diff --git a/lib/kernel.nix b/lib/kernel.nix
index 2ce19f8cb68..8045a228d05 100644
--- a/lib/kernel.nix
+++ b/lib/kernel.nix
@@ -14,7 +14,7 @@ with lib;
freeform = x: { freeform = x; };
/*
- Common patterns/legacy used in common-config/hardened-config.nix
+ Common patterns/legacy used in common-config/hardened/config.nix
*/
whenHelpers = version: {
whenAtLeast = ver: mkIf (versionAtLeast version ver);
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
index de409240c70..3673f6e0d9c 100644
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -279,6 +279,13 @@ php.override {
+
+
+ The Nginx log directory has been moved to /var/log/nginx, the cache directory
+ to /var/cache/nginx. The option services.nginx.stateDir has
+ been removed.
+
+
The httpd web server previously started its main process as root
diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py
index 84661a4a758..bf46d0df97f 100644
--- a/nixos/lib/test-driver/test-driver.py
+++ b/nixos/lib/test-driver/test-driver.py
@@ -369,7 +369,7 @@ class Machine:
q = q.replace("'", "\\'")
return self.execute(
(
- "su -l {} -c "
+ "su -l {} --shell /bin/sh -c "
"$'XDG_RUNTIME_DIR=/run/user/`id -u` "
"systemctl --user {}'"
).format(user, q)
diff --git a/nixos/modules/services/logging/awstats.nix b/nixos/modules/services/logging/awstats.nix
index 5939d7808f7..896f52302ff 100644
--- a/nixos/modules/services/logging/awstats.nix
+++ b/nixos/modules/services/logging/awstats.nix
@@ -24,7 +24,7 @@ let
logFile = mkOption {
type = types.str;
- example = "/var/spool/nginx/logs/access.log";
+ example = "/var/log/nginx/access.log";
description = ''
The log file to be scanned.
@@ -110,7 +110,7 @@ in
{
"mysite" = {
domain = "example.com";
- logFile = "/var/spool/nginx/logs/access.log";
+ logFile = "/var/log/nginx/access.log";
};
}
'';
diff --git a/nixos/modules/services/networking/monero.nix b/nixos/modules/services/networking/monero.nix
index b9536430868..97af2997839 100644
--- a/nixos/modules/services/networking/monero.nix
+++ b/nixos/modules/services/networking/monero.nix
@@ -26,7 +26,7 @@ let
rpc-login=${rpc.user}:${rpc.password}
''}
${optionalString rpc.restricted ''
- restrict-rpc=1
+ restricted-rpc=1
''}
limit-rate-up=${toString limits.upload}
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 8d49dc66eb1..1e9cda7e478 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -187,7 +187,7 @@ let
then "/etc/nginx/nginx.conf"
else configFile;
- execCommand = "${cfg.package}/bin/nginx -c '${configPath}' -p '${cfg.stateDir}'";
+ execCommand = "${cfg.package}/bin/nginx -c '${configPath}'";
vhosts = concatStringsSep "\n" (mapAttrsToList (vhostName: vhost:
let
@@ -463,13 +463,6 @@ in
'';
};
- stateDir = mkOption {
- default = "/var/spool/nginx";
- description = "
- Directory holding all state for nginx to run.
- ";
- };
-
user = mkOption {
type = types.str;
default = "nginx";
@@ -636,6 +629,13 @@ in
};
};
+ imports = [
+ (mkRemovedOptionModule [ "services" "nginx" "stateDir" ] ''
+ The Nginx log directory has been moved to /var/log/nginx, the cache directory
+ to /var/cache/nginx. The option services.nginx.stateDir has been removed.
+ '')
+ ];
+
config = mkIf cfg.enable {
# TODO: test user supplied config file pases syntax test
@@ -680,12 +680,6 @@ in
}
];
- systemd.tmpfiles.rules = [
- "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
- "d '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -"
- "Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
- ];
-
systemd.services.nginx = {
description = "Nginx Web Server";
wantedBy = [ "multi-user.target" ];
@@ -708,6 +702,12 @@ in
# Runtime directory and mode
RuntimeDirectory = "nginx";
RuntimeDirectoryMode = "0750";
+ # Cache directory and mode
+ CacheDirectory = "nginx";
+ CacheDirectoryMode = "0750";
+ # Logs directory and mode
+ LogsDirectory = "nginx";
+ LogsDirectoryMode = "0750";
# Capabilities
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_SYS_RESOURCE" ];
};
diff --git a/nixos/tests/service-runner.nix b/nixos/tests/service-runner.nix
index adb3fcd36d7..39ae66fe111 100644
--- a/nixos/tests/service-runner.nix
+++ b/nixos/tests/service-runner.nix
@@ -23,7 +23,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.fail(f"curl {url}")
machine.succeed(
"""
- mkdir -p /run/nginx /var/spool/nginx/logs
+ mkdir -p /run/nginx /var/log/nginx /var/cache/nginx
${nodes.machine.config.systemd.services.nginx.runner} &
echo $!>my-nginx.pid
"""
diff --git a/pkgs/applications/editors/mg/default.nix b/pkgs/applications/editors/mg/default.nix
index de1a5ce7879..612cdcc7f88 100644
--- a/pkgs/applications/editors/mg/default.nix
+++ b/pkgs/applications/editors/mg/default.nix
@@ -1,12 +1,14 @@
-{ stdenv, fetchurl, pkgconfig, libbsd, ncurses, buildPackages }:
+{ stdenv, fetchFromGitHub, pkgconfig, ncurses, buildPackages }:
stdenv.mkDerivation rec {
pname = "mg";
- version = "20171014";
+ version = "6.7";
- src = fetchurl {
- url = "http://homepage.boetes.org/software/mg/${pname}-${version}.tar.gz";
- sha256 = "0hakfikzsml7z0hja8m8mcahrmfy2piy81bq9nccsjplyfc9clai";
+ src = fetchFromGitHub {
+ owner = "ibara";
+ repo = "mg";
+ rev = "mg-6.7";
+ sha256 = "15adwibq6xrfxbrxzk765g9250iyfn4wbcxd7kcsabiwn6apm0ai";
};
enableParallelBuilding = true;
@@ -17,14 +19,13 @@ stdenv.mkDerivation rec {
install -m 555 -Dt $out/bin mg
install -m 444 -Dt $out/share/man/man1 mg.1
'';
-
nativeBuildInputs = [ pkgconfig ];
- buildInputs = [ libbsd ncurses ];
+ buildInputs = [ ncurses ];
meta = with stdenv.lib; {
description = "Micro GNU/emacs, a portable version of the mg maintained by the OpenBSD team";
- homepage = "https://homepage.boetes.org/software/mg";
+ homepage = "https://man.openbsd.org/OpenBSD-current/man1/mg.1";
license = licenses.publicDomain;
platforms = platforms.all;
};
diff --git a/pkgs/applications/graphics/yed/default.nix b/pkgs/applications/graphics/yed/default.nix
index 96515a13724..9472f931246 100644
--- a/pkgs/applications/graphics/yed/default.nix
+++ b/pkgs/applications/graphics/yed/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "yEd";
- version = "3.19.1.1";
+ version = "3.20";
src = fetchzip {
url = "https://www.yworks.com/resources/yed/demo/${pname}-${version}.zip";
- sha256 = "0px88rc1slf7n1n8lpk56hf29ppbnnd4lrqfyggihcr0pxmw157c";
+ sha256 = "08j8lpn2nd41gavgrj03rlrxl04wcamq1y02f1x1569ykbhycb3m";
};
nativeBuildInputs = [ makeWrapper unzip ];
diff --git a/pkgs/applications/kde/kdegraphics-thumbnailers.nix b/pkgs/applications/kde/kdegraphics-thumbnailers.nix
index 6ae45057f19..d98f2013339 100644
--- a/pkgs/applications/kde/kdegraphics-thumbnailers.nix
+++ b/pkgs/applications/kde/kdegraphics-thumbnailers.nix
@@ -1,5 +1,5 @@
{
- mkDerivation, lib,
+ mkDerivation, lib, fetchpatch,
extra-cmake-modules, karchive, kio, libkexiv2, libkdcraw
}:
@@ -9,6 +9,14 @@ mkDerivation {
license = [ lib.licenses.lgpl21 ];
maintainers = [ lib.maintainers.ttuegel ];
};
+ patches = [
+ # Fix a bug with thumbnail.so processes hanging:
+ # https://bugs.kde.org/show_bug.cgi?id=404652
+ (fetchpatch {
+ url = "https://phabricator.kde.org/file/data/tnk4b6roouixzifi6vre/PHID-FILE-qkkedevt7svx7lv56ea5/D26635.diff";
+ sha256 = "0fq85zhymmrq8vl0y6vgh87qf4c6fhcq704p4kpkaq7y0isxj4h1";
+ })
+ ];
nativeBuildInputs = [ extra-cmake-modules ];
buildInputs = [ karchive kio libkexiv2 libkdcraw ];
}
diff --git a/pkgs/applications/misc/bemenu/default.nix b/pkgs/applications/misc/bemenu/default.nix
index 665198b3d1f..8b17ecea3cb 100644
--- a/pkgs/applications/misc/bemenu/default.nix
+++ b/pkgs/applications/misc/bemenu/default.nix
@@ -1,32 +1,33 @@
-{ stdenv, fetchFromGitHub, cairo, cmake, libxkbcommon
+{ stdenv, lib, fetchFromGitHub, cairo, libxkbcommon
, pango, fribidi, harfbuzz, pcre, pkgconfig
, ncursesSupport ? true, ncurses ? null
-, waylandSupport ? true, wayland ? null
+, waylandSupport ? true, wayland ? null, wayland-protocols ? null
, x11Support ? true, xlibs ? null, xorg ? null
}:
assert ncursesSupport -> ncurses != null;
-assert waylandSupport -> wayland != null;
+assert waylandSupport -> ! lib.elem null [wayland wayland-protocols];
assert x11Support -> xlibs != null && xorg != null;
stdenv.mkDerivation rec {
pname = "bemenu";
- version = "0.3.0";
+ version = "0.4.1";
src = fetchFromGitHub {
owner = "Cloudef";
repo = pname;
rev = version;
- sha256 = "03k8wijdgj5nwmvgjhsrlh918n719789fhs4dqm23pd00rapxipk";
+ sha256 = "1fjcs9d3533ay3nz79cx3c0lmy2chgragr2lhsy0xl2ckr0iins0";
};
- nativeBuildInputs = [ cmake pkgconfig pcre ];
+ nativeBuildInputs = [ pkgconfig pcre ];
- cmakeFlags = [
- "-DBEMENU_CURSES_RENDERER=${if ncursesSupport then "ON" else "OFF"}"
- "-DBEMENU_WAYLAND_RENDERER=${if waylandSupport then "ON" else "OFF"}"
- "-DBEMENU_X11_RENDERER=${if x11Support then "ON" else "OFF"}"
- ];
+ makeFlags = ["PREFIX=$(out)"];
+
+ buildFlags = ["clients"]
+ ++ lib.optional ncursesSupport "curses"
+ ++ lib.optional waylandSupport "wayland"
+ ++ lib.optional x11Support "x11";
buildInputs = with stdenv.lib; [
cairo
@@ -34,18 +35,18 @@ stdenv.mkDerivation rec {
harfbuzz
libxkbcommon
pango
- ] ++ optionals ncursesSupport [ ncurses ]
- ++ optionals waylandSupport [ wayland ]
+ ] ++ optional ncursesSupport ncurses
+ ++ optionals waylandSupport [ wayland wayland-protocols ]
++ optionals x11Support [
xlibs.libX11 xlibs.libXinerama xlibs.libXft
xorg.libXdmcp xorg.libpthreadstubs xorg.libxcb
];
- meta = with stdenv.lib; {
+ meta = with lib; {
homepage = "https://github.com/Cloudef/bemenu";
description = "Dynamic menu library and client program inspired by dmenu";
license = licenses.gpl3Plus;
- maintainers = with maintainers; [ thiagokokada ];
+ maintainers = with maintainers; [ lheckemann ];
platforms = with platforms; linux;
};
}
diff --git a/pkgs/applications/misc/cura/default.nix b/pkgs/applications/misc/cura/default.nix
index 4c4fe9b1abd..1b5c7c23956 100644
--- a/pkgs/applications/misc/cura/default.nix
+++ b/pkgs/applications/misc/cura/default.nix
@@ -2,25 +2,26 @@
mkDerivation rec {
pname = "cura";
- version = "4.5.0";
+ version = "4.6.1";
src = fetchFromGitHub {
owner = "Ultimaker";
repo = "Cura";
rev = version;
- sha256 = "0fm04s912sgmr66wyb55ly4jh39ijsj6lx4fx9wn7hchlqmw5jxi";
+ sha256 = "0h1r9caa579d3gfpcmch54rdbkg5df64ds2v84iqsbxwjp0rmn4n";
};
materials = fetchFromGitHub {
owner = "Ultimaker";
repo = "fdm_materials";
rev = version;
- sha256 = "0fgkwz1anw49macq1jxjhjr79slhmx7g3zwij7g9fqyzzhrrmwqn";
+ sha256 = "1k5c3qmixhpz3z2yi0fysxcyyf1yhcwmdlrcypkw827lhsialqp4";
};
buildInputs = [ qtbase qtquickcontrols2 qtgraphicaleffects ];
propagatedBuildInputs = with python3.pkgs; [
libsavitar numpy-stl pyserial requests uranium zeroconf
+ sentry-sdk trimesh
] ++ plugins;
nativeBuildInputs = [ cmake python3.pkgs.wrapPython ];
diff --git a/pkgs/applications/misc/cura/plugins.nix b/pkgs/applications/misc/cura/plugins.nix
index 35d6c97fa0b..9fbe647046c 100644
--- a/pkgs/applications/misc/cura/plugins.nix
+++ b/pkgs/applications/misc/cura/plugins.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, fetchpatch, cmake, python3Packages }:
