

       113
       -
               it provides any amount of security beyond encryption for external storage.

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       114
        
       

     

       115
        
               In the future, Nextcloud may move to AES-256-GCM, by then,

     

       116
        
               this option will be removed.

     
···

       690
        
                 This is only necessary if you're using Nextcloud's server-side encryption.

     

       691
        
                 Please keep in mind that it's using the broken RC4 cipher.

     

       692
        
       

     

       693
       -
                 If you don't use that feature, you can switch to OpenSSL 3 by declaring

     

       0
        
       
     

       694
        
       

     

       695
        
                   services.nextcloud.enableBrokenCiphersForSSE = false;

     

       696
        
       

     

       0
        
       
     

       697
        
                 Otherwise you'd have to disable server-side encryption first in order

     

       698
       -
                 to be able to safely disable this option and get rid of that warning.

     

       699
        
                 See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.

     

       700
        
       

     

       701
        
                 For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470

···

       14
        
           extensions = { enabled, all }:

     

       15
        
             (with all;

     

       16
        
               # disable default openssl extension

     

       17
       +
               (lib.filter (e: e.pname != "php-openssl") enabled)

     

       18
        
               # use OpenSSL 1.1 for RC4 Nextcloud encryption if user

     

       19
        
               # has acknowledged the brokeness of the ciphers (RC4).

     

       20
        
               # TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed.

     
···

       91
        
             default = versionOlder stateVersion "22.11";

     

       92
        
             defaultText = literalExpression "versionOlder system.stateVersion \"22.11\"";

     

       93
        
             description = lib.mdDoc ''

     

       94
       +
               This option enables using the OpenSSL PHP extension linked against OpenSSL 1.1

     

       95
       +
               rather than latest OpenSSL (≥ 3), this is not recommended unless you need

     

       96
       +
               it for server-side encryption (SSE). SSE uses the legacy RC4 cipher which is

     

       97
       +
               considered broken for several years now. See also [RFC7465](https://datatracker.ietf.org/doc/html/rfc7465).

     

       0
        
       
     

       0
        
       
     

       98
        
       

     

       99
        
               This cipher has been disabled in OpenSSL ≥ 3 and requires

     

       100
        
               a specific legacy profile to re-enable it.

     

       101
        
       

     

       102
       +
               If you deploy Nextcloud using OpenSSL ≥ 3 for PHP and have

     

       103
        
               server-side encryption configured, you will not be able to access

     

       104
        
               your files anymore. Enabling this option can restore access to your files.

     

       105
        
               Upon testing we didn't encounter any data corruption when turning

     

       106
        
               this on and off again, but this cannot be guaranteed for

     

       107
        
               each Nextcloud installation.

     

       108
        
       

     

       109
       +
               It is `true` by default for systems with a [](#opt-system.stateVersion) below

     

       110
       +
               `22.11` to make sure that existing installations won't break on update. On newer

     

       111
       +
               NixOS systems you have to explicitly enable it on your own.

     

       112
       +
       

     

       113
       +
               Please note that this only provides additional value when using

     

       114
       +
               external storage such as S3 since it's not an end-to-end encryption.

     

       115
       +
               If this is not the case,

     

       116
       +
               it is advised to [disable server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption) and set this to `false`.

     

       117
        
       

     

       118
        
               In the future, Nextcloud may move to AES-256-GCM, by then,

     

       119
        
               this option will be removed.

     
···

       693
        
                 This is only necessary if you're using Nextcloud's server-side encryption.

     

       694
        
                 Please keep in mind that it's using the broken RC4 cipher.

     

       695
        
       

     

       696
       +
                 If you don't use that feature, you can switch to OpenSSL 3 and get

     

       697
       +
                 rid of this warning by declaring

     

       698
        
       

     

       699
        
                   services.nextcloud.enableBrokenCiphersForSSE = false;

     

       700
        
       

     

       701
       +
                 If you need to use server-side encryption you can ignore this waring.

     

       702
        
                 Otherwise you'd have to disable server-side encryption first in order

     

       703
       +
                 to be able to safely disable this option and get rid of this warning.

     

       704
        
                 See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.

