diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2020-12-05 12:18:17 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-05 12:18:17 +0000 |
| commit | 0947539ec1038d3ba1ca93e5a2ed972c2af7c12a (patch) | |
| tree | dde64b447700e69763b491a76e5d364363c4b866 | |
| parent | 55b348fe1b0417fa20902bfb1133aebf833cae44 (diff) | |
| parent | 29045c2322178bc15956cf26c659b9e98010608b (diff) | |
Merge master into staging-next
29 files changed, 7714 insertions, 107 deletions
diff --git a/doc/builders/packages/firefox.section.md b/doc/builders/packages/firefox.section.md index 734b1839a3e6..28fa3f0dbd7c 100644 --- a/doc/builders/packages/firefox.section.md +++ b/doc/builders/packages/firefox.section.md @@ -1,4 +1,4 @@ -# Firefox +# Firefox {#sec-firefox} ## Build wrapped Firefox with extensions and policies @@ -44,6 +44,6 @@ To view available enterprise policies visit [enterprise policies](https://github or type into the Firefox url bar: `about:policies#documentation`. Nix installed addons do not have a valid signature, which is why signature verification is disabled. This does not compromise security because downloaded addons are checksumed and manual addons can't be installed. -# Troubleshooting +## Troubleshooting {#sec-firefox-troubleshooting} If addons do not appear installed although they have been defined in your nix configuration file reset the local addon state of your Firefox profile by clicking `help -> restart with addons disabled -> restart -> refresh firefox`. This can happen if you switch from manual addon mode to nix addon mode and then back to manual mode and then again to nix addon mode. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index df8e5e1dd699..33d2bc3decc6 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -482,6 +482,7 @@ ./services/misc/mediatomb.nix ./services/misc/metabase.nix ./services/misc/mwlib.nix + ./services/misc/n8n.nix ./services/misc/nix-daemon.nix ./services/misc/nix-gc.nix ./services/misc/nix-optimise.nix diff --git a/nixos/modules/services/misc/n8n.nix b/nixos/modules/services/misc/n8n.nix new file mode 100644 index 000000000000..516d0f70ef0b --- /dev/null +++ b/nixos/modules/services/misc/n8n.nix @@ -0,0 +1,78 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.n8n; + format = pkgs.formats.json {}; + configFile = format.generate "n8n.json" cfg.settings; +in +{ + options.services.n8n = { + + enable = mkEnableOption "n8n server"; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the n8n web interface."; + }; + + settings = mkOption { + type = format.type; + default = {}; + description = '' + Configuration for n8n, see <link xlink:href="https://docs.n8n.io/reference/configuration.html"/> + for supported values. + ''; + }; + + }; + + config = mkIf cfg.enable { + services.n8n.settings = { + # We use this to open the firewall, so we need to know about the default at eval time + port = lib.mkDefault 5678; + }; + + systemd.services.n8n = { + description = "N8N service"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = { + # This folder must be writeable as the application is storing + # its data in it, so the StateDirectory is a good choice + N8N_USER_FOLDER = "/var/lib/n8n"; + N8N_CONFIG_FILES = "${configFile}"; + }; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.n8n}/bin/n8n"; + Restart = "on-failure"; + StateDirectory = "n8n"; + + # Basic Hardening + NoNewPrivileges = "yes"; + PrivateTmp = "yes"; + PrivateDevices = "yes"; + DevicePolicy = "closed"; + DynamicUser = "true"; + ProtectSystem = "strict"; + ProtectHome = "read-only"; + ProtectControlGroups = "yes"; + ProtectKernelModules = "yes"; + ProtectKernelTunables = "yes"; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; + RestrictNamespaces = "yes"; + RestrictRealtime = "yes"; + RestrictSUIDSGID = "yes"; + MemoryDenyWriteExecute = "yes"; + LockPersonality = "yes"; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.settings.port ]; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2e79a214569a..c58203cc481f 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -231,6 +231,7 @@ in mysql-autobackup = handleTest ./mysql/mysql-autobackup.nix {}; mysql-backup = handleTest ./mysql/mysql-backup.nix {}; mysql-replication = handleTest ./mysql/mysql-replication.nix {}; + n8n = handleTest ./n8n.nix {}; nagios = handleTest ./nagios.nix {}; nano = handleTest ./nano.nix {}; nar-serve = handleTest ./nar-serve.nix {}; diff --git