+{ stdenv, fetchFromGitHub, fetchpatch, python3Packages }:
let
@@ -6,21 +6,24 @@ let
octoprint = stdenv.mkDerivation rec {
pname = "Cura-OctoPrintPlugin";
- version = "3.5.11";
+ version = "3.5.12";
src = fetchFromGitHub {
owner = "fieldOfView";
repo = pname;
- rev = "3cef0a955ae7ccfa5c07d20d9d147c530cc9d6ec";
- sha256 = "0q9bkwgpsbfwkp1bfaxq3wm9pbwx5d7ji0jr7cwc4y5nizji81is";
+ rev = "ad522c0b7ead5fbe28da686a3cc75e351274c2bc";
+ sha256 = "0ln11ng32bh0smfsk54mv2j3sadh0gwf031nmm95zrvbj9cr6yc0";
};
- nativeBuildInputs = [ cmake ];
-
propagatedBuildInputs = with python3Packages; [
netifaces
];
+ installPhase = ''
+ mkdir -p $out/lib/cura/plugins/OctoPrintPlugin
+ cp -rv . $out/lib/cura/plugins/OctoPrintPlugin/
+ '';
+
meta = with stdenv.lib; {
description = "Enables printing directly to OctoPrint and monitoring the process";
homepage = "https://github.com/fieldOfView/Cura-OctoPrintPlugin";
diff --git a/pkgs/applications/misc/genxword/default.nix b/pkgs/applications/misc/genxword/default.nix
new file mode 100644
index 00000000000..215542003ad
--- /dev/null
+++ b/pkgs/applications/misc/genxword/default.nix
@@ -0,0 +1,54 @@
+{ lib
+, python3
+, fetchFromGitHub
+, gettext
+, gobject-introspection
+, wrapGAppsHook
+, pango
+, gtksourceview3
+}:
+
+python3.pkgs.buildPythonApplication rec {
+ pname = "genxword";
+ version = "2.0.1";
+
+ src = fetchFromGitHub {
+ owner = "riverrun";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "00czdvyb5wnrk3x0g529afisl8v4frfys9ih0nzf1fs4jkzjcijg";
+ };
+
+ nativeBuildInputs = [
+ gettext
+ gobject-introspection
+ wrapGAppsHook
+ ];
+
+ buildInputs = [
+ gobject-introspection
+ pango
+ gtksourceview3
+ ];
+
+ propagatedBuildInputs = with python3.pkgs; [
+ pycairo
+ pygobject3
+ ];
+
+ # to prevent double wrapping
+ dontWrapGApps = true;
+ preFixup = ''
+ makeWrapperArgs+=("''${gappsWrapperArgs[@]}")
+ '';
+
+ # there are no tests
+ doCheck = false;
+
+ meta = with lib; {
+ inherit (src.meta) homepage;
+ description = "Crossword generator";
+ license = licenses.gpl3Plus;
+ maintainers = with maintainers; [ dotlambda ];
+ };
+}
diff --git a/pkgs/applications/misc/yubioath-desktop/default.nix b/pkgs/applications/misc/yubioath-desktop/default.nix
index eb39a702f93..2fffee0f0bb 100644
--- a/pkgs/applications/misc/yubioath-desktop/default.nix
+++ b/pkgs/applications/misc/yubioath-desktop/default.nix
@@ -6,11 +6,11 @@
mkDerivation rec {
pname = "yubioath-desktop";
- version = "5.0.2";
+ version = "5.0.3";
src = fetchurl {
url = "https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-${version}.tar.gz";
- sha256 = "19ingk0ab88a22s04apcw8kx9xygxlbk8kp4xnb8pmf8z3k6l2gf";
+ sha256 = "1g0jd7mmch6a6n8k5pp3w27qd5cijnvzk05lwraf0i96m68h7x1k";
};
doCheck = false;
@@ -38,13 +38,13 @@ mkDerivation rec {
--prefix LD_LIBRARY_PATH : "${stdenv.lib.getLib pcsclite}/lib:${yubikey-personalization}/lib"
mkdir -p $out/share/applications
- cp resources/yubioath-desktop.desktop \
- $out/share/applications/yubioath-desktop.desktop
+ cp resources/com.yubico.yubioath.desktop \
+ $out/share/applications/com.yubico.yubioath.desktop
mkdir -p $out/share/yubioath/icons
- cp resources/icons/*.{icns,ico,png,xpm} $out/share/yubioath/icons
- substituteInPlace $out/share/applications/yubioath-desktop.desktop \
+ cp resources/icons/*.{icns,ico,png,svg} $out/share/yubioath/icons
+ substituteInPlace $out/share/applications/com.yubico.yubioath.desktop \
--replace 'Exec=yubioath-desktop' "Exec=$out/bin/yubioath-desktop" \
- --replace 'Icon=yubioath' "Icon=$out/share/yubioath/icons/yubioath.png"
+ --replace 'Icon=yubioath' "Icon=$out/share/yubioath/icons/com.yubico.yubioath.png"
'';
meta = with stdenv.lib; {
diff --git a/pkgs/applications/radio/xlog/default.nix b/pkgs/applications/radio/xlog/default.nix
index 31bcfa463b9..e92c216466f 100644
--- a/pkgs/applications/radio/xlog/default.nix
+++ b/pkgs/applications/radio/xlog/default.nix
@@ -1,11 +1,11 @@
{ stdenv, fetchurl, glib, gtk2, pkgconfig, hamlib }:
stdenv.mkDerivation rec {
pname = "xlog";
- version = "2.0.17";
+ version = "2.0.19";
src = fetchurl {
url = "https://download.savannah.gnu.org/releases/xlog/${pname}-${version}.tar.gz";
- sha256 = "0vmn8518zk7qk1mbp1h8dm0f8fx0z0jvmy42c1n15il714lj7vsl";
+ sha256 = "0y38gkcm4mgv6wn31pjq6d5bm22m63rpwa55qjmrlywrmw76rppy";
};
# glib-2.62 deprecations
diff --git a/pkgs/applications/science/electronics/kicad/base.nix b/pkgs/applications/science/electronics/kicad/base.nix
index 6bc66596229..9fc1111c7b9 100644
--- a/pkgs/applications/science/electronics/kicad/base.nix
+++ b/pkgs/applications/science/electronics/kicad/base.nix
@@ -2,7 +2,6 @@
, libX11, gettext, glew, glm, cairo, curl, openssl, boost, pkgconfig
, doxygen, pcre, libpthreadstubs, libXdmcp, fetchpatch, lndir, callPackages
-, pname ? "kicad"
, stable ? true
, baseName ? "kicad"
, versions ? { }
@@ -20,26 +19,26 @@ with lib;
let
versionConfig = versions.${baseName};
- baseVersion = "${versions.${baseName}.kicadVersion.version}";
# oce on aarch64 fails a test
withOCE = oceSupport && !stdenv.isAarch64;
withOCC = (withOCCT && !withOCE) || (oceSupport && stdenv.isAarch64);
- kicad-libraries = callPackages ./libraries.nix versionConfig.libVersion;
+ libraries = callPackages ./libraries.nix versionConfig.libVersion;
in
stdenv.mkDerivation rec {
- inherit pname;
- version = "base-${baseVersion}";
+ i18n = libraries.i18n;
+
+ pname = "kicad-base";
+ version = "${versions.${baseName}.kicadVersion.version}";
src = fetchFromGitLab (
{
group = "kicad";
owner = "code";
repo = "kicad";
- rev = baseVersion;
} // versionConfig.kicadVersion.src
);
@@ -57,9 +56,11 @@ stdenv.mkDerivation rec {
# tagged releases don't have "unknown"
# kicad nightlies use git describe --dirty
# nix removes .git, so its approximated here
+ # "-1" appended to indicate we're adding a patch
postPatch = ''
substituteInPlace CMakeModules/KiCadVersion.cmake \
- --replace "unknown" ${builtins.substring 0 10 src.rev}
+ --replace "unknown" "${builtins.substring 0 10 src.rev}-1" \
+ --replace "${version}" "${version}-1"
'';
makeFlags = optional (debug) [ "CFLAGS+=-Og" "CFLAGS+=-ggdb" ];
@@ -113,7 +114,7 @@ stdenv.mkDerivation rec {
postInstall = optional (withI18n) ''
mkdir -p $out/share
- lndir ${kicad-libraries.i18n}/share $out/share
+ lndir ${i18n}/share $out/share
'';
meta = {
@@ -124,7 +125,6 @@ stdenv.mkDerivation rec {
'';
homepage = "https://www.kicad-pcb.org/";
license = licenses.agpl3;
- maintainers = with maintainers; [ evils kiwi berce ];
- platforms = with platforms; linux;
+ platforms = platforms.all;
};
}
diff --git a/pkgs/applications/science/electronics/kicad/default.nix b/pkgs/applications/science/electronics/kicad/default.nix
index f03a0a0ccef..2aa2686a29a 100644
--- a/pkgs/applications/science/electronics/kicad/default.nix
+++ b/pkgs/applications/science/electronics/kicad/default.nix
@@ -4,6 +4,7 @@
, librsvg, cups
, pname ? "kicad"
+, stable ? true
, oceSupport ? false, opencascade
, withOCCT ? true, opencascade-occt
, ngspiceSupport ? true, libngspice
@@ -18,7 +19,6 @@ assert ngspiceSupport -> libngspice != null;
with lib;
let
- stable = pname != "kicad-unstable";
baseName = if (stable) then "kicad" else "kicad-unstable";
versions = import ./versions.nix;
@@ -35,17 +35,16 @@ let
python = python3;
wxPython = python3Packages.wxPython_4_0;
- libraries = callPackages ./libraries.nix versionConfig.libVersion;
+in
+stdenv.mkDerivation rec {
+
+ passthru.libraries = callPackages ./libraries.nix versionConfig.libVersion;
base = callPackage ./base.nix {
- pname = baseName;
inherit versions stable baseName;
inherit wxGTK python wxPython;
inherit debug withI18n withOCCT oceSupport ngspiceSupport scriptingSupport;
};
-in
-stdenv.mkDerivation rec {
-
inherit pname;
version = versions.${baseName}.kicadVersion.version;
@@ -63,7 +62,7 @@ stdenv.mkDerivation rec {
# wrapGAppsHook added the equivalent to ${base}/share
# though i noticed no difference without it
- makeWrapperArgs = [
+ makeWrapperArgs = with passthru.libraries; [
"--prefix XDG_DATA_DIRS : ${base}/share"
"--prefix XDG_DATA_DIRS : ${hicolor-icon-theme}/share"
"--prefix XDG_DATA_DIRS : ${gnome3.defaultIconTheme}/share"
@@ -73,47 +72,40 @@ stdenv.mkDerivation rec {
"--prefix XDG_DATA_DIRS : ${cups}/share"
"--prefix GIO_EXTRA_MODULES : ${gnome3.dconf}/lib/gio/modules"
- "--set KISYSMOD ${libraries.footprints}/share/kicad/modules"
- "--set KICAD_SYMBOL_DIR ${libraries.symbols}/share/kicad/library"
- "--set KICAD_TEMPLATE_DIR ${libraries.templates}/share/kicad/template"
- "--prefix KICAD_TEMPLATE_DIR : ${libraries.symbols}/share/kicad/template"
- "--prefix KICAD_TEMPLATE_DIR : ${libraries.footprints}/share/kicad/template"
+ "--set KISYSMOD ${footprints}/share/kicad/modules"
+ "--set KICAD_SYMBOL_DIR ${symbols}/share/kicad/library"
+ "--set KICAD_TEMPLATE_DIR ${templates}/share/kicad/template"
+ "--prefix KICAD_TEMPLATE_DIR : ${symbols}/share/kicad/template"
+ "--prefix KICAD_TEMPLATE_DIR : ${footprints}/share/kicad/template"
]
- ++ optionals (with3d) [ "--set KISYS3DMOD ${libraries.packages3d}/share/kicad/modules/packages3d" ]
+ ++ optionals (with3d) [ "--set KISYS3DMOD ${packages3d}/share/kicad/modules/packages3d" ]
++ optionals (ngspiceSupport) [ "--prefix LD_LIBRARY_PATH : ${libngspice}/lib" ]
# infinisil's workaround for #39493
++ [ "--set GDK_PIXBUF_MODULE_FILE ${librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" ]
;
- # dunno why i have to add $makeWrapperArgs manually...
+ # why does $makeWrapperArgs have to be added explicitly?
# $out and $program_PYTHONPATH don't exist when makeWrapperArgs gets set?
- # not sure if anything has to be done with the other stuff in base/bin
- # dxf2idf, idf2vrml, idfcyl, idfrect, kicad2step, kicad-ogltest
- installPhase =
- optionalString (scriptingSupport) '' buildPythonPath "${base} $pythonPath"
- '' +
- '' makeWrapper ${base}/bin/kicad $out/bin/kicad $makeWrapperArgs ''
- + optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
- '' +
- '' makeWrapper ${base}/bin/pcbnew $out/bin/pcbnew $makeWrapperArgs ''
- + optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
- '' +
- '' makeWrapper ${base}/bin/eeschema $out/bin/eeschema $makeWrapperArgs ''
- + optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
- '' +
- '' makeWrapper ${base}/bin/gerbview $out/bin/gerbview $makeWrapperArgs ''
- + optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
- '' +
- '' makeWrapper ${base}/bin/pcb_calculator $out/bin/pcb_calculator $makeWrapperArgs ''
- + optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
- '' +
- '' makeWrapper ${base}/bin/pl_editor $out/bin/pl_editor $makeWrapperArgs ''
- + optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
- '' +
- '' makeWrapper ${base}/bin/bitmap2component $out/bin/bitmap2component $makeWrapperArgs ''
- + optionalString (scriptingSupport) '' --set PYTHONPATH "$program_PYTHONPATH"
- ''
+ # kicad-ogltest's source seems to indicate that crashing is expected behaviour...