     

       705
        
       

     

       706
        
                 For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470

+14

nixos/modules/services/web-apps/nextcloud.xml

···

       170
        
            </listitem>

     

       171
        
           </itemizedlist>

     

       172
        
          </listitem>

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       173
        
         </itemizedlist>

     

       174
        
        </section>

     

       175

···

       170
        
            </listitem>

     

       171
        
           </itemizedlist>

     

       172
        
          </listitem>

     

       173
       +
          <listitem>

     

       174
       +
           <formalpara>

     

       175
       +
            <title>Server-side encryption</title>

     

       176
       +
            <para>

     

       177
       +
             Nextcloud supports <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side encryption (SSE)</link>.

     

       178
       +
             This is not an end-to-end encryption, but can be used to encrypt files that will be persisted

     

       179
       +
             to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3

     

       180
       +
             for PHP's openssl extension because this is implemented using the legacy cipher RC4.

     

       181
       +
             If <xref linkend="opt-system.stateVersion" /> is <emphasis>above</emphasis> <literal>22.05</literal>,

     

       182
       +
             this is disabled by default. To turn it on again and for further information please refer to

     

       183
       +
             <xref linkend="opt-services.nextcloud.enableBrokenCiphersForSSE" />.

     

       184
       +
            </para>

     

       185
       +
           </formalpara>

     

       186
       +
          </listitem>

     

       187
        
         </itemizedlist>

     

       188
        
        </section>

     

       189

+6 -2

nixos/tests/nextcloud/basic.nix

···

       37
        
               "d /var/lib/nextcloud-data 0750 nextcloud nginx - -"

     

       38
        
             ];

     

       39
        
       

     

       40
       -
             system.stateVersion = "22.11";

     

       41
        
       

     

       42
        
             services.nextcloud = {

     

       43
        
               enable = true;

     

       44
        
               datadir = "/var/lib/nextcloud-data";

     

       45
        
               hostName = "nextcloud";

     

       46
       -
               enableBrokenCiphersForSSE = args.enableBrokenCiphersForSSE or false;

     

       47
        
               config = {

     

       48
        
                 # Don't inherit adminuser since "root" is supposed to be the default

     

       49
        
                 adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home!

     
···

       102
        
           # This is just to ensure the nextcloud-occ program is working

     

       103
        
           nextcloud.succeed("nextcloud-occ status")

     

       104
        
           nextcloud.succeed("curl -sSf http://nextcloud/login")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       105
        
           nextcloud.succeed(

     

       106
        
               "${withRcloneEnv} ${copySharedFile}"

     

       107
        
           )

     
···

       111
        
               "${withRcloneEnv} ${diffSharedFile}"

     

       112
        
           )

     

       113
        
           assert "hi" in client.succeed("cat /mnt/dav/test-shared-file")

     

       0
        
       
     

       114
        
         '';

     

       115
        
       })) args

···

       37
        
               "d /var/lib/nextcloud-data 0750 nextcloud nginx - -"

     

       38
        
             ];

     

       39
        
       

     

       40
       +
             system.stateVersion = "22.11"; # stateVersion >=21.11 to make sure that we use OpenSSL3

     

       41
        
       

     

       42
        
             services.nextcloud = {

     

       43
        
               enable = true;

     

       44
        
               datadir = "/var/lib/nextcloud-data";

     

       45
        
               hostName = "nextcloud";

     

       0
        
       
     

       46
        
               config = {

     

       47
        
                 # Don't inherit adminuser since "root" is supposed to be the default

     

       48
        
                 adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home!

     
···

       101
        
           # This is just to ensure the nextcloud-occ program is working

     

       102
        
           nextcloud.succeed("nextcloud-occ status")

     

       103
        
           nextcloud.succeed("curl -sSf http://nextcloud/login")

     

       104
       +
           # Ensure that no OpenSSL 1.1 is used.

