diff --git a/pkgs/development/python-modules/onlykey-solo-python/default.nix b/pkgs/development/python-modules/onlykey-solo-python/default.nix new file mode 100644 index 00000000000..91f36b01dd4 --- /dev/null +++ b/pkgs/development/python-modules/onlykey-solo-python/default.nix @@ -0,0 +1,35 @@ +{ buildPythonPackage +, click +, ecdsa +, fetchPypi +, fido2 +, intelhex +, lib +, pyserial +, pyusb +, requests +}: + +buildPythonPackage rec { + pname = "onlykey-solo-python"; + version = "0.0.28"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-Mbi5So2OgeXjg4Fzg7v2gAJuh1Y7ZCYu8Lrha/7PQfY="; + }; + + propagatedBuildInputs = [ click ecdsa fido2 intelhex pyserial pyusb requests ]; + + # no tests + doCheck = false; + pythonImportsCheck = [ "solo" ]; + + meta = with lib; { + homepage = "https://github.com/trustcrypto/onlykey-solo-python"; + description = "Python library for OnlyKey with Solo FIDO2"; + maintainers = with maintainers; [ kalbasit ]; + license = licenses.asl20; + }; +} + diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index ce0bb98ad6f..6f72d35fcf4 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.243"; + version = "4.14.244"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0wdk93qv91pa6bd3ff1gv7manhkzh190c5blcpl14cbh9m2ms8vz"; + sha256 = "0x554dck5f78ljknwahjvf49952s1w0zja3yh4vfz6lmf6hvzq5n"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_14 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 3d1beb7bd6d..62de063c29d 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.202"; + version = "4.19.204"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "09ya7n0il8fipp8ksb8cyl894ihny2r75g70vbhclbv20q2pv0pj"; + sha256 = "1rcx99sz4fgr2d138i92dw2vfplnqgys58hxywgmjb56c83l3qy4"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_19 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index 8e3108a9d24..292691fea2a 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.57"; + version = "5.10.60"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0b8lwfjlyd6j0csk71v07bxb5lrrzp545g1wv6kdk0kzq6maxfq0"; + sha256 = "13gpamqj0shvad4nd9v11iv8qdfbjgb242nbvcim2z3c7xszfvv9"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.13.nix b/pkgs/os-specific/linux/kernel/linux-5.13.nix index 87be091cd4b..dbbd4a9e876 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.13.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.13.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.13.11"; + version = "5.13.12"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0za59652wrh4mlhd9w3dx4y1nnk8nrj9hb56pssgdckdvp7rp4l0"; + sha256 = "0948w1zc2gqnl8x60chjqngfzdi0kcxm12i1nx3nx4ksiwj5vc98"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 1433c5925a9..7cf9473451c 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.139"; + version = "5.4.142"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0zx3hj8fc0qpdmkn56cna5438wjxmj42a69msbkxlg4mnz6d0w84"; + sha256 = "0l8l4cg04p5vx890jm45r35js1v0nljd0lp5qwkvlr45jql5fy4r"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index 854218f74d8..0e123e89418 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "18210"; - sha256 = "1vp3d44ha68hhhk13g86j9lk0isfwqfkk1rbm0gihzjjzvpkxbab"; + rev = "18239"; + sha256 = "1nzxkc53jmsyaxnl5q9hmgrfd3c8sn2y0pcv7ng042bnvr8hhh82"; } , ... }: diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 2e4001fc844..6c06dcb2000 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.56-rt48"; # updated by ./update-rt.sh + version = "5.10.56-rt49"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -25,7 +25,7 @@ in buildLinux (args // { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1fi83iky7r80cc1xlxyvsd2fcfgd67hz1nhmrhxawzkx6cx6i55a"; + sha256 = "17r7d8xj5nph1j1fyjra887mqjlf6is9pgpw0jyhd46z1jy2bw3v"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; diff --git a/pkgs/servers/web-apps/discourse/plugins/all-plugins.nix b/pkgs/servers/web-apps/discourse/plugins/all-plugins.nix index 27c749dea2e..2766b645349 100644 --- a/pkgs/servers/web-apps/discourse/plugins/all-plugins.nix +++ b/pkgs/servers/web-apps/discourse/plugins/all-plugins.nix @@ -8,6 +8,7 @@ in discourse-checklist = callPackage ./discourse-checklist {}; discourse-data-explorer = callPackage ./discourse-data-explorer {}; discourse-github = callPackage ./discourse-github {}; + discourse-ldap-auth = callPackage ./discourse-ldap-auth {}; discourse-math = callPackage ./discourse-math {}; discourse-migratepassword = callPackage ./discourse-migratepassword {}; discourse-solved = callPackage ./discourse-solved {}; diff --git a/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/Gemfile b/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/Gemfile new file mode 100644 index 00000000000..897a808c1d7 --- /dev/null +++ b/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/Gemfile @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem 'pyu-ruby-sasl', '0.0.3.3', require: false +gem 'rubyntlm', '0.3.4', require: false +gem 'net-ldap', '0.14.0' +gem 'omniauth-ldap', '1.0.5' diff --git a/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/Gemfile.lock b/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/Gemfile.lock new