+ installPhase = with lib;
+ let
+ tools = [ "kicad" "pcbnew" "eeschema" "gerbview" "pcb_calculator" "pl_editor" "bitmap2component" ];
+ utils = [ "dxf2idf" "idf2vrml" "idfcyl" "idfrect" "kicad2step" "kicad-ogltest" ];
+ in
+ ( concatStringsSep "\n"
+ ( flatten [
+ ( optionalString (scriptingSupport) "buildPythonPath \"${base} $pythonPath\" \n" )
+
+ # wrap each of the directly usable tools
+ ( map ( tool: "makeWrapper ${base}/bin/${tool} $out/bin/${tool} $makeWrapperArgs"
+ + optionalString (scriptingSupport) " --set PYTHONPATH \"$program_PYTHONPATH\""
+ ) tools )
+
+ # link in the CLI utils
+ ( map ( util: "ln -s ${base}/bin/${util} $out/bin/${util}" ) utils )
+ ])
+ )
;
# can't run this for each pname
@@ -123,10 +115,11 @@ stdenv.mkDerivation rec {
# and can't git commit if this could be running in parallel with other scripts
passthru.updateScript = [ ./update.sh "all" ];
- meta = {
- description = if (stable)
- then "Open Source Electronics Design Automation Suite"
- else "Open Source EDA Suite, Development Build";
+ meta = rec {
+ description = (if (stable)
+ then "Open Source Electronics Design Automation suite"
+ else "Open Source EDA suite, development build")
+ + (if (!with3d) then ", without 3D models" else "");
homepage = "https://www.kicad-pcb.org/";
longDescription = ''
KiCad is an open source software suite for Electronic Design Automation.
@@ -134,12 +127,20 @@ stdenv.mkDerivation rec {
'';
license = licenses.agpl3;
# berce seems inactive...
- maintainers = with maintainers; [ evils kiwi berce ];
- # kicad's cross-platform, not sure what to fill in here
- platforms = with platforms; linux;
- } // optionalAttrs with3d {
- # We can't download the 3d models on Hydra - they are a ~1 GiB download and
- # they occupy ~5 GiB in store.
- hydraPlatforms = [];
+ maintainers = with stdenv.lib.maintainers; [ evils kiwi berce ];
+ # kicad is cross platform
+ platforms = stdenv.lib.platforms.all;
+ # despite that, nipkgs' wxGTK for darwin is "wxmac"
+ # and wxPython_4_0 does not account for this
+ # adjusting this package to downgrade to python2Packages.wxPython (wxPython 3),
+ # seems like more trouble than fixing wxPython_4_0 would be
+ # additionally, libngspice is marked as linux only, though it should support darwin
+
+ hydraPlatforms = if (with3d) then [ ] else platforms;
+ # We can't download the 3d models on Hydra,
+ # they are a ~1 GiB download and they occupy ~5 GiB in store.
+ # as long as the base and libraries (minus 3d) are build,
+ # this wrapper does not need to get built
+ # the kicad-*small "packages" cause this to happen
};
}
diff --git a/pkgs/applications/science/electronics/kicad/libraries.nix b/pkgs/applications/science/electronics/kicad/libraries.nix
index 7cdf9373e08..4dde2a0a122 100644
--- a/pkgs/applications/science/electronics/kicad/libraries.nix
+++ b/pkgs/applications/science/electronics/kicad/libraries.nix
@@ -13,21 +13,27 @@
with lib;
let
mkLib = name:
- stdenv.mkDerivation
- {
- pname = "kicad-${name}";
- version = "${version}";
- src = fetchFromGitHub (
- {
- owner = "KiCad";
- repo = "kicad-${name}";
- rev = version;
- inherit name;
- } // (libSources.${name} or { })
- );
- nativeBuildInputs = [ cmake ];
- meta.license = licenses.cc-by-sa-40;
+ stdenv.mkDerivation {
+ pname = "kicad-${name}";
+ version = "${version}";
+ src = fetchFromGitHub (
+ {
+ owner = "KiCad";
+ repo = "kicad-${name}";
+ rev = version;
+ inherit name;
+ } // (libSources.${name} or { })
+ );
+ nativeBuildInputs = [ cmake ];
+
+ meta = rec {
+ license = licenses.cc-by-sa-40;
+ platforms = stdenv.lib.platforms.all;
+ # the 3d models are a ~1 GiB download and occupy ~5 GiB in store.
+ # this would exceed the hydra output limit
+ hydraPlatforms = if (name == "packages3d" ) then [ ] else platforms;
};
+ };
in
{
symbols = mkLib "symbols";
@@ -56,6 +62,9 @@ in
);
buildInputs = [ gettext ];
nativeBuildInputs = [ cmake ];
- meta.license = licenses.gpl2; # https://github.com/KiCad/kicad-i18n/issues/3
+ meta = {
+ license = licenses.gpl2; # https://github.com/KiCad/kicad-i18n/issues/3
+ platforms = stdenv.lib.platforms.all;
+ };
};
}
diff --git a/pkgs/applications/science/electronics/kicad/versions.nix b/pkgs/applications/science/electronics/kicad/versions.nix
index 174532d6962..2b7c91751e5 100644
--- a/pkgs/applications/science/electronics/kicad/versions.nix
+++ b/pkgs/applications/science/electronics/kicad/versions.nix
@@ -27,25 +27,25 @@
};
"kicad-unstable" = {
kicadVersion = {
- version = "2020-04-25";
+ version = "2020-05-06";
src = {
- rev = "3759799d1e03b2da6a0dcd72273e4978880fc8f1";
- sha256 = "0ba14fla8m5zli68wfjkfc4ymvj4j8z92y3jigxs8hys0450bybi";
+ rev = "c92181621e2e51dc8aae1bd9f4483bb3301ffaa5";
+ sha256 = "0s50xn5gbjy7yxnp9yiynxvxi2mkcrp6yghgdzclpm40rnfyi0v5";
};
};
libVersion = {
- version = "2020-04-25";
+ version = "2020-05-06";
libSources = {
- i18n.rev = "fc14baa52ca56a58b0048ab860bf31887d3cf8eb";
- i18n.sha256 = "05nayab7dkjyq7g3i9q7k55hcckpc0cmq4bbklmxx16rx4rbhzc6";
- symbols.rev = "0f9ff2d17237f90bb649bf0a52b6d454f68197e8";
- symbols.sha256 = "1a54428syn2xksc00n2bvh1alrx2vrqmp7cg7d2rn8nlq8yk4qd5";
+ i18n.rev = "f29cab831eb823165fa2c5efab5d9c9b443e62e2";
+ i18n.sha256 = "0cc0zvpml75yxphay3281f762ls08fzvv538cd5hmkr8xqlj3vbi";
+ symbols.rev = "d4245ae8cf633095a0994ab01492bd56cd124112";
+ symbols.sha256 = "11pynjgji3skw42q5mryz98f8z418k43jy6s2k90w6jv638z3cb0";
templates.rev = "7db8d4d0ea0711f1961d117853547fb3edbc3857";
templates.sha256 = "1hppcsrkn4dk6ggby6ckh0q65qxkywrbyxa4lwpaf7pxjyv498xg";
- footprints.rev = "61df6d8853b4c68cca0ac87784c0a33cff9394d3";
- footprints.sha256 = "0blmhk8pwd4mi6rlsr4lf4lq7j01h6xbpbvr3pm8pmw8zylhi54v";
- packages3d.rev = "88bcf2e817fe000bb2c05e14489afc3b1a4e10ed";
- packages3d.sha256 = "0z9p1fn5xbz940kr5jz2ibzf09hpdi1c9izmabkffvrnfy6408x6";
+ footprints.rev = "3bff23ee339bc48490bb39deba5d8b2f1f42733e";
+ footprints.sha256 = "0430r8k49ib6w1sjr8fx42szbz960yhlzg4w80jl5bwasq67nqwd";
+ packages3d.rev = "889a3dd550233ec51baed4a04a01d4cc64a8d747";
+ packages3d.sha256 = "152zv4j51v8skqlvrabblpcqpbn5yf3grisjj8vnwf7kdd41chb2";
};
};
};
diff --git a/pkgs/desktops/plasma-5/kwin/default.nix b/pkgs/desktops/plasma-5/kwin/default.nix
index 0e1709d8245..c3e9e2b9c24 100644
--- a/pkgs/desktops/plasma-5/kwin/default.nix
+++ b/pkgs/desktops/plasma-5/kwin/default.nix
@@ -11,11 +11,10 @@
kcoreaddons, kcrash, kdeclarative, kdecoration, kglobalaccel, ki18n,
kiconthemes, kidletime, kinit, kio, knewstuff, knotifications, kpackage,
kscreenlocker, kservice, kwayland, kwidgetsaddons, kwindowsystem, kxmlgui,
- plasma-framework, qtsensors, libcap, libdrm
+ plasma-framework, qtsensors, libcap, libdrm, mesa
}:
# TODO (ttuegel): investigate qmlplugindump failure
-# TODO (ttuegel): investigate gbm dependency
mkDerivation {
name = "kwin";
@@ -30,7 +29,7 @@ mkDerivation {
kcoreaddons kcrash kdeclarative kdecoration kglobalaccel ki18n kiconthemes
kidletime kinit kio knewstuff knotifications kpackage kscreenlocker kservice
kwayland kwidgetsaddons kwindowsystem kxmlgui plasma-framework
- libcap libdrm
+ libcap libdrm mesa
];
outputs = [ "bin" "dev" "out" ];
patches = [
diff --git a/pkgs/development/compilers/llvm/10/compiler-rt-armv7l.patch b/pkgs/development/compilers/llvm/10/compiler-rt-armv7l.patch
new file mode 100644
index 00000000000..120cfe6feb2
--- /dev/null
+++ b/pkgs/development/compilers/llvm/10/compiler-rt-armv7l.patch
@@ -0,0 +1,32 @@
+diff -ur compiler-rt-10.0.0.src/cmake/builtin-config-ix.cmake compiler-rt-10.0.0.src-patched/cmake/builtin-config-ix.cmake
+--- compiler-rt-10.0.0.src/cmake/builtin-config-ix.cmake 2020-03-24 00:01:02.000000000 +0900
++++ compiler-rt-10.0.0.src-patched/cmake/builtin-config-ix.cmake 2020-05-10 03:42:00.883450706 +0900
+@@ -24,7 +24,7 @@
+
+
+ set(ARM64 aarch64)
+-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
++set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
+ set(HEXAGON hexagon)
+ set(X86 i386)
+ set(X86_64 x86_64)
+diff -ur compiler-rt-10.0.0.src/lib/builtins/CMakeLists.txt compiler-rt-10.0.0.src-patched/lib/builtins/CMakeLists.txt
+--- compiler-rt-10.0.0.src/lib/builtins/CMakeLists.txt 2020-03-24 00:01:02.000000000 +0900
++++ compiler-rt-10.0.0.src-patched/lib/builtins/CMakeLists.txt 2020-05-10 03:44:49.468579650 +0900
+@@ -474,6 +474,7 @@
+ set(armv7_SOURCES ${arm_SOURCES})
+ set(armv7s_SOURCES ${arm_SOURCES})
+ set(armv7k_SOURCES ${arm_SOURCES})
++set(armv7l_SOURCES ${arm_SOURCES})
+ set(arm64_SOURCES ${aarch64_SOURCES})
+
+ # macho_embedded archs
+@@ -595,7 +596,7 @@
+ foreach (arch ${BUILTIN_SUPPORTED_ARCH})
+ if (CAN_TARGET_${arch})
+ # For ARM archs, exclude any VFP builtins if VFP is not supported
+- if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
++ if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
+ string(REPLACE ";" " " _TARGET_${arch}_CFLAGS "${TARGET_${arch}_CFLAGS}")
+ check_compile_definition(__VFP_FP__ "${CMAKE_C_FLAGS} ${_TARGET_${arch}_CFLAGS}" COMPILER_RT_HAS_${arch}_VFP)
+ if(NOT COMPILER_RT_HAS_${arch}_VFP)
diff --git a/pkgs/development/compilers/llvm/10/compiler-rt.nix b/pkgs/development/compilers/llvm/10/compiler-rt.nix
index c0ea436ae27..68f64ef4256 100644
--- a/pkgs/development/compilers/llvm/10/compiler-rt.nix
+++ b/pkgs/development/compilers/llvm/10/compiler-rt.nix
@@ -48,7 +48,9 @@ stdenv.mkDerivation rec {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
./find-darwin-sdk-version.patch # don't test for macOS being >= 10.15
- ];# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
+ ]# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
+ ++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
+
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
diff --git a/pkgs/development/compilers/llvm/5/compiler-rt-armv7l.patch b/pkgs/development/compilers/llvm/5/compiler-rt-armv7l.patch
new file mode 100644
index 00000000000..77bf2640c47
--- /dev/null
+++ b/pkgs/development/compilers/llvm/5/compiler-rt-armv7l.patch
@@ -0,0 +1,23 @@
+diff -ur compiler-rt-5.0.2.src/cmake/builtin-config-ix.cmake compiler-rt-5.0.2.src-patched/cmake/builtin-config-ix.cmake
+--- compiler-rt-5.0.2.src/cmake/builtin-config-ix.cmake 2017-05-25 00:53:24.000000000 +0900
++++ compiler-rt-5.0.2.src-patched/cmake/builtin-config-ix.cmake 2020-05-10 03:24:24.937433155 +0900
+@@ -24,7 +24,7 @@
+
+
+ set(ARM64 aarch64)
+-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
++set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
+ set(X86 i386 i686)
+ set(X86_64 x86_64)
+ set(MIPS32 mips mipsel)
+diff -ur compiler-rt-5.0.2.src/lib/builtins/CMakeLists.txt compiler-rt-5.0.2.src-patched/lib/builtins/CMakeLists.txt
+--- compiler-rt-5.0.2.src/lib/builtins/CMakeLists.txt 2017-07-13 04:33:30.000000000 +0900
++++ compiler-rt-5.0.2.src-patched/lib/builtins/CMakeLists.txt 2020-05-10 03:24:45.945075423 +0900
+@@ -444,6 +444,7 @@
+ set(armv7_SOURCES ${arm_SOURCES})
+ set(armv7s_SOURCES ${arm_SOURCES})
+ set(armv7k_SOURCES ${arm_SOURCES})
++set(armv7l_SOURCES ${arm_SOURCES})
+ set(arm64_SOURCES ${aarch64_SOURCES})
+
+ # macho_embedded archs
diff --git a/pkgs/development/compilers/llvm/5/compiler-rt.nix b/pkgs/development/compilers/llvm/5/compiler-rt.nix
index 55f4eb94e92..624034b5228 100644
--- a/pkgs/development/compilers/llvm/5/compiler-rt.nix
