gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

keydb: drop

Browse Source 
The keydb package is broken [1], vulnerable [2], and upstream's
last release was in October 2023 [3].

[1] https://hydra.nixos.org/build/311470939/nixlog/2
[2] https://github.com/Snapchat/KeyDB/pull/918
[3] https://github.com/Snapchat/KeyDB/releases
This commit is contained in:
Tom Hunze
2025-11-08 13:00:14 +01:00
parent b75097f98f
commit 850e8a2b05
4 changed files with 3 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/services/databases/redis.nix
View File

@@ -559,8 +559,7 @@ in
]; ];
RestrictNamespaces = true; RestrictNamespaces = true;
LockPersonality = true; LockPersonality = true;
# we need to disable MemoryDenyWriteExecute for keydb MemoryDenyWriteExecute = true;
MemoryDenyWriteExecute = cfg.package.pname != "keydb";
RestrictRealtime = true; RestrictRealtime = true;
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
PrivateMounts = true; PrivateMounts = true;

2
nixos/tests/redis.nix
View File

@@ -10,7 +10,7 @@ let
mkTestName = mkTestName =
pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}"; pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}";
redisPackages = { redisPackages = {
inherit (pkgs) redis keydb valkey; inherit (pkgs) redis valkey;
}; };
makeRedisTest = makeRedisTest =
{ {

118
pkgs/by-name/ke/keydb/package.nix
View File

@@ -1,118 +0,0 @@
{
stdenv,
lib,
fetchFromGitHub,
libuuid,
curl,
pkg-config,
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
systemd,
tlsSupport ? !stdenv.hostPlatform.isStatic,
openssl,
jemalloc,
which,
tcl,
tclPackages,
ps,
getconf,
nixosTests,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "keydb";
version = "6.3.4";
src = fetchFromGitHub {
owner = "snapchat";
repo = "keydb";
rev = "v${finalAttrs.version}";
hash = "sha256-j6qgK6P3Fv+b6k9jwKQ5zW7XLkKbXXcmHKBCQYvwEIU=";
};
postPatch = ''
substituteInPlace deps/lua/src/Makefile \
--replace-fail "ar rcu" "${stdenv.cc.targetPrefix}ar rcu"
substituteInPlace src/Makefile \
--replace-fail "as --64 -g" "${stdenv.cc.targetPrefix}as --64 -g"
'';
nativeBuildInputs = [ pkg-config ];
buildInputs = [
jemalloc
curl
libuuid
]
++ lib.optionals tlsSupport [ openssl ]
++ lib.optionals withSystemd [ systemd ];
makeFlags = [
"PREFIX=${placeholder "out"}"
"AR=${stdenv.cc.targetPrefix}ar"
"RANLIB=${stdenv.cc.targetPrefix}ranlib"
"USEASM=${if stdenv.hostPlatform.isx86_64 then "true" else "false"}"
]
++ lib.optionals (!tlsSupport) [ "BUILD_TLS=no" ]
++ lib.optionals withSystemd [ "USE_SYSTEMD=yes" ]
++ lib.optionals (!stdenv.hostPlatform.isx86_64) [ "MALLOC=libc" ];
enableParallelBuilding = true;
# darwin currently lacks a pure `pgrep` which is extensively used here
doCheck = !stdenv.hostPlatform.isDarwin;
nativeCheckInputs = [
which
tcl
ps
]
++ lib.optionals stdenv.hostPlatform.isStatic [ getconf ]
++ lib.optionals tlsSupport [ tclPackages.tcltls ];
checkPhase = ''
runHook preCheck
# disable test "Connect multiple replicas at the same time": even
# upstream find this test too timing-sensitive
substituteInPlace tests/integration/replication.tcl \
--replace-fail 'foreach mdl {no yes}' 'foreach mdl {}'
substituteInPlace tests/support/server.tcl \
--replace-fail 'exec /usr/bin/env' 'exec env'
sed -i '/^proc wait_load_handlers_disconnected/{n ; s/wait_for_condition 50 100/wait_for_condition 50 500/; }' \
tests/support/util.tcl
patchShebangs ./utils/gen-test-certs.sh
${if tlsSupport then "./utils/gen-test-certs.sh" else ""}
./runtest --clients $NIX_BUILD_CORES ${
lib.escapeShellArgs (
[
"--no-latency"
"--timeout"
"2000"
"--tags"
"-leaks"
]
++ lib.optional tlsSupport "--tls"
# skips flaky test on x86_64
++ lib.optionals stdenv.hostPlatform.isx86_64 [
"--skiptest"
"Active defrag edge case"
]
)
}
runHook postCheck
'';
passthru.tests.redis = nixosTests.redis;
passthru.serverBin = "keydb-server";
meta = {
homepage = "https://keydb.dev";
description = "Multithreaded Fork of Redis";
license = lib.licenses.bsd3;
platforms = lib.platforms.all;
changelog = "https://github.com/Snapchat/KeyDB/raw/v${finalAttrs.version}/00-RELEASENOTES";
teams = [ lib.teams.helsinki-systems ];
mainProgram = "keydb-cli";
};
})

1
pkgs/top-level/aliases.nix
View File

@@ -761,6 +761,7 @@ mapAliases {
kbibtex = throw "'kbibtex' has been removed, as it is unmaintained upstream"; # Added 2025-08-30 kbibtex = throw "'kbibtex' has been removed, as it is unmaintained upstream"; # Added 2025-08-30
kcli = throw "kcli has been removed because it has been marked as broken since at least November 2024."; # Added 2025-09-28 kcli = throw "kcli has been removed because it has been marked as broken since at least November 2024."; # Added 2025-09-28
keepkey_agent = throw "'keepkey_agent' has been renamed to/replaced by 'keepkey-agent'"; # Converted to throw 2025-10-27 keepkey_agent = throw "'keepkey_agent' has been renamed to/replaced by 'keepkey-agent'"; # Converted to throw 2025-10-27
keydb = throw "'keydb' has been removed as it was broken, vulnerable, and unmaintained upstream"; # Added 2025-11-08
kgx = throw "'kgx' has been renamed to/replaced by 'gnome-console'"; # Converted to throw 2025-10-27 kgx = throw "'kgx' has been renamed to/replaced by 'gnome-console'"; # Converted to throw 2025-10-27
khoj = throw "khoj has been removed because it has been marked as broken since at least November 2024."; # Added 2025-10-11 khoj = throw "khoj has been removed because it has been marked as broken since at least November 2024."; # Added 2025-10-11
kmplayer = throw "'kmplayer' has been removed, as it is unmaintained upstream"; # Added 2025-08-30 kmplayer = throw "'kmplayer' has been removed, as it is unmaintained upstream"; # Added 2025-08-30