a/nixos/tests/n8n.nix b/nixos/tests/n8n.nix new file mode 100644 index 000000000000..ed93639f2a42 --- /dev/null +++ b/nixos/tests/n8n.nix @@ -0,0 +1,25 @@ +import ./make-test-python.nix ({ lib, ... }: + +with lib; + +let + port = 5678; +in +{ + name = "n8n"; + meta.maintainers = with maintainers; [ freezeboy ]; + + nodes.machine = + { pkgs, ... }: + { + services.n8n = { + enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("n8n.service") + machine.wait_for_open_port("${toString port}") + machine.succeed("curl --fail http://localhost:${toString port}/") + ''; +}) diff --git a/pkgs/applications/blockchains/turbo-geth.nix b/pkgs/applications/blockchains/turbo-geth.nix index 3ca62722f9ba..b8aa3de44dad 100644 --- a/pkgs/applications/blockchains/turbo-geth.nix +++ b/pkgs/applications/blockchains/turbo-geth.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "turbo-geth"; - version = "2020.11.04"; + version = "2020.12.01"; src = fetchFromGitHub { owner = "ledgerwatch"; repo = pname; rev = "v${version}"; - sha256 = "1iidj7cvpazk2v419l6k7h67rkx0mni3fcxfjpwrp0815fy1c2ri"; + sha256 = "0l1qj10vhfkrk66zihz8m24pnyj8jbb65a7amvphp07r199swy2a"; }; vendorSha256 = "16vawkky612zf45d8dhipjmhrprmi28z9wdcnjy07x3bxdyfbhfr"; diff --git a/pkgs/applications/editors/sigil/default.nix b/pkgs/applications/editors/sigil/default.nix index fc87e98488b2..18437f5ff49e 100644 --- a/pkgs/applications/editors/sigil/default.nix +++ b/pkgs/applications/editors/sigil/default.nix @@ -6,13 +6,13 @@ mkDerivation rec { pname = "sigil"; - version = "1.4.2"; + version = "1.4.3"; src = fetchFromGitHub { repo = "Sigil"; owner = "Sigil-Ebook"; rev = version; - sha256 = "1vn444ax5af1gbhkm9lz46jc7zi4grf16cb4wqyb6hvgj2gbl0iw"; + sha256 = "1hk8kmhvkwfimbxzhwbnb8qdpf4n36cdzl9wfvi574i9pps36hnz"; }; pythonPath = with python3Packages; [ lxml ]; diff --git a/pkgs/applications/misc/simplenote/default.nix b/pkgs/applications/misc/simplenote/default.nix index 9aaeca14a209..fa0a47fdcb5e 100644 --- a/pkgs/applications/misc/simplenote/default.nix +++ b/pkgs/applications/misc/simplenote/default.nix @@ -17,10 +17,10 @@ let pname = "simplenote"; - version = "2.1.0"; + version = "2.2.0"; sha256 = { - x86_64-linux = "0lg48nq493anpnm20vw72y242nxa1g903bxzp4pngzxyi986jddz"; + x86_64-linux = "123b0fh14068s2z3k6s5mmh46xwlz02qfnpmj838zlm5hckjmifv"; }.${system} or throwSystem; meta = with stdenv.lib; { diff --git a/pkgs/applications/misc/syncthingtray/default.nix b/pkgs/applications/misc/syncthingtray/default.nix index beccfe5477bb..bbe629ecb14f 100644 --- a/pkgs/applications/misc/syncthingtray/default.nix +++ b/pkgs/applications/misc/syncthingtray/default.nix @@ -20,14 +20,14 @@ }: mkDerivation rec { - version = "1.0.1"; + version = "1.1.0"; pname = "syncthingtray"; src = fetchFromGitHub { owner = "Martchus"; repo = "syncthingtray"; rev = "v${version}"; - sha256 = "1dln5gh3p8nz9qmg07cw2s0lpzp3rfhyrwdhczj89g27bwk0lr4k"; + sha256 = "0nzkzx870hzil2kny1irp4w2kxz5gmpchr2qxb7q4f9cnih92n0j"; }; buildInputs = [ qtbase cpp-utilities qtutilities ] diff --git a/pkgs/applications/networking/instant-messengers/toxic/default.nix b/pkgs/applications/networking/instant-messengers/toxic/default.nix index 6b511d1a1a9c..a2489427b946 100644 --- a/pkgs/applications/networking/instant-messengers/toxic/default.nix +++ b/pkgs/applications/networking/instant-messengers/toxic/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "toxic"; - version = "0.9.1"; + version = "0.10.0"; src = fetchFromGitHub { owner = "Tox"; repo = "toxic"; rev = "v${version}"; - sha256 = "1j0yd33sm824dy4mhwfxqkywa46yhqy5hd5wq4lp7lgl6m6mypar"; + sha256 = "1v9cdpy6i3xl70g75zg33sqi4aqp20by0pyjhjg5iz24fxvfaw6c"; }; makeFlags = [ "PREFIX=$(out)"]; diff --git a/pkgs/applications/networking/n8n/default.nix b/pkgs/applications/networking/n8n/default.nix new file mode 100644 index 000000000000..94305a8cfeea --- /dev/null +++ b/pkgs/applications/networking/n8n/default.nix @@ -0,0 +1,18 @@ +{ pkgs, nodejs, stdenv, lib, ... }: + +let + nodePackages = import ./node-composition.nix { + inherit pkgs nodejs; + inherit (stdenv.hostPlatform) system; + }; +in +nodePackages.n8n.override { + nativeBuildInputs = with pkgs.nodePackages; [ + node-pre-gyp + ]; + meta = with lib; { + description = "Free and open fair-code licensed node based Workflow Automation Tool"; + maintainers = with maintainers; [ freezeboy ]; + license = licenses.asl20; + }; +} diff --git a/pkgs/applications/networking/n8n/generate-dependencies.sh b/pkgs/applications/networking/n8n/generate-dependencies.sh new file mode 100755 index 000000000000..292811669184 --- /dev/null +++ b/pkgs/applications/networking/n8n/generate-dependencies.