pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #183361 from olafklingt/jane2alice

use consistently user alice for examples

Robert Hensing c5abcd42 4ee298da

options
unified split
Changed files
+26 -26
nixos
doc
manual
configuration
gpu-accel.chapter.md
from_md
configuration
gpu-accel.chapter.xml
maintainers
scripts
lxd
lxd-image-inner.nix
modules
installer
tools
tools.nix
services
games
crossfire-server.nix
deliantra-server.nix
networking
smokeping.nix
tests
docker-tools.nix
documize.nix
nginx-auth.nix
sympa.nix
systemd-nspawn.nix
xmpp
xmpp-sendmessage.nix
pkgs
build-support
docker
examples.nix
+2 -2
nixos/doc/manual/configuration/gpu-accel.chapter.md 
···

       
169

       
169

       
 

       
(`/dev/dri/renderD*`) or are tagged as `uaccess` (`/dev/dri/card*`). The


     

       
170

       
170

       
 

       
access control lists of devices with the `uaccess` tag will be updated


     

       
171

       
171

       
 

       
automatically when a user logs in through `systemd-logind`. For example,


     

       
172

       

       
-

       
if the user *jane* is logged in, the access control list should look as


     

       

       
172

       
+

       
if the user *alice* is logged in, the access control list should look as


     

       
173

       
173

       
 

       
follows:


     

       
174

       
174

       
 

       



     

       
175

       
175

       
 