+++ b/pkgs/development/compilers/llvm/5/compiler-rt.nix
@@ -48,7 +48,8 @@ stdenv.mkDerivation {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
- ++ stdenv.lib.optional (stdenv.hostPlatform.libc == "glibc") ./compiler-rt-sys-ustat.patch;
+ ++ stdenv.lib.optional (stdenv.hostPlatform.libc == "glibc") ./compiler-rt-sys-ustat.patch
+ ++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
diff --git a/pkgs/development/compilers/llvm/6/compiler-rt-armv7l.patch b/pkgs/development/compilers/llvm/6/compiler-rt-armv7l.patch
new file mode 100644
index 00000000000..ca2ed632faa
--- /dev/null
+++ b/pkgs/development/compilers/llvm/6/compiler-rt-armv7l.patch
@@ -0,0 +1,32 @@
+diff -ur compiler-rt-6.0.1.src/cmake/builtin-config-ix.cmake compiler-rt-6.0.1.src-patched/cmake/builtin-config-ix.cmake
+--- compiler-rt-6.0.1.src/cmake/builtin-config-ix.cmake 2017-12-01 06:04:11.000000000 +0900
++++ compiler-rt-6.0.1.src-patched/cmake/builtin-config-ix.cmake 2020-05-10 03:30:01.939694303 +0900
+@@ -24,7 +24,7 @@
+
+
+ set(ARM64 aarch64)
+-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
++set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
+ set(X86 i386)
+ set(X86_64 x86_64)
+ set(MIPS32 mips mipsel)
+diff -ur compiler-rt-6.0.1.src/lib/builtins/CMakeLists.txt compiler-rt-6.0.1.src-patched/lib/builtins/CMakeLists.txt
+--- compiler-rt-6.0.1.src/lib/builtins/CMakeLists.txt 2017-12-25 06:11:32.000000000 +0900
++++ compiler-rt-6.0.1.src-patched/lib/builtins/CMakeLists.txt 2020-05-10 03:30:44.814964156 +0900
+@@ -452,6 +452,7 @@
+ set(armv7_SOURCES ${arm_SOURCES})
+ set(armv7s_SOURCES ${arm_SOURCES})
+ set(armv7k_SOURCES ${arm_SOURCES})
++set(armv7l_SOURCES ${arm_SOURCES})
+ set(arm64_SOURCES ${aarch64_SOURCES})
+
+ # macho_embedded archs
+@@ -521,7 +522,7 @@
+ set(_arch ${arch})
+ if("${arch}" STREQUAL "armv6m")
+ set(_arch "arm|armv6m")
+- elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
++ elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
+ set(_arch "arm")
+ endif()
+
diff --git a/pkgs/development/compilers/llvm/6/compiler-rt.nix b/pkgs/development/compilers/llvm/6/compiler-rt.nix
index abb6796e3c7..5ae8bb01f05 100644
--- a/pkgs/development/compilers/llvm/6/compiler-rt.nix
+++ b/pkgs/development/compilers/llvm/6/compiler-rt.nix
@@ -47,7 +47,8 @@ stdenv.mkDerivation {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
- ] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch;
+ ] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
+ ++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
diff --git a/pkgs/development/compilers/llvm/7/compiler-rt-armv7l.patch b/pkgs/development/compilers/llvm/7/compiler-rt-armv7l.patch
new file mode 100644
index 00000000000..89d7f1aec91
--- /dev/null
+++ b/pkgs/development/compilers/llvm/7/compiler-rt-armv7l.patch
@@ -0,0 +1,38 @@
+diff -ur compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake
+--- compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake 2018-05-25 06:36:27.000000000 +0900
++++ compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake 2020-05-09 20:26:33.030608692 +0900
+@@ -24,7 +24,7 @@
+
+
+ set(ARM64 aarch64)
+-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
++set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
+ set(HEXAGON hexagon)
+ set(X86 i386)
+ set(X86_64 x86_64)
+diff -ur compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt
+--- compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt 2018-07-31 03:18:59.000000000 +0900
++++ compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt 2020-05-09 20:27:38.893409318 +0900
+@@ -453,6 +453,7 @@
+ set(armv7_SOURCES ${arm_SOURCES})
+ set(armv7s_SOURCES ${arm_SOURCES})
+ set(armv7k_SOURCES ${arm_SOURCES})
++set(armv7l_SOURCES ${arm_SOURCES})
+ set(arm64_SOURCES ${aarch64_SOURCES})
+
+ # macho_embedded archs
+@@ -563,12 +564,12 @@
+ set(_arch ${arch})
+ if("${arch}" STREQUAL "armv6m")
+ set(_arch "arm|armv6m")
+- elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
++ elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
+ set(_arch "arm")
+ endif()
+
+ # For ARM archs, exclude any VFP builtins if VFP is not supported
+- if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
++ if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
+ string(REPLACE ";" " " _TARGET_${arch}_CFLAGS "${TARGET_${arch}_CFLAGS}")
+ check_compile_definition(__VFP_FP__ "${CMAKE_C_FLAGS} ${_TARGET_${arch}_CFLAGS}" COMPILER_RT_HAS_${arch}_VFP)
+ if(NOT COMPILER_RT_HAS_${arch}_VFP)
diff --git a/pkgs/development/compilers/llvm/7/compiler-rt.nix b/pkgs/development/compilers/llvm/7/compiler-rt.nix
index e83a4a3c26f..e9853c58ca5 100644
--- a/pkgs/development/compilers/llvm/7/compiler-rt.nix
+++ b/pkgs/development/compilers/llvm/7/compiler-rt.nix
@@ -48,7 +48,8 @@ stdenv.mkDerivation {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
] ++ stdenv.lib.optional (useLLVM) ./crtbegin-and-end.patch
- ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch;
+ ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
+ ++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
diff --git a/pkgs/development/compilers/llvm/8/compiler-rt-armv7l.patch b/pkgs/development/compilers/llvm/8/compiler-rt-armv7l.patch
new file mode 100644
index 00000000000..89d7f1aec91
--- /dev/null
+++ b/pkgs/development/compilers/llvm/8/compiler-rt-armv7l.patch
@@ -0,0 +1,38 @@
+diff -ur compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake
+--- compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake 2018-05-25 06:36:27.000000000 +0900
++++ compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake 2020-05-09 20:26:33.030608692 +0900
+@@ -24,7 +24,7 @@
+
+
+ set(ARM64 aarch64)
+-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
++set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
+ set(HEXAGON hexagon)
+ set(X86 i386)
+ set(X86_64 x86_64)
+diff -ur compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt
+--- compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt 2018-07-31 03:18:59.000000000 +0900
++++ compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt 2020-05-09 20:27:38.893409318 +0900
+@@ -453,6 +453,7 @@
+ set(armv7_SOURCES ${arm_SOURCES})
+ set(armv7s_SOURCES ${arm_SOURCES})
+ set(armv7k_SOURCES ${arm_SOURCES})
++set(armv7l_SOURCES ${arm_SOURCES})
+ set(arm64_SOURCES ${aarch64_SOURCES})
+
+ # macho_embedded archs
+@@ -563,12 +564,12 @@
+ set(_arch ${arch})
+ if("${arch}" STREQUAL "armv6m")
+ set(_arch "arm|armv6m")
+- elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
++ elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
+ set(_arch "arm")
+ endif()
+
+ # For ARM archs, exclude any VFP builtins if VFP is not supported
+- if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
++ if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
+ string(REPLACE ";" " " _TARGET_${arch}_CFLAGS "${TARGET_${arch}_CFLAGS}")
+ check_compile_definition(__VFP_FP__ "${CMAKE_C_FLAGS} ${_TARGET_${arch}_CFLAGS}" COMPILER_RT_HAS_${arch}_VFP)
+ if(NOT COMPILER_RT_HAS_${arch}_VFP)
diff --git a/pkgs/development/compilers/llvm/8/compiler-rt.nix b/pkgs/development/compilers/llvm/8/compiler-rt.nix
index b11659a78cc..1f58cb98e3d 100644
--- a/pkgs/development/compilers/llvm/8/compiler-rt.nix
+++ b/pkgs/development/compilers/llvm/8/compiler-rt.nix
@@ -48,7 +48,8 @@ stdenv.mkDerivation {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
]# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
- ++ stdenv.lib.optional (useLLVM) ./crtbegin-and-end.patch;
+ ++ stdenv.lib.optional (useLLVM) ./crtbegin-and-end.patch
+ ++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
diff --git a/pkgs/development/compilers/llvm/9/compiler-rt-armv7l.patch b/pkgs/development/compilers/llvm/9/compiler-rt-armv7l.patch
new file mode 100644
index 00000000000..89d7f1aec91
--- /dev/null
+++ b/pkgs/development/compilers/llvm/9/compiler-rt-armv7l.patch
@@ -0,0 +1,38 @@
+diff -ur compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake
+--- compiler-rt-7.1.0.src/cmake/builtin-config-ix.cmake 2018-05-25 06:36:27.000000000 +0900
++++ compiler-rt-7.1.0.src-patched/cmake/builtin-config-ix.cmake 2020-05-09 20:26:33.030608692 +0900
+@@ -24,7 +24,7 @@
+
+
+ set(ARM64 aarch64)
+-set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k)
++set(ARM32 arm armhf armv6m armv7m armv7em armv7 armv7s armv7k armv7l)
+ set(HEXAGON hexagon)
+ set(X86 i386)
+ set(X86_64 x86_64)
+diff -ur compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt
+--- compiler-rt-7.1.0.src/lib/builtins/CMakeLists.txt 2018-07-31 03:18:59.000000000 +0900
++++ compiler-rt-7.1.0.src-patched/lib/builtins/CMakeLists.txt 2020-05-09 20:27:38.893409318 +0900
+@@ -453,6 +453,7 @@
+ set(armv7_SOURCES ${arm_SOURCES})
+ set(armv7s_SOURCES ${arm_SOURCES})
+ set(armv7k_SOURCES ${arm_SOURCES})
++set(armv7l_SOURCES ${arm_SOURCES})
+ set(arm64_SOURCES ${aarch64_SOURCES})
+
+ # macho_embedded archs
+@@ -563,12 +564,12 @@
+ set(_arch ${arch})
+ if("${arch}" STREQUAL "armv6m")
+ set(_arch "arm|armv6m")
+- elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
++ elseif("${arch}" MATCHES "^(armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
+ set(_arch "arm")
+ endif()
+
+ # For ARM archs, exclude any VFP builtins if VFP is not supported
+- if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7m|armv7em)$")
++ if (${arch} MATCHES "^(arm|armhf|armv7|armv7s|armv7k|armv7l|armv7m|armv7em)$")
+ string(REPLACE ";" " " _TARGET_${arch}_CFLAGS "${TARGET_${arch}_CFLAGS}")
+ check_compile_definition(__VFP_FP__ "${CMAKE_C_FLAGS} ${_TARGET_${arch}_CFLAGS}" COMPILER_RT_HAS_${arch}_VFP)
+ if(NOT COMPILER_RT_HAS_${arch}_VFP)
diff --git a/pkgs/development/compilers/llvm/9/compiler-rt.nix b/pkgs/development/compilers/llvm/9/compiler-rt.nix
index 7d712017eae..3b92264ad69 100644
--- a/pkgs/development/compilers/llvm/9/compiler-rt.nix
+++ b/pkgs/development/compilers/llvm/9/compiler-rt.nix
@@ -47,7 +47,8 @@ stdenv.mkDerivation rec {
patches = [
./compiler-rt-codesign.patch # Revert compiler-rt commit that makes codesign mandatory
- ];# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
+ ]# ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./sanitizers-nongnu.patch
+ ++ stdenv.lib.optional stdenv.hostPlatform.isAarch32 ./compiler-rt-armv7l.patch;
# TSAN requires XPC on Darwin, which we have no public/free source files for. We can depend on the Apple frameworks
# to get it, but they're unfree. Since LLVM is rather central to the stdenv, we patch out TSAN support so that Hydra
diff --git a/pkgs/development/libraries/libfm/default.nix b/pkgs/development/libraries/libfm/default.nix
index 9145d8fd892..94476984de0 100644
--- a/pkgs/development/libraries/libfm/default.nix
+++ b/pkgs/development/libraries/libfm/default.nix
@@ -28,6 +28,11 @@ stdenv.mkDerivation rec {
"sysconfdir=${placeholder "out"}/etc"
];
+ # libfm-extra is pulled in by menu-cache and thus leads to a collision for libfm
+ postInstall = optional (!extraOnly) ''
+ rm $out/lib/libfm-extra.so $out/lib/libfm-extra.so.* $out/lib/libfm-extra.la $out/lib/pkgconfig/libfm-extra.pc
+ '';
+
enableParallelBuilding = true;
meta = with stdenv.lib; {
diff --git a/pkgs/development/ocaml-modules/async/default.nix b/pkgs/development/ocaml-modules/async/default.nix