file mode 100644 index 00000000000..2843cb0d8f0 --- /dev/null +++ b/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/Gemfile.lock @@ -0,0 +1,28 @@ +GEM + remote: https://rubygems.org/ + specs: + hashie (4.1.0) + net-ldap (0.14.0) + omniauth (1.9.1) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + omniauth-ldap (1.0.5) + net-ldap (~> 0.12) + omniauth (~> 1.0) + pyu-ruby-sasl (~> 0.0.3.2) + rubyntlm (~> 0.3.4) + pyu-ruby-sasl (0.0.3.3) + rack (2.2.3) + rubyntlm (0.3.4) + +PLATFORMS + x86_64-linux + +DEPENDENCIES + net-ldap (= 0.14.0) + omniauth-ldap (= 1.0.5) + pyu-ruby-sasl (= 0.0.3.3) + rubyntlm (= 0.3.4) + +BUNDLED WITH + 2.2.20 diff --git a/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/default.nix b/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/default.nix new file mode 100644 index 00000000000..92a3c2544cd --- /dev/null +++ b/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/default.nix @@ -0,0 +1,18 @@ +{ lib, mkDiscoursePlugin, fetchFromGitHub }: + +mkDiscoursePlugin { + name = "discourse-ldap-auth"; + bundlerEnvArgs.gemdir = ./.; + src = fetchFromGitHub { + owner = "jonmbake"; + repo = "discourse-ldap-auth"; + rev = "eca02c560f2f2bf42feeb1923bc17e074f16b891"; + sha256 = "sha256-HLNoDvvxkBMvqP6WbRrJY0CYnK92W77nzSpuwgl0VPA="; + }; + meta = with lib; { + homepage = "https://github.com/jonmbake/discourse-ldap-auth"; + maintainers = with maintainers; [ ryantm ]; + license = licenses.mit; + description = "Discourse plugin to enable LDAP/Active Directory authentication."; + }; +} diff --git a/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/gemset.nix b/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/gemset.nix new file mode 100644 index 00000000000..e684a506479 --- /dev/null +++ b/pkgs/servers/web-apps/discourse/plugins/discourse-ldap-auth/gemset.nix @@ -0,0 +1,74 @@ +{ + hashie = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "02bsx12ihl78x0vdm37byp78jjw2ff6035y7rrmbd90qxjwxr43q"; + type = "gem"; + }; + version = "4.1.0"; + }; + net-ldap = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "18fyxfbh32ai72cwgz8s9w0fg0xq7j534y217flw54mmzsj8i6qp"; + type = "gem"; + }; + version = "0.14.0"; + }; + omniauth = { + dependencies = ["hashie" "rack"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "002vi9gwamkmhf0dsj2im1d47xw2n1jfhnzl18shxf3ampkqfmyz"; + type = "gem"; + }; + version = "1.9.1"; + }; + omniauth-ldap = { + dependencies = ["net-ldap" "omniauth" "pyu-ruby-sasl" "rubyntlm"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ld3mx46xa1qhc0cpnck1n06xcxs0ag4n41zgabxri27a772f9wz"; + type = "gem"; + }; + version = "1.0.5"; + }; + pyu-ruby-sasl = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1rcpjiz9lrvyb3rd8k8qni0v4ps08psympffyldmmnrqayyad0sn"; + type = "gem"; + }; + version = "0.0.3.3"; + }; + rack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0i5vs0dph9i5jn8dfc6aqd6njcafmb20rwqngrf759c9cvmyff16"; + type = "gem"; + }; + version = "2.2.3"; + }; + rubyntlm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "18d1lxhx62swggf4cqg76h7hp04f5801c8h07w08cm9xng2niqby"; + type = "gem"; + }; + version = "0.3.4"; + }; +} diff --git a/pkgs/servers/web-apps/discourse/update.py b/pkgs/servers/web-apps/discourse/update.py index 127088dafbf..a207b0ebf31 100755 --- a/pkgs/servers/web-apps/discourse/update.py +++ b/pkgs/servers/web-apps/discourse/update.py @@ -206,6 +206,7 @@ def update_plugins(): {'name': 'discourse-checklist'}, {'name': 'discourse-data-explorer'}, {'name': 'discourse-github'}, + {'name': 'discourse-ldap-auth', 'owner': 'jonmbake'}, {'name': 'discourse-math'}, {'name': 'discourse-migratepassword', 'owner': 'discoursehosting'}, {'name': 'discourse-solved'}, diff --git a/pkgs/tools/security/onlykey-cli/default.nix b/pkgs/tools/security/onlykey-cli/default.nix index b342f203b44..3919a5726c0 100644 --- a/pkgs/tools/security/onlykey-cli/default.nix +++ b/pkgs/tools/security/onlykey-cli/default.nix @@ -2,18 +2,28 @@ python3Packages.buildPythonApplication rec { pname = "onlykey-cli"; - version = "1.2.2"; + version = "1.2.5"; src = python3Packages.fetchPypi { inherit version; pname = "onlykey"; - sha256 = "1qkbgab5xlg7bd0jfzf8k5ppb1zhib76r050fiaqi5wibrqrfwdi"; + sha256 = "sha256-7Pr1gXaPF5mctGxDciKKj0YDDQVFFi1+t6QztoKqpAA="; }; + propagatedBuildInputs = with python3Packages; [ + aenum + cython + ecdsa + hidapi + onlykey-solo-python + prompt_toolkit + pynacl + six + ]; + # Requires having the physical onlykey (a usb security key) doCheck = false; - propagatedBuildInputs = - with python3Packages; [ hidapi aenum six prompt_toolkit pynacl ecdsa cython ]; + pythonImportsCheck = [ "onlykey.cli" ]; meta = with lib; { description = "OnlyKey client and command-line tool"; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 181837dc996..e9e9d9de945 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4728,6 +4728,8 @@ in { onkyo-eiscp = callPackage ../development/python-modules/onkyo-eiscp { }; + onlykey-solo-python = callPackage ../development/python-modules/onlykey-solo-python { }; + onnx = callPackage ../development/python-modules/onnx { }; openant = callPackage ../development/python-modules/openant { };