     

       105
       +
           nextcloud.succeed(

     

       106
       +
               "${nodes.nextcloud.services.phpfpm.pools.nextcloud.phpPackage}/bin/php -i | grep 'OpenSSL Library Version' | awk -F'=>' '{ print $2 }' | awk '{ print $2 }' | grep -v 1.1"

     

       107
       +
           )

     

       108
        
           nextcloud.succeed(

     

       109
        
               "${withRcloneEnv} ${copySharedFile}"

     

       110
        
           )

     
···

       114
        
               "${withRcloneEnv} ${diffSharedFile}"

     

       115
        
           )

     

       116
        
           assert "hi" in client.succeed("cat /mnt/dav/test-shared-file")

     

       117
       +
           nextcloud.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud-data/data/root/files/test-shared-file")

     

       118
        
         '';

     

       119
        
       })) args

+1 -2

nixos/tests/nextcloud/default.nix

···

       8
        
       foldl

     

       9
        
         (matrix: ver: matrix // {

     

       10
        
           "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; };

     

       11
       -
           "with-legacy-openssl${toString ver}" = import ./basic.nix {

     

       12
        
             inherit system pkgs;

     

       13
        
             nextcloudVersion = ver;

     

       14
       -
             enableBrokenCiphersForSSE = true;

     

       15
        
           };

     

       16
        
           "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix {

     

       17
        
             inherit system pkgs;

···

       8
        
       foldl

     

       9
        
         (matrix: ver: matrix // {

     

       10
        
           "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; };

     

       11
       +
           "openssl-sse${toString ver}" = import ./openssl-sse.nix {

     

       12
        
             inherit system pkgs;

     

       13
        
             nextcloudVersion = ver;

     

       0
        
       
     

       14
        
           };

     

       15
        
           "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix {

     

       16
        
             inherit system pkgs;

+105

nixos/tests/nextcloud/openssl-sse.nix

···

       1
       +
       args@{ pkgs, nextcloudVersion ? 25, ... }:

     

       2
       +
       

     

       3
       +
       (import ../make-test-python.nix ({ pkgs, ...}: let

     

       4
       +
         adminuser = "root";

     

       5
       +
         adminpass = "notproduction";

     

       6
       +
         nextcloudBase = {

     

       7
       +
           networking.firewall.allowedTCPPorts = [ 80 ];

     

       8
       +
           system.stateVersion = "22.05"; # stateVersions <22.11 use openssl 1.1 by default

     

       9
       +
           services.nextcloud = {

     

       10
       +
             enable = true;

     

       11
       +
             config.adminpassFile = "${pkgs.writeText "adminpass" adminpass}";

     

       12
       +
             package = pkgs.${"nextcloud" + (toString nextcloudVersion)};

     

       13
       +
           };

     

       14
       +
         };

     

       15
       +
       in {

     

       16
       +
         name = "nextcloud-openssl";

     

       17
       +
         meta = with pkgs.lib.maintainers; {

     

       18
       +
           maintainers = [ ma27 ];

     

       19
       +
         };

     

       20
       +
         nodes.nextcloudwithopenssl1 = {

     

       21
       +
           imports = [ nextcloudBase ];

     

       22
       +
           services.nextcloud.hostName = "nextcloudwithopenssl1";

     

       23
       +
         };

     

       24
       +
         nodes.nextcloudwithopenssl3 = {

     

       25
       +
           imports = [ nextcloudBase ];

     

       26
       +
           services.nextcloud = {

     

       27
       +
             hostName = "nextcloudwithopenssl3";

     

       28
       +
             enableBrokenCiphersForSSE = false;

     

       29
       +
           };

     

       30
       +
         };

     

       31
       +
         testScript = { nodes, ... }: let

     

       32
       +
           withRcloneEnv = host: pkgs.writeScript "with-rclone-env" ''

     

       33
       +
             #!${pkgs.runtimeShell}

     

       34
       +
             export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav

     

       35
       +
             export RCLONE_CONFIG_NEXTCLOUD_URL="http://${host}/remote.php/webdav/"

     

       36
       +
             export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud"

     

       37
       +
             export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}"

     

       38
       +
             export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})"

     

       39
       +
             "''${@}"

     

       40
       +
           '';

     

       41
       +
           withRcloneEnv1 = withRcloneEnv "nextcloudwithopenssl1";

     

       42
       +
           withRcloneEnv3 = withRcloneEnv "nextcloudwithopenssl3";