deleted file mode 100644
index 230db8189de..00000000000
--- a/pkgs/development/ocaml-modules/async/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{stdenv, buildOcaml, fetchurl, async_kernel_p4,
- async_unix_p4, async_extra_p4, pa_ounit}:
-
-buildOcaml rec {
- name = "async";
- version = "112.24.00";
-
- minimumSupportedOcamlVersion = "4.02";
-
- src = fetchurl {
- url = "https://github.com/janestreet/async/archive/${version}.tar.gz";
- sha256 = "ecc4ca939ab098e689332921b110dbaacd06d9f8d8bf697023dfff3ca37dc1e9";
- };
-
- propagatedBuildInputs = [ async_kernel_p4 async_unix_p4 async_extra_p4 pa_ounit ];
-
- meta = with stdenv.lib; {
- homepage = "https://github.com/janestreet/async";
- description = "Jane Street Capital's asynchronous execution library";
- license = licenses.asl20;
- maintainers = [ maintainers.ericbmerritt ];
- };
-}
diff --git a/pkgs/development/ocaml-modules/janestreet/async.nix b/pkgs/development/ocaml-modules/janestreet/async.nix
deleted file mode 100644
index 8f15531403a..00000000000
--- a/pkgs/development/ocaml-modules/janestreet/async.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{stdenv, buildOcamlJane, async_kernel,
- async_unix, async_extra}:
-
-buildOcamlJane {
- name = "async";
- version = "113.33.03";
- hash = "0wyspkp8k833fh03r3h016nbfn6kjfhvb2bg42cly6agcak59fmr";
- propagatedBuildInputs = [ async_kernel async_unix async_extra ];
-
- meta = with stdenv.lib; {
- homepage = "https://github.com/janestreet/async";
- description = "Jane Street Capital's asynchronous execution library";
- license = licenses.asl20;
- maintainers = [ maintainers.maurer maintainers.ericbmerritt ];
- };
-}
diff --git a/pkgs/development/ocaml-modules/lablgtk3/default.nix b/pkgs/development/ocaml-modules/lablgtk3/default.nix
index d49208ede60..641f16f69b0 100644
--- a/pkgs/development/ocaml-modules/lablgtk3/default.nix
+++ b/pkgs/development/ocaml-modules/lablgtk3/default.nix
@@ -1,14 +1,14 @@
{ lib, fetchurl, pkgconfig, buildDunePackage, gtk3, cairo2 }:
buildDunePackage rec {
- version = "3.0.beta6";
+ version = "3.1.0";
pname = "lablgtk3";
minimumOCamlVersion = "4.05";
src = fetchurl {
url = "https://github.com/garrigue/lablgtk/releases/download/${version}/lablgtk3-${version}.tbz";
- sha256 = "1jni5cbp54qs7y0dc5zkm28v2brpfwy5miighv7cy0nmmxrsq520";
+ sha256 = "1fn04qwgkwc86jndlrnv4vxcmasjsp1mmcgfznahj1ccc7bv47sv";
};
nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/development/python-modules/fastapi/default.nix b/pkgs/development/python-modules/fastapi/default.nix
index 0ed9d42c3b0..3513f57cdbe 100644
--- a/pkgs/development/python-modules/fastapi/default.nix
+++ b/pkgs/development/python-modules/fastapi/default.nix
@@ -16,7 +16,7 @@
buildPythonPackage rec {
pname = "fastapi";
- version = "0.54.0";
+ version = "0.54.1";
format = "flit";
disabled = !isPy3k;
@@ -24,9 +24,14 @@ buildPythonPackage rec {
owner = "tiangolo";
repo = "fastapi";
rev = version;
- sha256 = "17bicrpr801z71wrn9iimvh7qk6iwyxvr89ialf0s2rxxa2s0yb5";
+ sha256 = "0k0lss8x6lzf0szcli48v28r269fsx1jdkr9q78liz47dz5x03d8";
};
+ postPatch = ''
+ substituteInPlace pyproject.toml \
+ --replace "starlette ==0.13.2" "starlette"
+ '';
+
propagatedBuildInputs = [
uvicorn
starlette
diff --git a/pkgs/development/python-modules/jc/default.nix b/pkgs/development/python-modules/jc/default.nix
index 190d469f836..7ab5d230782 100644
--- a/pkgs/development/python-modules/jc/default.nix
+++ b/pkgs/development/python-modules/jc/default.nix
@@ -1,6 +1,6 @@
{ stdenv
, buildPythonPackage
-, fetchPypi
+, fetchFromGitHub
, ruamel_yaml
, xmltodict
, pygments
@@ -9,12 +9,14 @@
buildPythonPackage rec {
pname = "jc";
- version = "1.10.7";
+ version = "1.10.10";
disabled = isPy27;
- src = fetchPypi {
- inherit pname version;
- sha256 = "198vsnh6j0nv9d7msnvw6qr1bzf0nffjsz7clm11bs7fh3ri3qxp";
+ src = fetchFromGitHub {
+ owner = "kellyjonbrazil";
+ repo = "jc";
+ rev = "v${version}";
+ sha256 = "1rkgk1d1gijic6l6rsvz5mpfhdj8l7qc60aqafj27s4yi5bbqrc7";
};
propagatedBuildInputs = [ ruamel_yaml xmltodict pygments ];
diff --git a/pkgs/development/python-modules/ldap3/default.nix b/pkgs/development/python-modules/ldap3/default.nix
index d9694633704..eb2d09d8d26 100644
--- a/pkgs/development/python-modules/ldap3/default.nix
+++ b/pkgs/development/python-modules/ldap3/default.nix
@@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "ldap3";
- version = "2.6.1";
+ version = "2.7";
src = fetchPypi {
inherit pname version;
- sha256 = "0ag5xqlki6pjk3f50b8ar8vynx2fmkna7rfampv3kdgwg8z6gjr7";
+ sha256 = "1h1q8g1c2nkhx8p5n91bzkvjx5js5didi9xqbnmfrxqbnyc45w0p";
};
propagatedBuildInputs = [ pyasn1 ];
diff --git a/pkgs/development/python-modules/libarcus/default.nix b/pkgs/development/python-modules/libarcus/default.nix
index a3f795f254e..cd5f0aef648 100644
--- a/pkgs/development/python-modules/libarcus/default.nix
+++ b/pkgs/development/python-modules/libarcus/default.nix
@@ -3,7 +3,7 @@
buildPythonPackage rec {
pname = "libarcus";
- version = "4.5.0";
+ version = "4.6.1";
format = "other";
src = fetchFromGitHub {
diff --git a/pkgs/development/python-modules/libsavitar/default.nix b/pkgs/development/python-modules/libsavitar/default.nix
index c7b12e3daf5..32717e127fb 100644
--- a/pkgs/development/python-modules/libsavitar/default.nix
+++ b/pkgs/development/python-modules/libsavitar/default.nix
@@ -2,14 +2,14 @@
buildPythonPackage rec {
pname = "libsavitar";
- version = "4.5.0";
+ version = "4.6.1";
format = "other";
src = fetchFromGitHub {
owner = "Ultimaker";
repo = "libSavitar";
rev = version;
- sha256 = "1l3l8cgaxzqdk93880p2ijrabshdj5sq05cwj1i6jpmhlqc5b9rx";
+ sha256 = "0nk8zl5b0b36wrrkj271ck4phzxsigkjsazndscjslc9nkldmnpq";
};
postPatch = ''
diff --git a/pkgs/development/python-modules/onnx/default.nix b/pkgs/development/python-modules/onnx/default.nix
index 3e2c8bd499d..6c0560bbaff 100644
--- a/pkgs/development/python-modules/onnx/default.nix
+++ b/pkgs/development/python-modules/onnx/default.nix
@@ -18,29 +18,18 @@
buildPythonPackage rec {
pname = "onnx";
- version = "1.6.0";
+ version = "1.7.0";
# Due to Protobuf packaging issues this build of Onnx with Python 2 gives
- # errors on import
+ # errors on import.
+ # Also support for Python 2 will be deprecated from Onnx v1.8.
disabled = isPy27;
src = fetchPypi {
inherit pname version;
- sha256 = "0ig33jl3591041lyylxp52yi20rfrcqx3i030hd6al8iabzc721v";
+ sha256 = "0j6rgfbhsw3a8id8pyg18y93k68lbjbj1kq6qia36h69f6pvlyjy";
};
- # Remove the unqualified requirement for the typing package for running the
- # tests. typing is already required for the installation, where it is
- # correctly qualified so as to only be required for sufficiently old Python
- # versions.
- # This patch should be in the next release (>1.6).
- patches = [
- (fetchpatch {
- url = "https://github.com/onnx/onnx/commit/c963586d0f8dd5740777b2fd06f04ec60816de9f.patch";
- sha256 = "1hl26cw5zckc91gmh0bdah87jyprccxiw0f4i5h1gwkq28hm6wbj";
- })
- ];
-
nativeBuildInputs = [ cmake ];
propagatedBuildInputs = [
@@ -61,13 +50,17 @@ buildPythonPackage rec {
patchShebangs tools/protoc-gen-mypy.py
'';
+ preBuild = ''
+ export MAX_JOBS=$NIX_BUILD_CORES
+ '';
+
# The executables are just utility scripts that aren't too important
postInstall = ''
rm -r $out/bin
'';
- # The setup.py does all the configuration (running CMake)
- dontConfigure = true;
+ # The setup.py does all the configuration
+ dontUseCmakeConfigure = true;
meta = {
homepage = "http://onnx.ai";
diff --git a/pkgs/development/python-modules/parver/default.nix b/pkgs/development/python-modules/parver/default.nix
index c71e39ca111..a51f1c00327 100644
--- a/pkgs/development/python-modules/parver/default.nix
+++ b/pkgs/development/python-modules/parver/default.nix
@@ -11,11 +11,11 @@
buildPythonPackage rec {
pname = "parver";
- version = "0.2.1";
+ version = "0.3.0";
src = fetchPypi {
inherit pname version;
- sha256 = "0jzyylcmjxb0agc4fpdnzdnv2ajvp99rs9pz7qcklnhlmy8scdqv";
+ sha256 = "0a6jp17c1ag6b9yp5xgy9wvznk3g0v2f8gpwkcwxpyc9ygk98zdm";
};
propagatedBuildInputs = [ six attrs arpeggio ];
diff --git a/pkgs/development/python-modules/plotly/default.nix b/pkgs/development/python-modules/plotly/default.nix
index ecb5f7cc3ad..2d14488c4ee 100644
--- a/pkgs/development/python-modules/plotly/default.nix
+++ b/pkgs/development/python-modules/plotly/default.nix
@@ -11,11 +11,11 @@
buildPythonPackage rec {
pname = "plotly";
- version = "4.4.1";
+ version = "4.6.0";
src = fetchPypi {
inherit pname version;
- sha256 = "acc94f17452471ca3446c2ce491c4d1affb99b9ddd9eac4e05614ac4318f8780";
+ sha256 = "0br996lqbyq1prq9hhrzkgpicz5fgvxamzjrrpms20a2y1alkwv1";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/pyGithub/default.nix b/pkgs/development/python-modules/pyGithub/default.nix
index 2102554face..cf0784024f1 100644
--- a/pkgs/development/python-modules/pyGithub/default.nix
+++ b/pkgs/development/python-modules/pyGithub/default.nix
@@ -12,14 +12,14 @@
buildPythonPackage rec {
pname = "PyGithub";
- version = "1.47";
+ version = "1.51";
disabled = !isPy3k;
src = fetchFromGitHub {
owner = "PyGithub";
repo = "PyGithub";
rev = "v${version}";
- sha256 = "0zvp1gib2lryw698vxkbdv40n3lsmdlhwp7vdcg41dqqa5nfryhn";
+ hash = "sha256-8uQCFiw1ByPOX8ZRUlSLYPIibjmd19r/JtTnmQdz5cM=";
};
checkInputs = [ httpretty parameterized pytestCheckHook ];
diff --git a/pkgs/development/python-modules/pyenchant/default.nix b/pkgs/development/python-modules/pyenchant/default.nix
index 472cdc7118d..91626bd5e55 100644
--- a/pkgs/development/python-modules/pyenchant/default.nix
+++ b/pkgs/development/python-modules/pyenchant/default.nix
@@ -1,16 +1,18 @@
{ stdenv
, buildPythonPackage
+, isPy27
, fetchPypi
, enchant2
}:
buildPythonPackage rec {
pname = "pyenchant";
- version = "2.0.0";
+ version = "3.0.1";
+ disabled = isPy27;
src = fetchPypi {
inherit pname version;
- sha256 = "fc31cda72ace001da8fe5d42f11c26e514a91fa8c70468739216ddd8de64e2a0";
+ sha256 = "0nfmckqm45fbfz795qw5hgvygdxgxchdiwp3kmm1k05z99j6mlhv";
};
propagatedBuildInputs = [ enchant2 ];
diff --git a/pkgs/development/python-modules/pytest-metadata/default.nix b/pkgs/development/python-modules/pytest-metadata/default.nix
index 369ddf2c476..9b25e2045e9 100644
--- a/pkgs/development/python-modules/pytest-metadata/default.nix
+++ b/pkgs/development/python-modules/pytest-metadata/default.nix
@@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "pytest-metadata";
- version = "1.8.0";
+ version = "1.9.0";
src = fetchPypi {
inherit pname version;
- sha256 = "1fk6icip2x1nh4kzhbc8cnqrs77avpqvj7ny3xadfh6yhn9aaw90";
+ sha256 = "1711gippwsl7c1wi8pc2y75xqq5sn1sscpqvrxjvpjm8pcx2138n";
};
nativeBuildInputs = [ setuptools_scm ];
diff --git a/pkgs/development/python-modules/pyudev/default.nix b/pkgs/development/python-modules/pyudev/default.nix
index dedec796e65..c26f9bcabe6 100644
--- a/pkgs/development/python-modules/pyudev/default.nix
+++ b/pkgs/development/python-modules/pyudev/default.nix
@@ -4,11 +4,11 @@
buildPythonPackage rec {
pname = "pyudev";
- version = "0.21.0";
+ version = "0.22.0";
src = fetchPypi {
inherit pname version;
- sha256 = "0arz0dqp75sszsmgm6vhg92n1lsx91ihddx3m944f4ah0487ljq9";
+ sha256 = "0xmj6l08iih2js9skjqpv4w7y0dhxyg91zmrs6v5aa65gbmipfv9";
