diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 25b9a34a1d5e..c92ec2508490 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -559,8 +559,7 @@ in ]; RestrictNamespaces = true; LockPersonality = true; - # we need to disable MemoryDenyWriteExecute for keydb - MemoryDenyWriteExecute = cfg.package.pname != "keydb"; + MemoryDenyWriteExecute = true; RestrictRealtime = true; RestrictSUIDSGID = true; PrivateMounts = true; diff --git a/nixos/tests/redis.nix b/nixos/tests/redis.nix index 92bef165cdaf..cf3cd6c5b552 100644 --- a/nixos/tests/redis.nix +++ b/nixos/tests/redis.nix @@ -10,7 +10,7 @@ let mkTestName = pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}"; redisPackages = { - inherit (pkgs) redis keydb valkey; + inherit (pkgs) redis valkey; }; makeRedisTest = { diff --git a/pkgs/by-name/ke/keydb/package.nix b/pkgs/by-name/ke/keydb/package.nix deleted file mode 100644 index 6d7bae68fc48..000000000000 --- a/pkgs/by-name/ke/keydb/package.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ - stdenv, - lib, - fetchFromGitHub, - libuuid, - curl, - pkg-config, - withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd, - systemd, - tlsSupport ? !stdenv.hostPlatform.isStatic, - openssl, - jemalloc, - which, - tcl, - tclPackages, - ps, - getconf, - nixosTests, -}: - -stdenv.mkDerivation (finalAttrs: { - pname = "keydb"; - version = "6.3.4"; - - src = fetchFromGitHub { - owner = "snapchat"; - repo = "keydb"; - rev = "v${finalAttrs.version}"; - hash = "sha256-j6qgK6P3Fv+b6k9jwKQ5zW7XLkKbXXcmHKBCQYvwEIU="; - }; - - postPatch = '' - substituteInPlace deps/lua/src/Makefile \ - --replace-fail "ar rcu" "${stdenv.cc.targetPrefix}ar rcu" - substituteInPlace src/Makefile \ - --replace-fail "as --64 -g" "${stdenv.cc.targetPrefix}as --64 -g" - ''; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ - jemalloc - curl - libuuid - ] - ++ lib.optionals tlsSupport [ openssl ] - ++ lib.optionals withSystemd [ systemd ]; - - makeFlags = [ - "PREFIX=${placeholder "out"}" - "AR=${stdenv.cc.targetPrefix}ar" - "RANLIB=${stdenv.cc.targetPrefix}ranlib" - "USEASM=${if stdenv.hostPlatform.isx86_64 then "true" else "false"}" - ] - ++ lib.optionals (!tlsSupport) [ "BUILD_TLS=no" ] - ++ lib.optionals withSystemd [ "USE_SYSTEMD=yes" ] - ++ lib.optionals (!stdenv.hostPlatform.isx86_64) [ "MALLOC=libc" ]; - - enableParallelBuilding = true; - - # darwin currently lacks a pure `pgrep` which is extensively used here - doCheck = !stdenv.hostPlatform.isDarwin; - nativeCheckInputs = [ - which - tcl - ps - ] - ++ lib.optionals stdenv.hostPlatform.isStatic [ getconf ] - ++ lib.optionals tlsSupport [ tclPackages.tcltls ]; - checkPhase = '' - runHook preCheck - - # disable test "Connect multiple replicas at the same time": even - # upstream find this test too timing-sensitive - substituteInPlace tests/integration/replication.tcl \ - --replace-fail 'foreach mdl {no yes}' 'foreach mdl {}' - - substituteInPlace tests/support/server.tcl \ - --replace-fail 'exec /usr/bin/env' 'exec env' - - sed -i '/^proc wait_load_handlers_disconnected/{n ; s/wait_for_condition 50 100/wait_for_condition 50 500/; }' \ - tests/support/util.tcl - - patchShebangs ./utils/gen-test-certs.sh - ${if tlsSupport then "./utils/gen-test-certs.sh" else ""} - ./runtest --clients $NIX_BUILD_CORES ${ - lib.escapeShellArgs ( - [ - "--no-latency" - "--timeout" - "2000" - "--tags" - "-leaks" - ] - ++ lib.optional tlsSupport "--tls" - # skips flaky test on x86_64 - ++ lib.optionals stdenv.hostPlatform.isx86_64 [ - "--skiptest" - "Active defrag edge case" - ] - ) - } - - runHook postCheck - ''; - - passthru.tests.redis = nixosTests.redis; - passthru.serverBin = "keydb-server"; - - meta = { - homepage = "https://keydb.dev"; - description = "Multithreaded Fork of Redis"; - license = lib.licenses.bsd3; - platforms = lib.platforms.all; - changelog = "https://github.com/Snapchat/KeyDB/raw/v${finalAttrs.version}/00-RELEASENOTES"; - teams = [ lib.teams.helsinki-systems ]; - mainProgram = "keydb-cli"; - }; -}) diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 1f2910e792c0..12eaaf201822 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -761,6 +761,7 @@ mapAliases { kbibtex = throw "'kbibtex' has been removed, as it is unmaintained upstream"; # Added 2025-08-30 kcli = throw "kcli has been removed because it has been marked as broken since at least November 2024."; # Added 2025-09-28 keepkey_agent = throw "'keepkey_agent' has been renamed to/replaced by 'keepkey-agent'"; # Converted to throw 2025-10-27 + keydb = throw "'keydb' has been removed as it was broken, vulnerable, and unmaintained upstream"; # Added 2025-11-08 kgx = throw "'kgx' has been renamed to/replaced by 'gnome-console'"; # Converted to throw 2025-10-27 khoj = throw "khoj has been removed because it has been marked as broken since at least November 2024."; # Added 2025-10-11 kmplayer = throw "'kmplayer' has been removed, as it is unmaintained upstream"; # Added 2025-08-30