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nodePackages.node2nix + +node2nix \ + --node-env node-env.nix \ + --input package.json \ + --output node-packages.nix \ + --composition node-composition.nix diff --git a/pkgs/applications/networking/n8n/node-composition.nix b/pkgs/applications/networking/n8n/node-composition.nix new file mode 100644 index 000000000000..c970861a86f0 --- /dev/null +++ b/pkgs/applications/networking/n8n/node-composition.nix @@ -0,0 +1,17 @@ +# This file has been generated by node2nix 1.8.0. Do not edit! + +{pkgs ? import <nixpkgs> { + inherit system; + }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-12_x"}: + +let + nodeEnv = import ./node-env.nix { + inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; + inherit nodejs; + libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; + }; +in +import ./node-packages.nix { + inherit (pkgs) fetchurl fetchgit; + inherit nodeEnv; +}
\ No newline at end of file diff --git a/pkgs/applications/networking/n8n/node-env.nix b/pkgs/applications/networking/n8n/node-env.nix new file mode 100644 index 000000000000..e1abf5304935 --- /dev/null +++ b/pkgs/applications/networking/n8n/node-env.nix @@ -0,0 +1,542 @@ +# This file originates from node2nix + +{stdenv, nodejs, python2, utillinux, libtool, runCommand, writeTextFile}: + +let + python = if nodejs ? python then nodejs.python else python2; + + # Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise + tarWrapper = runCommand "tarWrapper" {} '' + mkdir -p $out/bin + + cat > $out/bin/tar <<EOF + #! ${stdenv.shell} -e + $(type -p tar) "\$@" --warning=no-unknown-keyword --delay-directory-restore + EOF + + chmod +x $out/bin/tar + ''; + + # Function that generates a TGZ file from a NPM project + buildNodeSourceDist = + { name, version, src, ... }: + + stdenv.mkDerivation { + name = "node-tarball-${name}-${version}"; + inherit src; + buildInputs = [ nodejs ]; + buildPhase = '' + export HOME=$TMPDIR + tgzFile=$(npm pack | tail -n 1) # Hooks to the pack command will add output (https://docs.npmjs.com/misc/scripts) + ''; + installPhase = '' + mkdir -p $out/tarballs + mv $tgzFile $out/tarballs + mkdir -p $out/nix-support + echo "file source-dist $out/tarballs/$tgzFile" >> $out/nix-support/hydra-build-products + ''; + }; + + includeDependencies = {dependencies}: + stdenv.lib.optionalString (dependencies != []) + (stdenv.lib.concatMapStrings (dependency: + '' + # Bundle the dependencies of the package + mkdir -p node_modules + cd node_modules + + # Only include dependencies if they don't exist. They may also be bundled in the package. + if [ ! -e "${dependency.name}" ] + then + ${composePackage dependency} + fi + + cd .. + '' + ) dependencies); + + # Recursively composes the dependencies of a package + composePackage = { name, packageName, src, dependencies ? [], ... }@args: + builtins.addErrorContext "while evaluating node package '${packageName}'" '' + DIR=$(pwd) + cd $TMPDIR + + unpackFile ${src} + + # Make the base dir in which the target dependency resides first + mkdir -p "$(dirname "$DIR/${packageName}")" + + if [ -f "${src}" ] + then + # Figure out what directory has been unpacked + packageDir="$(find . -maxdepth 1 -type d | tail -1)" + + # Restore write permissions to make building work + find "$packageDir" -type d -exec chmod u+x {} \; + chmod -R u+w "$packageDir" + + # Move the extracted tarball into the output folder + mv "$packageDir" "$DIR/${packageName}" + elif [ -d "${src}" ] + then + # Get a stripped name (without hash) of the source directory. + # On old nixpkgs it's already set internally. + if [ -z "$strippedName" ] + then + strippedName="$(stripHash ${src})" + fi + + # Restore write permissions to make building work + chmod -R u+w "$strippedName" + + # Move the extracted directory into the output folder + mv "$strippedName" "$DIR/${packageName}" + fi + + # Unset the stripped name to not confuse the next unpack step + unset strippedName + + # Include the dependencies of the package + cd "$DIR/${packageName}" + ${includeDependencies { inherit dependencies; }} + cd .. + ${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + ''; + + pinpointDependencies = {dependencies, production}: + let + pinpointDependenciesFromPackageJSON = writeTextFile { + name = "pinpointDependencies.