};
postPatch = ''
diff --git a/pkgs/development/python-modules/rdflib/default.nix b/pkgs/development/python-modules/rdflib/default.nix
index 87d99623057..261ba794e70 100644
--- a/pkgs/development/python-modules/rdflib/default.nix
+++ b/pkgs/development/python-modules/rdflib/default.nix
@@ -10,11 +10,11 @@
buildPythonPackage rec {
pname = "rdflib";
- version = "4.2.2";
+ version = "5.0.0";
src = fetchPypi {
inherit pname version;
- sha256 = "0398c714znnhaa2x7v51b269hk20iz073knq2mvmqp2ma92z27fs";
+ sha256 = "0mdi7xh4zcr3ngqwlgqdqf0i5bxghwfddyxdng1zwpiqkpa9s53q";
};
propagatedBuildInputs = [isodate html5lib SPARQLWrapper ];
diff --git a/pkgs/development/python-modules/rfc3986/default.nix b/pkgs/development/python-modules/rfc3986/default.nix
index 7d8a44365c4..3af6d2f022b 100644
--- a/pkgs/development/python-modules/rfc3986/default.nix
+++ b/pkgs/development/python-modules/rfc3986/default.nix
@@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "rfc3986";
- version = "1.3.2";
+ version = "1.4.0";
src = fetchPypi {
inherit pname version;
- sha256 = "0344d0bd428126ce554e7ca2b61787b6a28d2bbd19fc70ed2dd85efe31176405";
+ sha256 = "17dvx15m3r49bmif5zlli8kzjd6bys6psixzbp14sd5367d9h8qi";
};
checkInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/snakeviz/default.nix b/pkgs/development/python-modules/snakeviz/default.nix
index efb0a23a7c6..a34996b8734 100644
--- a/pkgs/development/python-modules/snakeviz/default.nix
+++ b/pkgs/development/python-modules/snakeviz/default.nix
@@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "snakeviz";
- version = "2.0.1";
+ version = "2.1.0";
src = fetchPypi {
inherit pname version;
- sha256 = "11a8cd4g98vq2x61i99ncl5w83clnndwg909ya4y1cdf0k1ckb40";
+ sha256 = "0s6byw23hr2khqx2az36hpi52fk4v6bfm1bb7biaf0d2nrpqgbcj";
};
# Upstream doesn't run tests from setup.py
diff --git a/pkgs/development/python-modules/sparse/default.nix b/pkgs/development/python-modules/sparse/default.nix
index 483fc12915f..355453ed26e 100644
--- a/pkgs/development/python-modules/sparse/default.nix
+++ b/pkgs/development/python-modules/sparse/default.nix
@@ -10,13 +10,13 @@
buildPythonPackage rec {
pname = "sparse";
- version = "0.8.0";
+ version = "0.9.1";
disabled = !isPy3k;
src = fetchPypi {
inherit pname version;
- sha256 = "a3dc14ee5314caa2e64331b0b50c8f92e8999d7d275179a804a114e6cb1f8b81";
+ sha256 = "04gfwm1y9knryx992biniqa3978n3chr38iy3y4i2b8wy52fzy3d";
};
checkInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/starlette/default.nix b/pkgs/development/python-modules/starlette/default.nix
index cad0aa79705..842622e56f8 100644
--- a/pkgs/development/python-modules/starlette/default.nix
+++ b/pkgs/development/python-modules/starlette/default.nix
@@ -26,14 +26,14 @@ buildPythonPackage rec {
# https://github.com/tiangolo/fastapi/issues/683. Please update when
# possible. FastAPI is currently Starlette's only dependent.
- version = "0.13.2";
+ version = "0.13.4";
disabled = isPy27;
src = fetchFromGitHub {
owner = "encode";
repo = pname;
rev = version;
- sha256 = "1ls8d121zyyhry5ji7gf7vjvhyqdpr4za3qx1llq48943fmaxxpq";
+ sha256 = "1rk20rj62iigkkikb80bmalriyg1j3g28s25l8z2gijagv1v5c7l";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/stripe/default.nix b/pkgs/development/python-modules/stripe/default.nix
index ff520c5ffe3..109a5f6c769 100644
--- a/pkgs/development/python-modules/stripe/default.nix
+++ b/pkgs/development/python-modules/stripe/default.nix
@@ -2,7 +2,7 @@
buildPythonPackage rec {
pname = "stripe";
- version = "2.44.0";
+ version = "2.47.0";
# Tests require network connectivity and there's no easy way to disable
# them. ~ C.
@@ -10,7 +10,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
- sha256 = "0aaaf8dp989im2n0cdmslq0ys4ia970yl1irhxiwwqarmh6fap5i";
+ sha256 = "14skddrf2nl25bvcyys0bgibjqkcivvfdywzldqjzyqvbwr4mkal";
};
propagatedBuildInputs = [ requests ];
diff --git a/pkgs/development/python-modules/subliminal/default.nix b/pkgs/development/python-modules/subliminal/default.nix
index 4c8bf7f6ba6..25e20a44118 100644
--- a/pkgs/development/python-modules/subliminal/default.nix
+++ b/pkgs/development/python-modules/subliminal/default.nix
@@ -28,11 +28,11 @@
buildPythonPackage rec {
pname = "subliminal";
- version = "2.0.5";
+ version = "2.1.0";
src = fetchPypi {
inherit pname version;
- sha256 = "1dzv5csjcwgz69aimarx2c6606ckm2gbn4x2mzydcqnyai7sayhl";
+ sha256 = "12v2clnbic8320fjsvkg3xfxfa7x8inhjk61z00pzwx46g3rqhy6";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/testfixtures/default.nix b/pkgs/development/python-modules/testfixtures/default.nix
index 0c0db60f2c0..b3db882c82b 100644
--- a/pkgs/development/python-modules/testfixtures/default.nix
+++ b/pkgs/development/python-modules/testfixtures/default.nix
@@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "testfixtures";
- version = "6.10.3";
+ version = "6.14.1";
src = fetchPypi {
inherit pname version;
- sha256 = "8f22100d4fb841b958f64e71c8820a32dc46f57d4d7e077777b932acd87b7327";
+ sha256 = "0rh38zj8wywgqlsi5j75c7drpqhkrg50qknj1kdmvg4kdlab7ljq";
};
checkInputs = [ pytest mock sybil zope_component twisted ];
diff --git a/pkgs/development/python-modules/trimesh/default.nix b/pkgs/development/python-modules/trimesh/default.nix
new file mode 100644
index 00000000000..a65ea1e98ba
--- /dev/null
+++ b/pkgs/development/python-modules/trimesh/default.nix
@@ -0,0 +1,24 @@
+{ lib, buildPythonPackage, fetchPypi, numpy }:
+
+buildPythonPackage rec {
+ pname = "trimesh";
+ version = "3.6.36";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "1m8dqqyzazrjk4d32cqn4d8gvbfcwgs2qbmgvpi2f2mi5vnp6d85";
+ };
+
+ propagatedBuildInputs = [ numpy ];
+
+ # tests are not included in pypi distributions and would require lots of
+ # optional dependencies
+ doCheck = false;
+
+ meta = with lib; {
+ description = "Python library for loading and using triangular meshes.";
+ homepage = "https://trimsh.org/";
+ license = licenses.mit;
+ maintainers = with maintainers; [ gebner ];
+ };
+}
diff --git a/pkgs/development/python-modules/uranium/default.nix b/pkgs/development/python-modules/uranium/default.nix
index 1ab67be5bdc..af13fa8d17a 100644
--- a/pkgs/development/python-modules/uranium/default.nix
+++ b/pkgs/development/python-modules/uranium/default.nix
@@ -2,7 +2,7 @@
, pyqt5, numpy, scipy, shapely, libarcus, doxygen, gettext, pythonOlder }:
buildPythonPackage rec {
- version = "4.5.0";
+ version = "4.6.1";
pname = "uranium";
format = "other";
@@ -10,7 +10,7 @@ buildPythonPackage rec {
owner = "Ultimaker";
repo = "Uranium";
rev = version;
- sha256 = "1l8fwj521irla42bdbw298d3c5rjpn1nm9xhjnx7hidbqixr5d27";
+ sha256 = "07pksjbgxs1ks2i6pgxkwfg9c56pcql7f9p89dnwaf2rcn7yhx6r";
};
disabled = pythonOlder "3.5.0";
diff --git a/pkgs/development/python-modules/xapp/default.nix b/pkgs/development/python-modules/xapp/default.nix
index 440db343025..de779fc2c00 100644
--- a/pkgs/development/python-modules/xapp/default.nix
+++ b/pkgs/development/python-modules/xapp/default.nix
@@ -11,13 +11,13 @@
buildPythonPackage rec {
pname = "xapp";
- version = "1.8.1";
+ version = "2.0.1";
src = fetchFromGitHub {
owner = "linuxmint";
repo = "python-xapp";
rev = version;
- sha256 = "0vw3cn09nx75lv4d9idp5fdhd81xs279zhbyyilynq29cxxs2zil";
+ sha256 = "1pp3z4q6ryxcc26kaq222j53ji110n2v7rx29c7vy1fbb8mq64im";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/yamllint/default.nix b/pkgs/development/python-modules/yamllint/default.nix
index b883a3d2bc8..c01c862e2f4 100644
--- a/pkgs/development/python-modules/yamllint/default.nix
+++ b/pkgs/development/python-modules/yamllint/default.nix
@@ -3,11 +3,11 @@
buildPythonPackage rec {
pname = "yamllint";
- version = "1.21.0";
+ version = "1.23.0";
src = fetchPypi {
inherit pname version;
- sha256 = "14yijcnmanyd3s2ir38sxl07rzpxgpgw9s6b8sy68jrl7n5nj7ky";
+ sha256 = "1agl80csxhiqglm0idwhw98iqfpp61c9inzcdaz4czsfyivzzwsr";
};
checkInputs = [ nose ];
diff --git a/pkgs/development/r-modules/default.nix b/pkgs/development/r-modules/default.nix
index 68faec99dbc..9ebd0e2b1d7 100644
--- a/pkgs/development/r-modules/default.nix
+++ b/pkgs/development/r-modules/default.nix
@@ -444,6 +444,7 @@ let
sundialr = [ pkgs.libiconv ];
ucminf = [ pkgs.libiconv ];
glmnet = [ pkgs.libiconv ];
+ mvtnorm = [ pkgs.libiconv ];
};
packagesRequireingX = [
diff --git a/pkgs/development/tools/misc/texlab/default.nix b/pkgs/development/tools/misc/texlab/default.nix
index 5cc67cb5e17..0076884e2ed 100644
--- a/pkgs/development/tools/misc/texlab/default.nix
+++ b/pkgs/development/tools/misc/texlab/default.nix
@@ -6,16 +6,16 @@
rustPlatform.buildRustPackage rec {
pname = "texlab";
- version = "2.0.0";
+ version = "2.1.0";
src = fetchFromGitHub {
owner = "latex-lsp";
repo = pname;
rev = "v${version}";
- sha256 = "0y8cv8y92a4nqwrvqk2cxgs6nspqjk8jm4spr8rgkwlpfbrg74xn";
+ sha256 = "0cmciadiknw6w573v71spzf5ydaz2xxm2snv3n1hks732nahlr56";
};
- cargoSha256 = "1qi1c4v5d5a4xcf1bjbdicrv35w6chl5swlm96c1h3pr9s09lqy7";
+ cargoSha256 = "0dhbbni8ia0dkwjacx5jlr5rj7173nsbivm9gjsx9j8ais0f0hff";
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security ];
diff --git a/pkgs/development/tools/misc/ycmd/default.nix b/pkgs/development/tools/misc/ycmd/default.nix
index aee7af17730..02298d93b8a 100644
--- a/pkgs/development/tools/misc/ycmd/default.nix
+++ b/pkgs/development/tools/misc/ycmd/default.nix
@@ -2,6 +2,7 @@
, gocode ? null
, godef ? null
, gotools ? null
+, nodePackages ? null
, rustracerd ? null
, fixDarwinDylibNames, Cocoa ? null
}:
@@ -69,6 +70,9 @@ stdenv.mkDerivation {
TARGET=$out/lib/ycmd/third_party/go/src/golang.org/x/tools/cmd/gopls
mkdir -p $TARGET
ln -sf ${gotools}/bin/gopls $TARGET
+ '' + lib.optionalString (nodePackages != null) ''
+ TARGET=$out/lib/ycmd/third_party/tsserver
+ ln -sf ${nodePackages.typescript} $TARGET
'' + lib.optionalString (rustracerd != null) ''
TARGET=$out/lib/ycmd/third_party/racerd/target/release
mkdir -p $TARGET
diff --git a/pkgs/os-specific/linux/kernel/anthraxx.asc b/pkgs/os-specific/linux/kernel/hardened/anthraxx.asc
similarity index 100%
rename from pkgs/os-specific/linux/kernel/anthraxx.asc
rename to pkgs/os-specific/linux/kernel/hardened/anthraxx.asc
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix
similarity index 100%
rename from pkgs/os-specific/linux/kernel/hardened-config.nix
rename to pkgs/os-specific/linux/kernel/hardened/config.nix
diff --git a/pkgs/os-specific/linux/kernel/hardened-patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
similarity index 100%
rename from pkgs/os-specific/linux/kernel/hardened-patches.json
rename to pkgs/os-specific/linux/kernel/hardened/patches.json
diff --git a/pkgs/os-specific/linux/kernel/tag-hardened.patch b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch
similarity index 100%
rename from pkgs/os-specific/linux/kernel/tag-hardened.patch
rename to pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch
diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py
new file mode 100755
index 00000000000..3958c85fe20
--- /dev/null
+++ b/pkgs/os-specific/linux/kernel/hardened/update.py
@@ -0,0 +1,277 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i python -p "python38.withPackages (ps: [ps.PyGithub])" git gnupg
+
+# This is automatically called by ../update.sh.