       
```ShellSession


     
···

       
178

       
178

       
 

       
# owner: root


     

       
179

       
179

       
 

       
# group: video


     

       
180

       
180

       
 

       
user::rw-


     

       
181

       

       
-

       
user:jane:rw-


     

       

       
181

       
+

       
user:alice:rw-


     

       
182

       
182

       
 

       
group::rw-


     

       
183

       
183

       
 

       
mask::rw-


     

       
184

       
184

       
 

       
other::---
+2 -2
nixos/doc/manual/from_md/configuration/gpu-accel.chapter.xml 
···

       
194

       
194

       
 

       
        devices with the <literal>uaccess</literal> tag will be updated


     

       
195

       
195

       
 

       
        automatically when a user logs in through


     

       
196

       
196

       
 

       
        <literal>systemd-logind</literal>. For example, if the user


     

       
197

       

       
-

       
        <emphasis>jane</emphasis> is logged in, the access control list


     

       

       
197

       
+

       
        <emphasis>alice</emphasis> is logged in, the access control list


     

       
198

       
198

       
 

       
        should look as follows:


     

       
199

       
199

       
 

       
      </para>


     

       
200

       
200

       
 

       
      <programlisting>


     
···

       
203

       
203

       
 

       
# owner: root


     

       
204

       
204

       
 

       
# group: video


     

       
205

       
205

       
 

       
user::rw-


     

       
206

       

       
-

       
user:jane:rw-


     

       

       
206

       
+

       
user:alice:rw-


     

       
207

       
207

       
 

       
group::rw-


     

       
208

       
208

       
 

       
mask::rw-


     

       
209

       
209

       
 

       
other::---
+1 -1
nixos/maintainers/scripts/lxd/lxd-image-inner.nix 
···

       
55

       
55

       
 

       
  # services.xserver.libinput.enable = true;


     

       
56

       
56

       
 

       



     

       
57

       
57

       
 

       
  # Define a user account. Don't forget to set a password with ‘passwd’.


     

       
58

       

       
-

       
  # users.users.jane = {


     

       

       
58

       
+

       
  # users.users.alice = {


     

       
59

       
59

       
 

       
  #   isNormalUser = true;


     

       
60

       
60

       
 

       
  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.


     

       
61

       
61

       
 

       
  # };
+1 -1
nixos/modules/installer/tools/tools.nix 
···

       
175

       
175

       
 

       
        # services.xserver.libinput.enable = true;


     

       
176

       
176

       
 

       



     

       
177

       
177

       
 

       
        # Define a user account. Don't forget to set a password with ‘passwd’.


     

       
178

       

       
-

       
        # users.users.jane = {


     

       

       
178

       
+

       
        # users.users.alice = {


     

       
179

       
179

       
 

       
        #   isNormalUser = true;


     

       
180

       
180

       
 

       
        #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.


     

       
181

       
181

       
 

       
        #   packages = with pkgs; [
+1 -1
nixos/modules/services/games/crossfire-server.nix 
···

       
76

       
76

       
 

       
        {


     

       
77

       
77

       
 

       
          dm_file = '''


     

       
78

       
78

       
 

       
            admin:secret_password:localhost


     

       
79

       

       
-

       
            jane:xyzzy:*


     

       

       
79

       
+

       
            alice:xyzzy:*


     

       
80

       
80

       
 

       
          ''';


     

       
81

       
81

       
 

       
          ban_file = '''


     

       
82

       
82

       
 

       
            # Bob is a jerk
+1 -1
nixos/modules/services/games/deliantra-server.nix 
···

       
73

       
73

       
 

       
        {


     

       
74

       
74

       
 

       
          dm_file = '''


     

       
75

       
75

       
 

       
            admin:secret_password:localhost


     

       
76

       

       
-

       
            jane:xyzzy:*


     

       

       
76

       
+

       
            alice:xyzzy:*


     

       
77

       
77

       
 

       
          ''';


     

       
78

       
78

       
 

       
          motd = "Welcome to Deliantra!";


     

       
79

       
79

       
 

       
          settings = '''
+1 -1
nixos/modules/services/networking/smokeping.nix 
···

       
156

       
156

       
 

       
      owner = mkOption {


     

       
157

       
157

       
 

       
        type = types.str;


     

       
158

       
158

       
 

       
        default = "nobody";


     

       
159

       

       
-

       
        example = "Joe Admin";


     

       

       
159

       
+

       
        example = "Bob Foobawr";


     

       
160

       
160

       
 

       
        description = lib.mdDoc "Real name of the owner of the instance";


     

       
161

       
161

       
 

       
      };


     

       
162

       
162

       
 

       
      ownerEmail = mkOption {
+2 -2
nixos/tests/docker-tools.nix 
···

       
346

       
346

       
 

       
            "docker load --input='${examples.layeredImageWithFakeRootCommands}'"


     

       
347

       
347

       
 

       
        )


     

       
348

       
348

       
 

       
        docker.succeed(


     

       
349

       

       
-

       
            "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'"


     

       

       
349

       
+

       
            "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/alice | grep -E ^1000$'"


     

       
350

       
350

       
 

       
        )


     

       
351

       
351

       
 

       



     

       
352

       
352

       
 

       
    with subtest("Ensure docker load on merged images loads all of the constituent images"):


     
···

       
389

       
389

       
 

       
            "docker load --input='${examples.mergedBashFakeRoot}'"


     

       
390

       
390

       
 

       
        )


     

       
391

       
391

       
 

       
        docker.succeed(


     

       
392

       

       
-

       
            "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/jane | grep -E ^1000$'"


     

       

       
392

       
+

       
            "docker run --rm ${examples.layeredImageWithFakeRootCommands.imageName} sh -c 'stat -c '%u' /home/alice | grep -E ^1000$'"


     

       
393

       
393

       
 

       
        )


     

       
394

       
394

       
 

       



     

       
395

       
395

       
 

       
    with subtest("The image contains store paths referenced by the fakeRootCommands output"):
+3 -3
nixos/tests/documize.nix 
···

       
47

       
47

       
 

       
            " --data 'dbhash={}'"


     

       
48

       
48

       
 

       
            " --data 'title=NixOS'"


     

       
49

       
49

       
 

       
            " --data 'message=Docs'"


     

       
50

       

       
-

       
            " --data 'firstname=John'"


     

       
51

       

       
-

       
            " --data 'lastname=Doe'"


     

       
52

       

       
-

       
            " --data 'email=john.doe@nixos.org'"


     

       

       