     

       43
       +
           copySharedFile1 = pkgs.writeScript "copy-shared-file" ''

     

       44
       +
             #!${pkgs.runtimeShell}

     

       45
       +
             echo 'hi' | ${withRcloneEnv1} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file

     

       46
       +
           '';

     

       47
       +
           copySharedFile3 = pkgs.writeScript "copy-shared-file" ''

     

       48
       +
             #!${pkgs.runtimeShell}

     

       49
       +
             echo 'bye' | ${withRcloneEnv3} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file2

     

       50
       +
           '';

     

       51
       +
           openssl1-node = nodes.nextcloudwithopenssl1.config.system.build.toplevel;

     

       52
       +
           openssl3-node = nodes.nextcloudwithopenssl3.config.system.build.toplevel;

     

       53
       +
         in ''

     

       54
       +
           nextcloudwithopenssl1.start()

     

       55
       +
           nextcloudwithopenssl1.wait_for_unit("multi-user.target")

     

       56
       +
           nextcloudwithopenssl1.succeed("nextcloud-occ status")

     

       57
       +
           nextcloudwithopenssl1.succeed("curl -sSf http://nextcloudwithopenssl1/login")

     

       58
       +
       

     

       59
       +
           with subtest("With OpenSSL 1 SSE can be enabled and used"):

     

       60
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ app:enable encryption")

     

       61
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable")

     

       62
       +
       

     

       63
       +
           with subtest("Upload file and ensure it's encrypted"):

     

       64
       +
               nextcloudwithopenssl1.succeed("${copySharedFile1}")

     

       65
       +
               nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")

     

       66
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")

     

       67
       +
       

     

       68
       +
           with subtest("Switch to OpenSSL 3"):

     

       69
       +
               nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test")

     

       70
       +
               nextcloudwithopenssl1.wait_for_open_port(80)

     

       71
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ status")

     

       72
       +
       

     

       73
       +
           with subtest("Existing encrypted files cannot be read, but new files can be added"):

     

       74
       +
               nextcloudwithopenssl1.fail("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2")

     

       75
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ encryption:disable")

     

       76
       +
               nextcloudwithopenssl1.succeed("${copySharedFile3}")

     

       77
       +
               nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")

     

       78
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")

     

       79
       +
       

     

       80
       +
           with subtest("Switch back to OpenSSL 1.1 and ensure that encrypted files are readable again"):

     

       81
       +
               nextcloudwithopenssl1.succeed("${openssl1-node}/bin/switch-to-configuration test")

     

       82
       +
               nextcloudwithopenssl1.wait_for_open_port(80)

     

       83
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ status")

     

       84
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable")

     

       85
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")

     

       86
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")

     

       87
       +
               nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")

     

       88
       +
               nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")

     

       89
       +
       

     

       90
       +
           with subtest("Ensure that everything can be decrypted"):

     

       91
       +
               nextcloudwithopenssl1.succeed("echo y | nextcloud-occ encryption:decrypt-all >&2")

     

       92
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")

     

       93
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")

     

       94
       +
               nextcloudwithopenssl1.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")

     

       95
       +
       

     

       96
       +
           with subtest("Switch to OpenSSL 3 ensure that all files are usable now"):

     

       97
       +
               nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test")

     

       98
       +
               nextcloudwithopenssl1.wait_for_open_port(80)

     

       99
       +
               nextcloudwithopenssl1.succeed("nextcloud-occ status")

     

       100
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")

     

       101
       +
               nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")

     

       102
       +
       

     

       103
       +
           nextcloudwithopenssl1.shutdown()

     

       104
       +
         '';

     

       105
       +
       })) args

+1 -1

pkgs/development/interpreters/php/generic.nix

···

       91
        
                     [ ]

     

       92
        
                     allExtensionFunctions;

     

       93
        
       

     

       94
       -
                 getExtName = ext: lib.removePrefix "php-" (builtins.parseDrvName ext.name).name;

     

       95
        
       

     

       96
        
                 # Recursively get a list of all internal dependencies

     

       97
        
                 # for a list of extensions.

···

       91
        
                     [ ]

     

