solr: 8.6.3 -> 8.11.1

[r-ryantm]

Automatic update generated by nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/solr/versions.

meta.description for solr is: "Open source enterprise search platform from the Apache Lucene project"

meta.homepage for solr is: "https://lucene.apache.org/solr/"

meta.changelog for solr is: ""

Updates performed

• Version update

To inspect upstream changes

Impact

Checks done (click to expand)

---

• built on NixOS
• Warning: a test defined in passthru.tests did not pass
• Warning: no invocation of /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1/bin/post had a zero exit code or showed the expected version
• Warning: no invocation of /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1/bin/solr had a zero exit code or showed the expected version
• Warning: no invocation of /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1/bin/.solr-wrapped had a zero exit code or showed the expected version
• Warning: no invocation of /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1/bin/.post-wrapped had a zero exit code or showed the expected version
• 0 of 4 passed binary check by having a zero exit code.
• 0 of 4 passed binary check by having the new version present in output.
• found 8.11.1 with grep in /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1
• found 8.11.1 in filename of file in /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1

---

Rebuild report (if merged into master) (click to expand)

2 total rebuild path(s)

1 package rebuild(s)

1 x86_64-linux rebuild(s)
1 x86_64-darwin rebuild(s)


First fifty rebuilds by attrpath
solr

Instructions to test this update (click to expand)

---

Either download from Cachix:

nix-store -r /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1 \
  --option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
  --option trusted-public-keys '
  nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A solr https://github.com/r-ryantm/nixpkgs/archive/6af2fb2254eb779c5a9ad7e1c76c21a4ce5db118.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1
ls -la /nix/store/4b7np1r417rq6l3vyb8i36ljhf75jb9a-solr-8.11.1/bin

---

Pre-merge build results

We have automatically built all packages that will get rebuilt due to
this change.

This gives evidence on whether the upgrade will break dependent packages.
Note sometimes packages show up as failed to build independent of the
change, simply because they are already broken on the target branch.

Result of nixpkgs-review run on x86_64-linux 1

1 package built:

• solr

---

Maintainer pings

cc @aanderse for testing.

[c0bw3b]

There is quite a lot of CVE fixed since v8.6.3, most recent ones being the Log4shell family of vulns.

• https://solr.apache.org/news.html
• https://solr.apache.org/security.html
• https://solr.apache.org/docs/8_11_1/changes/Changes.html

[c0bw3b]

Previous investigation into the failing test in #120556

Related: #150288 #124680 #155350

[mohe2015]

I think doing #120556 (comment) to fix the test would be fine. I think the problem mostly is that nobody who commented is using solr and cares enough but with some additional testing I think merging would be fine. E.g. I personally just triaged the other PR because it fixes security issues but I never used solr.

[c0bw3b]

I'm not a Solr user either. The maintainer is probably the best person to test and approve this. @aanderse

[aanderse]

I apologize but I don't provide solr to any developers/integrators on systems I maintain anymore. I will remove myself from the maintainers list because I can't devote the time to properly support this package anymore.

[mweinelt]

At the same time we can mark this with knownVulnerabiltiies, since the packaging didn't work anymore last time we talked, no?

[Atemu]

If the package is practically broken, we don't need to keep an update PR alive.