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + function resolveDependencyVersion(location, name) { + if(location == process.env['NIX_STORE']) { + return null; + } else { + var dependencyPackageJSON = path.join(location, "node_modules", name, "package.json"); + + if(fs.existsSync(dependencyPackageJSON)) { + var dependencyPackageObj = JSON.parse(fs.readFileSync(dependencyPackageJSON)); + + if(dependencyPackageObj.name == name) { + return dependencyPackageObj.version; + } + } else { + return resolveDependencyVersion(path.resolve(location, ".."), name); + } + } + } + + function replaceDependencies(dependencies) { + if(typeof dependencies == "object" && dependencies !== null) { + for(var dependency in dependencies) { + var resolvedVersion = resolveDependencyVersion(process.cwd(), dependency); + + if(resolvedVersion === null) { + process.stderr.write("WARNING: cannot pinpoint dependency: "+dependency+", context: "+process.cwd()+"\n"); + } else { + dependencies[dependency] = resolvedVersion; + } + } + } + } + + /* Read the package.json configuration */ + var packageObj = JSON.parse(fs.readFileSync('./package.json')); + + /* Pinpoint all dependencies */ + replaceDependencies(packageObj.dependencies); + if(process.argv[2] == "development") { + replaceDependencies(packageObj.devDependencies); + } + replaceDependencies(packageObj.optionalDependencies); + + /* Write the fixed package.json file */ + fs.writeFileSync("package.json", JSON.stringify(packageObj, null, 2)); + ''; + }; + in + '' + node ${pinpointDependenciesFromPackageJSON} ${if production then "production" else "development"} + + ${stdenv.lib.optionalString (dependencies != []) + '' + if [ -d node_modules ] + then + cd node_modules + ${stdenv.lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies} + cd .. + fi + ''} + ''; + + # Recursively traverses all dependencies of a package and pinpoints all + # dependencies in the package.json file to the versions that are actually + # being used. + + pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args: + '' + if [ -d "${packageName}" ] + then + cd "${packageName}" + ${pinpointDependencies { inherit dependencies production; }} + cd .. + ${stdenv.lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."} + fi + ''; + + # Extract the Node.js source code which is used to compile packages with + # native bindings + nodeSources = runCommand "node-sources" {} '' + tar --no-same-owner --no-same-permissions -xf ${nodejs.src} + mv node-* $out + ''; + + # Script that adds _integrity fields to all package.json files to prevent NPM from consulting the cache (that is empty) + addIntegrityFieldsScript = writeTextFile { + name = "addintegrityfields.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + function augmentDependencies(baseDir, dependencies) { + for(var dependencyName in dependencies) { + var dependency = dependencies[dependencyName]; + + // Open package.json and augment metadata fields + var packageJSONDir = path.join(baseDir, "node_modules", dependencyName); + var packageJSONPath = path.join(packageJSONDir, "package.json"); + + if(fs.existsSync(packageJSONPath)) { // Only augment packages that exist. Sometimes we may have production installs in which development dependencies can be ignored + console.log("Adding metadata fields to: "+packageJSONPath); + var packageObj = JSON.parse(fs.readFileSync(packageJSONPath)); + + if(dependency.integrity) { + packageObj["_integrity"] = dependency.integrity; + } else { + packageObj["_integrity"] = "sha1-000000000000000000000000000="; // When no _integrity string has been provided (e.g. by Git dependencies), add a dummy one. It does not seem to harm and it bypasses downloads. + } + + if(dependency.resolved) { + packageObj["_resolved"] = dependency.resolved; // Adopt the resolved property if one has been provided + } else { + packageObj["_resolved"] = dependency.version; // Set the resolved version to the version identifier. This prevents NPM from cloning Git repositories. + } + + if(dependency.from !== undefined) { // Adopt from property if one has been provided + packageObj["_from"] = dependency.from; + } + + fs.writeFileSync(packageJSONPath, JSON.stringify(packageObj, null, 2)); + } + + // Augment transitive dependencies + if(dependency.dependencies !