+
+from __future__ import annotations
+
+import json
+import os
+import re
+import subprocess
+import sys
+from dataclasses import dataclass
+from pathlib import Path
+from tempfile import TemporaryDirectory
+from typing import (
+ Dict,
+ Iterator,
+ List,
+ Optional,
+ Sequence,
+ Tuple,
+ TypedDict,
+ Union,
+)
+
+from github import Github
+from github.GitRelease import GitRelease
+
+VersionComponent = Union[int, str]
+Version = List[VersionComponent]
+
+
+Patch = TypedDict("Patch", {"name": str, "url": str, "sha256": str})
+
+
+@dataclass
+class ReleaseInfo:
+ version: Version
+ release: GitRelease
+
+
+HERE = Path(__file__).resolve().parent
+NIXPKGS_KERNEL_PATH = HERE.parent
+NIXPKGS_PATH = HERE.parents[4]
+HARDENED_GITHUB_REPO = "anthraxx/linux-hardened"
+HARDENED_TRUSTED_KEY = HERE / "anthraxx.asc"
+HARDENED_PATCHES_PATH = HERE / "patches.json"
+MIN_KERNEL_VERSION: Version = [4, 14]
+
+
+def run(*args: Union[str, Path]) -> subprocess.CompletedProcess[bytes]:
+ try:
+ return subprocess.run(
+ args,
+ check=True,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ encoding="utf-8",
+ )
+ except subprocess.CalledProcessError as err:
+ print(
+ f"error: `{err.cmd}` failed unexpectedly\n"
+ f"status code: {err.returncode}\n"
+ f"stdout:\n{err.stdout.strip()}\n"
+ f"stderr:\n{err.stderr.strip()}",
+ file=sys.stderr,
+ )
+ sys.exit(1)
+
+
+def nix_prefetch_url(url: str) -> Tuple[str, Path]:
+ output = run("nix-prefetch-url", "--print-path", url).stdout
+ sha256, path = output.strip().split("\n")
+ return sha256, Path(path)
+
+
+def verify_openpgp_signature(
+ *, name: str, trusted_key: Path, sig_path: Path, data_path: Path,
+) -> bool:
+ with TemporaryDirectory(suffix=".nixpkgs-gnupg-home") as gnupg_home_str:
+ gnupg_home = Path(gnupg_home_str)
+ run("gpg", "--homedir", gnupg_home, "--import", trusted_key)
+ keyring = gnupg_home / "pubring.kbx"
+ try:
+ subprocess.run(
+ ("gpgv", "--keyring", keyring, sig_path, data_path),
+ check=True,
+ stderr=subprocess.PIPE,
+ encoding="utf-8",
+ )
+ return True
+ except subprocess.CalledProcessError as err:
+ print(
+ f"error: signature for {name} failed to verify!",
+ file=sys.stderr,
+ )
+ print(err.stderr, file=sys.stderr, end="")
+ return False
+
+
+def fetch_patch(*, name: str, release: GitRelease) -> Optional[Patch]:
+ def find_asset(filename: str) -> str:
+ try:
+ it: Iterator[str] = (
+ asset.browser_download_url
+ for asset in release.get_assets()
+ if asset.name == filename
+ )
+ return next(it)
+ except StopIteration:
+ raise KeyError(filename)
+
+ patch_filename = f"{name}.patch"
+ try:
+ patch_url = find_asset(patch_filename)
+ sig_url = find_asset(patch_filename + ".sig")
+ except KeyError:
+ print(f"error: {patch_filename}{{,.sig}} not present", file=sys.stderr)
+ return None
+
+ sha256, patch_path = nix_prefetch_url(patch_url)
+ _, sig_path = nix_prefetch_url(sig_url)
+ sig_ok = verify_openpgp_signature(
+ name=name,
+ trusted_key=HARDENED_TRUSTED_KEY,
+ sig_path=sig_path,
+ data_path=patch_path,
+ )
+ if not sig_ok:
+ return None
+
+ return Patch(name=patch_filename, url=patch_url, sha256=sha256)
+
+
+def parse_version(version_str: str) -> Version:
+ version: Version = []
+ for component in version_str.split("."):
+ try:
+ version.append(int(component))
+ except ValueError:
+ version.append(component)
+ return version
+
+
+def version_string(version: Version) -> str:
+ return ".".join(str(component) for component in version)
+
+
+def major_kernel_version_key(kernel_version: Version) -> str:
+ return version_string(kernel_version[:-1])
+
+
+def commit_patches(*, kernel_key: str, message: str) -> None:
+ new_patches_path = HARDENED_PATCHES_PATH.with_suffix(".new")
+ with open(new_patches_path, "w") as new_patches_file:
+ json.dump(patches, new_patches_file, indent=4, sort_keys=True)
+ new_patches_file.write("\n")
+ os.rename(new_patches_path, HARDENED_PATCHES_PATH)
+ message = f"linux/hardened/patches/{kernel_key}: {message}"
+ print(message)
+ if os.environ.get("COMMIT"):
+ run(
+ "git",
+ "-C",
+ NIXPKGS_PATH,
+ "commit",
+ f"--message={message}",
+ HARDENED_PATCHES_PATH,
+ )
+
+
+# Load the existing patches.
+patches: Dict[str, Patch]
+with open(HARDENED_PATCHES_PATH) as patches_file:
+ patches = json.load(patches_file)
+
+# Get the set of currently packaged kernel versions.
+kernel_versions = {}
+for filename in os.listdir(NIXPKGS_KERNEL_PATH):
+ filename_match = re.fullmatch(r"linux-(\d+)\.(\d+)\.nix", filename)
+ if filename_match:
+ nix_version_expr = f"""
+ with import {NIXPKGS_PATH} {{}};
+ (callPackage {NIXPKGS_KERNEL_PATH / filename} {{}}).version
+ """
+ kernel_version = parse_version(
+ run(
+ "nix", "eval", "--impure", "--raw", "--expr", nix_version_expr,
+ ).stdout
+ )
+ if kernel_version < MIN_KERNEL_VERSION:
+ continue
+ kernel_key = major_kernel_version_key(kernel_version)
+ kernel_versions[kernel_key] = kernel_version
+
+# Remove patches for unpackaged kernel versions.
+for kernel_key in sorted(patches.keys() - kernel_versions.keys()):
+ commit_patches(kernel_key=kernel_key, message="remove")
+
+g = Github(os.environ.get("GITHUB_TOKEN"))
+repo = g.get_repo(HARDENED_GITHUB_REPO)
+failures = False
+
+# Match each kernel version with the best patch version.
+releases = {}
+for release in repo.get_releases():
+ version = parse_version(release.tag_name)
+ # needs to look like e.g. 5.6.3.a
+ if len(version) < 4:
+ continue
+
+ kernel_version = version[:-1]
+ kernel_key = major_kernel_version_key(kernel_version)
+ try:
+ packaged_kernel_version = kernel_versions[kernel_key]
+ except KeyError:
+ continue
+
+ release_info = ReleaseInfo(version=version, release=release)
+
+ if kernel_version == packaged_kernel_version:
+ releases[kernel_key] = release_info
+ else:
+ # Fall back to the latest patch for this major kernel version,
+ # skipping patches for kernels newer than the packaged one.
+ if kernel_version > packaged_kernel_version:
+ continue
+ elif (
+ kernel_key not in releases or releases[kernel_key].version < version
+ ):
+ releases[kernel_key] = release_info
+
+# Update hardened-patches.json for each release.
+for kernel_key in sorted(releases.keys()):
+ release_info = releases[kernel_key]
+ release = release_info.release
+ version = release_info.version
+ version_str = release.tag_name
+ name = f"linux-hardened-{version_str}"
+
+ old_version: Optional[Version] = None
+ old_version_str: Optional[str] = None
+ update: bool
+ try:
+ old_filename = patches[kernel_key]["name"]
+ old_version_str = old_filename.replace("linux-hardened-", "").replace(
+ ".patch", ""
+ )
+ old_version = parse_version(old_version_str)
+ update = old_version < version
+ except KeyError:
+ update = True
+
+ if update:
+ patch = fetch_patch(name=name, release=release)
+ if patch is None:
+ failures = True
+ else:
+ patches[kernel_key] = patch
+ if old_version:
+ message = f"{old_version_str} -> {version_str}"
+ else:
+ message = f"init at {version_str}"
+ commit_patches(kernel_key=kernel_key, message=message)
+
+missing_kernel_versions = kernel_versions.keys() - patches.keys()
+
+if missing_kernel_versions:
+ print(
+ f"warning: no patches for kernel versions "
+ + ", ".join(missing_kernel_versions),
+ file=sys.stderr,
+ )
+
+if failures:
+ sys.exit(1)
diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix
index b3dea589cd6..8629eb8cf72 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix
@@ -3,7 +3,7 @@
with stdenv.lib;
buildLinux (args // rec {
- version = "4.14.179";
+ version = "4.14.180";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "10arrj3ppbxkn15yxqpxlz4k8yp2afzbfpp2nwfy6klhjiffp9sx";
+ sha256 = "03pd4wpg526n391jwc0kbmbxi059mvq8d42a9qbym9mnv5rzjkj4";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix
index 450c44f0aa0..577138542b3 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.19.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix
@@ -3,7 +3,7 @@
with stdenv.lib;
buildLinux (args // rec {
- version = "4.19.121";
+ version = "4.19.122";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "11bhjdaihhc42xhf4qxdkkjznc0i6igh0ahjbzr3fb8bmq9sirgv";
+ sha256 = "1980vza1vf6cl772dynn4m0rgdjazbn125kd6sb3s06gqn72cl2h";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix
index 81b32a932e1..58131815e0f 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix
@@ -1,11 +1,11 @@
{ stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:
buildLinux (args // rec {
- version = "4.4.222";
+ version = "4.4.223";
extraMeta.branch = "4.4";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "02zxy5vjxgrqs0mkz5aj70v6pazhif7x5cm26rf8zh4idpmhk2zh";
+ sha256 = "09fln0sdfif2zv2jifp24yiqi0vcyj8fqx2jz91g21zvsxk3x5nd";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index a9757aa2f10..9f2c7659abb 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,11 +1,11 @@
{ stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:
buildLinux (args // rec {
- version = "4.9.222";
+ version = "4.9.223";
extraMeta.branch = "4.9";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "0aajgflf96bj7chbd83rdmgcdwd025c6mz6li4cwbfx7xcb91kjc";
+ sha256 = "1r9ag1fhy0g429q44qlqh0qkf42qkhzxa04gxlmnrinqypk00lyg";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix
index 5ca72d8a6a5..ffe59480915 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix
@@ -3,7 +3,7 @@
with stdenv.lib;
buildLinux (args // rec {
- version = "5.4.39";
+ version = "5.4.40";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
- sha256 = "1j35yf1nilb9z7lw8w2drpww7q2zy8zfr0ip8hwcbcd7c5d9chai";
+ sha256 = "1ar001rljlr15rcl77la5y1cj3plaqhdblnh87xsmv47fq13yml3";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.6.nix b/pkgs/os-specific/linux/kernel/linux-5.6.nix
index 7cd3987f87c..844fb18c21a 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.6.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.6.nix
@@ -3,7 +3,7 @@
with stdenv.lib;
buildLinux (args // rec {
- version = "5.6.11";
+ version = "5.6.12";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
- sha256 = "1ahv4a3mnszqs3qcnwmhbvjgis1jg37anj5jvn70i7s2k6z6rpfn";
+ sha256 = "0892ar2irfhd612sb8jpx85w0wwh4n76jgsv8wb92fp6mim37sns";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 1c4af8c32a6..8ce1ac2b587 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -35,7 +35,7 @@
tag_hardened = {
name = "tag-hardened";
- patch = ./tag-hardened.patch;
+ patch = ./hardened/tag-hardened.patch;
};
hardened = let
@@ -43,7 +43,7 @@
name = lib.removeSuffix ".patch" src.name;
patch = fetchurl src;
};
- patches = builtins.fromJSON (builtins.readFile ./hardened-patches.json);
+ patches = builtins.fromJSON (builtins.readFile ./hardened/patches.json);
in lib.mapAttrs mkPatch patches;
# https://bugzilla.kernel.org/show_bug.cgi?id=197591#c6
diff --git a/pkgs/os-specific/linux/kernel/update-hardened.py b/pkgs/os-specific/linux/kernel/update-hardened.py
deleted file mode 100755
index 7f6949653af..00000000000
--- a/pkgs/os-specific/linux/kernel/update-hardened.py
+++ /dev/null
@@ -1,229 +0,0 @@
-#! /usr/bin/env nix-shell
-#! nix-shell -i python -p "python3.withPackages (ps: [ps.PyGithub])" git gnupg
-
-# This is automatically called by ./update.sh.