       92
        
                     allExtensionFunctions;

     

       93
        
       

     

       94
       +
                 getExtName = ext: ext.extensionName;

     

       95
        
       

     

       96
        
                 # Recursively get a list of all internal dependencies

     

       97
        
                 # for a list of extensions.

+6 -4

pkgs/top-level/php-packages.nix

···

       71
        
         # will mark the extension as a zend extension or not.

     

       72
        
         mkExtension = lib.makeOverridable

     

       73
        
           ({ name

     

       74
       -
           , configureFlags ? [ "--enable-${name}" ]

     

       75
        
           , internalDeps ? [ ]

     

       76
        
           , postPhpize ? ""

     

       77
        
           , buildInputs ? [ ]

     

       78
        
           , zendExtension ? false

     

       79
        
           , doCheck ? true

     

       0
        
       
     

       80
        
           , ...

     

       81
        
           }@args: stdenv.mkDerivation ((builtins.removeAttrs args [ "name" ]) // {

     

       82
        
             pname = "php-${name}";

     

       83
       -
             extensionName = name;

     

       84
        
       

     

       85
        
             outputs = [ "out" "dev" ];

     

       86
        
       

     
···

       103
        
       

     

       104
        
             cdToExtensionRootPhase = ''

     

       105
        
               # Go to extension source root.

     

       106
       -
               cd "ext/${name}"

     

       107
        
             '';

     

       108
        
       

     

       109
        
             preConfigure = ''

     
···

       139
        
               runHook preInstall

     

       140
        
       

     

       141
        
               mkdir -p $out/lib/php/extensions

     

       142
       -
               cp modules/${name}.so $out/lib/php/extensions/${name}.so

     

       143
        
               mkdir -p $dev/include

     

       144
        
               ${rsync}/bin/rsync -r --filter="+ */" \

     

       145
        
                                     --filter="+ *.h" \

     
···

       419
        
               # without a specific openssl.cnf file

     

       420
        
               {

     

       421
        
                 name = "openssl-legacy";

     

       0
        
       
     

       422
        
                 buildInputs = [ openssl_1_1 ];

     

       423
        
                 configureFlags = [ "--with-openssl" ];

     

       424
        
                 doCheck = false;

···

       71
        
         # will mark the extension as a zend extension or not.

     

       72
        
         mkExtension = lib.makeOverridable

     

       73
        
           ({ name

     

       74
       +
           , configureFlags ? [ "--enable-${extName}" ]

     

       75
        
           , internalDeps ? [ ]

     

       76
        
           , postPhpize ? ""

     

       77
        
           , buildInputs ? [ ]

     

       78
        
           , zendExtension ? false

     

       79
        
           , doCheck ? true

     

       80
       +
           , extName ? name

     

       81
        
           , ...

     

       82
        
           }@args: stdenv.mkDerivation ((builtins.removeAttrs args [ "name" ]) // {

     

       83
        
             pname = "php-${name}";

     

       84
       +
             extensionName = extName;

     

       85
        
       

     

       86
        
             outputs = [ "out" "dev" ];

     

       87
        
       

     
···

       104
        
       

     

       105
        
             cdToExtensionRootPhase = ''

     

       106
        
               # Go to extension source root.

     

       107
       +
               cd "ext/${extName}"

     

       108
        
             '';

     

       109
        
       

     

       110
        
             preConfigure = ''

     
···

       140
        
               runHook preInstall

     

       141
        
       

     

       142
        
               mkdir -p $out/lib/php/extensions

     

       143
       +
               cp modules/${extName}.so $out/lib/php/extensions/${extName}.so

     

       144
        
               mkdir -p $dev/include

     

       145
        
               ${rsync}/bin/rsync -r --filter="+ */" \

     

       146
        
                                     --filter="+ *.h" \

     
···

       420
        
               # without a specific openssl.cnf file

     

       421
        
               {

     

       422
        
                 name = "openssl-legacy";

     

       423
       +
                 extName = "openssl";

     

       424
        
                 buildInputs = [ openssl_1_1 ];

     

       425
        
                 configureFlags = [ "--with-openssl" ];

     

       426
        
                 doCheck = false;