50

       
+

       
            " --data 'firstname=Bob'"


     

       

       
51

       
+

       
            " --data 'lastname=Foobar'"


     

       

       
52

       
+

       
            " --data 'email=bob.foobar@nixos.org'"


     

       
53

       
53

       
 

       
            " --data 'password=verysafe'"


     

       
54

       
54

       
 

       
            " -f localhost:3000/api/setup"


     

       
55

       
55

       
 

       
        ).format(dbhash)
+4 -4
nixos/tests/nginx-auth.nix 
···

       
13

       
13

       
 

       



     

       
14

       
14

       
 

       
        virtualHosts.lockedroot = {


     

       
15

       
15

       
 

       
          inherit root;


     

       
16

       

       
-

       
          basicAuth.alice = "jane";


     

       

       
16

       
+

       
          basicAuth.alice = "pwofa";


     

       
17

       
17

       
 

       
        };


     

       
18

       
18

       
 

       



     

       
19

       
19

       
 

       
        virtualHosts.lockedsubdir = {


     

       
20

       
20

       
 

       
          inherit root;


     

       
21

       
21

       
 

       
          locations."/sublocation/" = {


     

       
22

       
22

       
 

       
            alias = "${root}/";


     

       
23

       

       
-

       
            basicAuth.bob = "john";


     

       

       
23

       
+

       
            basicAuth.bob = "pwofb";


     

       
24

       
24

       
 

       
          };


     

       
25

       
25

       
 

       
        };


     

       
26

       
26

       
 

       
      };


     
···

       
33

       
33

       
 

       



     

       
34

       
34

       
 

       
    webserver.fail("curl --fail --resolve lockedroot:80:127.0.0.1 http://lockedroot")


     

       
35

       
35

       
 

       
    webserver.succeed(


     

       
36

       

       
-

       
        "curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:jane@lockedroot"


     

       

       
36

       
+

       
        "curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:pwofa@lockedroot"


     

       
37

       
37

       
 

       
    )


     

       
38

       
38

       
 

       



     

       
39

       
39

       
 

       
    webserver.succeed("curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir")


     
···

       
41

       
41

       
 

       
        "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir/sublocation/index.html"


     

       
42

       
42

       
 

       
    )


     

       
43

       
43

       
 

       
    webserver.succeed(


     

       
44

       

       
-

       
        "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:john@lockedsubdir/sublocation/index.html"


     

       

       
44

       
+

       
        "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:pwofb@lockedsubdir/sublocation/index.html"


     

       
45

       
45

       
 

       
    )


     

       
46

       
46

       
 

       
  '';


     

       
47

       
47

       
 

       
})
+1 -1
nixos/tests/sympa.nix 
···

       
13

       
13

       
 

       
            webHost = "localhost";


     

       
14

       
14

       
 

       
          };


     

       
15

       
15

       
 

       
        };


     

       
16

       

       
-

       
        listMasters = [ "joe@example.org" ];


     

       

       
16

       
+

       
        listMasters = [ "bob@example.org" ];


     

       
17

       
17

       
 

       
        web.enable = true;


     

       
18

       
18

       
 

       
        web.https = false;


     

       
19

       
19

       
 

       
        database = {
+3 -3
nixos/tests/systemd-nspawn.nix 
···

       
10

       
10

       
 

       
      Key-Length: 1024


     

       
11

       
11

       
 

       
      Subkey-Type: ELG-E


     

       
12

       
12

       
 

       
      Subkey-Length: 1024


     

       
13

       

       
-

       
      Name-Real: Joe Tester


     

       
14

       

       
-

       
      Name-Email: joe@foo.bar


     

       

       
13

       
+

       
      Name-Real: Bob Foobar


     

       

       
14

       
+

       
      Name-Email: bob@foo.bar


     

       
15

       
15

       
 

       
      Expire-Date: 0


     

       
16

       
16

       
 

       
      # Do a commit here, so that we can later print "done"


     

       
17

       
17

       
 

       
      %commit


     
···

       
19

       
19

       
 

       
    EOF


     

       
20

       
20

       
 

       
    gpg --batch --generate-key foo


     

       
21

       
21

       
 

       
    rm $out/S.gpg-agent $out/S.gpg-agent.*


     

       
22

       

       
-

       
    gpg --export joe@foo.bar -a > $out/pubkey.gpg


     

       

       
22

       
+

       
    gpg --export bob@foo.bar -a > $out/pubkey.gpg


     

       
23

       
23

       
 

       
  '');


     

       
24

       
24

       
 

       



     

       
25

       
25

       
 

       
  nspawnImages = (pkgs.runCommand "localhost" { buildInputs = [ pkgs.coreutils pkgs.gnupg ]; } ''
+1 -1
nixos/tests/xmpp/xmpp-sendmessage.nix 
···

       
6

       
6

       
 

       
    Please find this *really* important attachment.


     

       
7

       
7

       
 

       



     

       
8

       
8

       
 

       
    Yours truly,


     

       
9

       

       
-

       
    John


     

       

       
9

       
+

       
    Bob


     

       
10

       
10

       
 

       
  '';


     

       
11

       
11

       
 

       
in writeScriptBin "send-message" ''


     

       
12

       
12

       
 

       
#!${(python3.withPackages (ps: [ ps.slixmpp ])).interpreter}
+3 -3
pkgs/build-support/docker/examples.nix 
···

       
584

       
584

       
 

       
      pkgs.pkgsStatic.busybox


     

       
585

       
585

       
 

       
    ];


     

       
586

       
586

       
 

       
    fakeRootCommands = ''


     

       
587

       

       
-

       
      mkdir -p ./home/jane


     

       
588

       

       
-

       
      chown 1000 ./home/jane


     

       

       
587

       
+

       
      mkdir -p ./home/alice


     

       

       
588

       
+

       
      chown 1000 ./home/alice


     

       
589

       
589

       
 

       
      ln -s ${pkgs.hello.overrideAttrs (o: {


     

       
590

       
590

       
 

       
        # A unique `hello` to make sure that it isn't included via another mechanism by accident.


     

       
591

       
591

       
 

       
        configureFlags = o.configureFlags or [] ++ [ " --program-prefix=layeredImageWithFakeRootCommands-" ];


     
···

       
607

       
607

       
 

       
  ];


     

       
608

       
608

       
 

       



     

       
609

       
609

       
 

       
  # tarball consisting of bash and layered image with different owner of the


     

       
610

       

       
-

       
  # /home/jane directory


     

       

       
610

       
+

       
  # /home/alice directory


     

       
611

       
611

       
 

       
  mergedBashFakeRoot = pkgs.dockerTools.mergeImages [


     

       
612

       
612

       
 

       
    bash


     

       
613

       
613

       
 

       
    layeredImageWithFakeRootCommands