== undefined) { + augmentDependencies(packageJSONDir, dependency.dependencies); + } + } + } + + if(fs.existsSync("./package-lock.json")) { + var packageLock = JSON.parse(fs.readFileSync("./package-lock.json")); + + if(packageLock.lockfileVersion !== 1) { + process.stderr.write("Sorry, I only understand lock file version 1!\n"); + process.exit(1); + } + + if(packageLock.dependencies !== undefined) { + augmentDependencies(".", packageLock.dependencies); + } + } + ''; + }; + + # Reconstructs a package-lock file from the node_modules/ folder structure and package.json files with dummy sha1 hashes + reconstructPackageLock = writeTextFile { + name = "addintegrityfields.js"; + text = '' + var fs = require('fs'); + var path = require('path'); + + var packageObj = JSON.parse(fs.readFileSync("package.json")); + + var lockObj = { + name: packageObj.name, + version: packageObj.version, + lockfileVersion: 1, + requires: true, + dependencies: {} + }; + + function augmentPackageJSON(filePath, dependencies) { + var packageJSON = path.join(filePath, "package.json"); + if(fs.existsSync(packageJSON)) { + var packageObj = JSON.parse(fs.readFileSync(packageJSON)); + dependencies[packageObj.name] = { + version: packageObj.version, + integrity: "sha1-000000000000000000000000000=", + dependencies: {} + }; + processDependencies(path.join(filePath, "node_modules"), dependencies[packageObj.name].dependencies); + } + } + + function processDependencies(dir, dependencies) { + if(fs.existsSync(dir)) { + var files = fs.readdirSync(dir); + + files.forEach(function(entry) { + var filePath = path.join(dir, entry); + var stats = fs.statSync(filePath); + + if(stats.isDirectory()) { + if(entry.substr(0, 1) == "@") { + // When we encounter a namespace folder, augment all packages belonging to the scope + var pkgFiles = fs.readdirSync(filePath); + + pkgFiles.forEach(function(entry) { + if(stats.isDirectory()) { + var pkgFilePath = path.join(filePath, entry); + augmentPackageJSON(pkgFilePath, dependencies); + } + }); + } else { + augmentPackageJSON(filePath, dependencies); + } + } + }); + } + } + + processDependencies("node_modules", lockObj.dependencies); + + fs.writeFileSync("package-lock.json", JSON.stringify(lockObj, null, 2)); + ''; + }; + + prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}: + let + forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com"; + in + '' + # Pinpoint the versions of all dependencies to the ones that are actually being used + echo "pinpointing versions of dependencies..." + source $pinpointDependenciesScriptPath + + # Patch the shebangs of the bundled modules to prevent them from + # calling executables outside the Nix store as much as possible + patchShebangs . + + # Deploy the Node.js package by running npm install. Since the + # dependencies have been provided already by ourselves, it should not + # attempt to install them again, which is good, because we want to make + # it Nix's responsibility. If it needs to install any dependencies + # anyway (e.g. because the dependency parameters are + # incomplete/incorrect), it fails. + # + # The other responsibilities of NPM are kept -- version checks, build + # steps, postprocessing etc. + + export HOME=$TMPDIR + cd "${packageName}" + runHook preRebuild + + ${stdenv.lib.optionalString bypassCache '' + ${stdenv.lib.optionalString reconstructLock '' + if [ -f package-lock.json ] + then + echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!" + echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!" + rm package-lock.json + else + echo "No package-lock.json file found, reconstructing..." + fi + + node ${reconstructPackageLock} + ''} + + node ${addIntegrityFieldsScript} + ''} + + npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${stdenv.lib.optionalString production "--production"} rebuild + + if [ "''${dontNpmInstall-}" != "1" ] + then + # NPM tries to download packages even when they already exist if npm-shrinkwrap is used. + rm -f npm-shrinkwrap.json + + npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${stdenv.lib.optionalString production "--production"} install + fi + ''; + + # Builds and composes an NPM package including all its dependencies + buildNodePackage = + { name + , packageName + , version + , dependencies ? [] + , buildInputs ? [] + , production ? true + , npmFlags ? "" + , dontNpmInstall ? false + , bypassCache ? false + , reconstructLock ? false |