-
-import re
-import json
-import sys
-import os.path
-from glob import glob
-import subprocess
-from tempfile import TemporaryDirectory
-
-from github import Github
-
-HERE = os.path.dirname(os.path.realpath(__file__))
-HARDENED_GITHUB_REPO = 'anthraxx/linux-hardened'
-HARDENED_TRUSTED_KEY = os.path.join(HERE, 'anthraxx.asc')
-HARDENED_PATCHES_PATH = os.path.join(HERE, 'hardened-patches.json')
-MIN_KERNEL_VERSION = [4, 14]
-
-def run(*args, **kwargs):
- try:
- return subprocess.run(
- args, **kwargs,
- check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
- )
- except subprocess.CalledProcessError as err:
- print(
- f'error: `{err.cmd}` failed unexpectedly\n'
- f'status code: {err.returncode}\n'
- f'stdout:\n{err.stdout.decode("utf-8").strip()}\n'
- f'stderr:\n{err.stderr.decode("utf-8").strip()}',
- file=sys.stderr,
- )
- sys.exit(1)
-
-def nix_prefetch_url(url):
- output = run('nix-prefetch-url', '--print-path', url).stdout
- return output.decode('utf-8').strip().split('\n')
-
-def verify_openpgp_signature(*, name, trusted_key, sig_path, data_path):
- with TemporaryDirectory(suffix='.nixpkgs-gnupg-home') as gnupg_home:
- run('gpg', '--homedir', gnupg_home, '--import', trusted_key)
- keyring = os.path.join(gnupg_home, 'pubring.kbx')
- try:
- subprocess.run(
- ('gpgv', '--keyring', keyring, sig_path, data_path),
- check=True, stderr=subprocess.PIPE,
- )
- return True
- except subprocess.CalledProcessError as err:
- print(
- f'error: signature for {name} failed to verify!',
- file=sys.stderr,
- )
- print(err.stderr.decode('utf-8'), file=sys.stderr, end='')
- return False
-
-def fetch_patch(*, name, release):
- def find_asset(filename):
- try:
- return next(
- asset.browser_download_url
- for asset in release.get_assets()
- if asset.name == filename
- )
- except StopIteration:
- raise KeyError(filename)
-
- patch_filename = f'{name}.patch'
- try:
- patch_url = find_asset(patch_filename)
- sig_url = find_asset(patch_filename + '.sig')
- except KeyError:
- print(f'error: {patch_filename}{{,.sig}} not present', file=sys.stderr)
- return None
-
- sha256, patch_path = nix_prefetch_url(patch_url)
- _, sig_path = nix_prefetch_url(sig_url)
- sig_ok = verify_openpgp_signature(
- name=name,
- trusted_key=HARDENED_TRUSTED_KEY,
- sig_path=sig_path,
- data_path=patch_path,
- )
- if not sig_ok:
- return None
-
- return {
- 'name': patch_filename,
- 'url': patch_url,
- 'sha256': sha256,
- }
-
-def parse_version(version_str):
- version = []
- for component in version_str.split('.'):
- try:
- version.append(int(component))
- except ValueError:
- version.append(component)
- return version
-
-def version_string(version):
- return '.'.join(str(component) for component in version)
-
-def major_kernel_version_key(kernel_version):
- return version_string(kernel_version[:-1])
-
-def commit_patches(*, kernel_key, message):
- with open(HARDENED_PATCHES_PATH + '.new', 'w') as new_patches_file:
- json.dump(patches, new_patches_file, indent=4, sort_keys=True)
- new_patches_file.write('\n')
- os.rename(HARDENED_PATCHES_PATH + '.new', HARDENED_PATCHES_PATH)
- message = f'linux/hardened-patches/{kernel_key}: {message}'
- print(message)
- if os.environ.get('COMMIT'):
- run(
- 'git', '-C', HERE, 'commit', f'--message={message}',
- 'hardened-patches.json',
- )
-
-# Load the existing patches.
-with open(HARDENED_PATCHES_PATH) as patches_file:
- patches = json.load(patches_file)
-
-NIX_VERSION_RE = re.compile(r'''
- \s* version \s* =
- \s* " (?P [^"]*) "
- \s* ; \s* \n
-''', re.VERBOSE)
-
-# Get the set of currently packaged kernel versions.
-kernel_versions = {}
-for filename in os.listdir(HERE):
- filename_match = re.fullmatch(r'linux-(\d+)\.(\d+)\.nix', filename)
- if filename_match:
- with open(os.path.join(HERE, filename)) as nix_file:
- for nix_line in nix_file:
- match = NIX_VERSION_RE.fullmatch(nix_line)
- if match:
- kernel_version = parse_version(match.group('version'))
- if kernel_version < MIN_KERNEL_VERSION:
- continue
- kernel_key = major_kernel_version_key(kernel_version)
- kernel_versions[kernel_key] = kernel_version
-
-# Remove patches for unpackaged kernel versions.
-for kernel_key in sorted(patches.keys() - kernel_versions.keys()):
- commit_patches(kernel_key=kernel_key, message='remove')
-
-g = Github(os.environ.get('GITHUB_TOKEN'))
-repo = g.get_repo(HARDENED_GITHUB_REPO)
-
-failures = False
-
-# Match each kernel version with the best patch version.
-releases = {}
-for release in repo.get_releases():
- version = parse_version(release.tag_name)
- # needs to look like e.g. 5.6.3.a
- if len(version) < 4:
- continue
-
- kernel_version = version[:-1]
- kernel_key = major_kernel_version_key(kernel_version)
- try:
- packaged_kernel_version = kernel_versions[kernel_key]
- except KeyError:
- continue
-
- release_info = {
- 'version': version,
- 'release': release,
- }
-
- if kernel_version == packaged_kernel_version:
- releases[kernel_key] = release_info
- else:
- # Fall back to the latest patch for this major kernel version,
- # skipping patches for kernels newer than the packaged one.
- if kernel_version > packaged_kernel_version:
- continue
- elif (kernel_key not in releases or
- releases[kernel_key]['version'] < version):
- releases[kernel_key] = release_info
-
-# Update hardened-patches.json for each release.
-for kernel_key, release_info in releases.items():
- release = release_info['release']
- version = release_info['version']
- version_str = release.tag_name
- name = f'linux-hardened-{version_str}'
-
- try:
- old_filename = patches[kernel_key]['name']
- old_version_str = (old_filename
- .replace('linux-hardened-', '')
- .replace('.patch', ''))
- old_version = parse_version(old_version_str)
- update = old_version < version
- except KeyError:
- update = True
- old_version = None
-
- if update:
- patch = fetch_patch(name=name, release=release)
- if patch is None:
- failures = True
- else:
- patches[kernel_key] = patch
- if old_version:
- message = f'{old_version_str} -> {version_str}'
- else:
- message = f'init at {version_str}'
- commit_patches(kernel_key=kernel_key, message=message)
-
-missing_kernel_versions = kernel_versions.keys() - patches.keys()
-
-if missing_kernel_versions:
- print(
- f'warning: no patches for kernel versions ' +
- ', '.join(missing_kernel_versions),
- file=sys.stderr,
- )
-
-if failures:
- sys.exit(1)
diff --git a/pkgs/os-specific/linux/kernel/update.sh b/pkgs/os-specific/linux/kernel/update.sh
index c483661b6f5..55fdce06c97 100755
--- a/pkgs/os-specific/linux/kernel/update.sh
+++ b/pkgs/os-specific/linux/kernel/update.sh
@@ -62,4 +62,4 @@ done
COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-libre.sh
# Update linux-hardened
-COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/update-hardened.py
+COMMIT=1 $NIXPKGS/pkgs/os-specific/linux/kernel/hardened/update.py
diff --git a/pkgs/os-specific/linux/uclibc/default.nix b/pkgs/os-specific/linux/uclibc/default.nix
index 5f401411074..c9da86b7898 100644
--- a/pkgs/os-specific/linux/uclibc/default.nix
+++ b/pkgs/os-specific/linux/uclibc/default.nix
@@ -48,7 +48,7 @@ let
UCLIBC_HAS_FPU n
'';
- version = "1.0.32";
+ version = "1.0.33";
in
stdenv.mkDerivation {
@@ -58,7 +58,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "https://downloads.uclibc-ng.org/releases/${version}/uClibc-ng-${version}.tar.bz2";
# from "${url}.sha256";
- sha256 = "0cp4xf3k0ib76xaz6n6i7yybw7s92s607ak8svq1kakwk0d1jjbv";
+ sha256 = "0qy9xsqacrhhrxd16azm26pqb2ks6c43wbrlq3i8xmq2917kw3xi";
};
# 'ftw' needed to build acl, a coreutils dependency
diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix
index 67a914b6a98..80bc1458ad7 100644
--- a/pkgs/servers/http/nginx/generic.nix
+++ b/pkgs/servers/http/nginx/generic.nix
@@ -68,6 +68,14 @@ stdenv.mkDerivation {
"--with-http_stub_status_module"
"--with-threads"
"--with-pcre-jit"
+ "--http-log-path=/var/log/nginx/access.log"
+ "--error-log-path=/var/log/nginx/error.log"
+ "--pid-path=/var/log/nginx/nginx.pid"
+ "--http-client-body-temp-path=/var/cache/nginx/client_body"
+ "--http-proxy-temp-path=/var/cache/nginx/proxy"
+ "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
+ "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
+ "--http-scgi-temp-path=/var/cache/nginx/scgi"
] ++ optionals withDebug [
"--with-debug"
] ++ optionals withStream [
@@ -99,26 +107,28 @@ stdenv.mkDerivation {
preConfigure = preConfigure
+ concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
- patches = map fixPatch
- (singleton (substituteAll {
+ patches = map fixPatch ([
+ (substituteAll {
src = ./nix-etag-1.15.4.patch;
preInstall = ''
export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
'';
- }) ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
- (fetchpatch {
- url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
- sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
- })
- (fetchpatch {
- url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
- sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
- })
- (fetchpatch {
- url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
- sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
- })
- ] ++ mapModules "patches");
+ })
+ ./nix-skip-check-logs-path.patch
+ ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
+ sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
+ })
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
+ sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
+ })
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
+ sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
+ })
+ ] ++ mapModules "patches");
hardeningEnable = optional (!stdenv.isDarwin) "pie";
diff --git a/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch b/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch
new file mode 100644
index 00000000000..a823660cc32
--- /dev/null
+++ b/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch
@@ -0,0 +1,27 @@
+diff --git a/auto/install b/auto/install
+index d884487..dccc411 100644
+--- a/auto/install
++++ b/auto/install
+@@ -148,12 +148,6 @@ install: build $NGX_INSTALL_PERL_MODULES
+ || cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH'
+ cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default'
+
+- test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \\
+- || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`'
+-
+- test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \\
+- || mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`'
+-
+ test -d '\$(DESTDIR)$NGX_PREFIX/html' \\
+ || cp -R $NGX_HTML '\$(DESTDIR)$NGX_PREFIX'
+ END
+@@ -161,9 +155,6 @@ END
+
+ if test -n "$NGX_ERROR_LOG_PATH"; then
+ cat << END >> $NGX_MAKEFILE
+-
+- test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' \\
+- || mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`'
+ END
+
+ fi
diff --git a/pkgs/servers/http/openresty/default.nix b/pkgs/servers/http/openresty/default.nix
index 0e87b971985..9c01cfb19e1 100644
--- a/pkgs/servers/http/openresty/default.nix
+++ b/pkgs/servers/http/openresty/default.nix
@@ -16,10 +16,11 @@ callPackage ../nginx/generic.nix args rec {
sha256 = "1a1la7vszv1parsnhphydblz64ffhycazncn3ividnvqg2mg735n";
};
- fixPatch = patch:
- runCommand "openresty-${patch.name}" { src = patch; } ''
+ fixPatch = patch: let name = patch.name or (builtins.baseNameOf patch); in
+ runCommand "openresty-${name}" { src = patch; } ''
substitute $src $out \
- --replace "src/" "bundle/nginx-${nginxVersion}/src/"
+ --replace "a/" "a/bundle/nginx-${nginxVersion}/" \
+ --replace "b/" "b/bundle/nginx-${nginxVersion}/"
'';
buildInputs = [ postgresql ];
diff --git a/pkgs/servers/http/tengine/default.nix b/pkgs/servers/http/tengine/default.nix
index 1593ad0c06f..f3cae597ef9 100644
--- a/pkgs/servers/http/tengine/default.nix
+++ b/pkgs/servers/http/tengine/default.nix
@@ -1,5 +1,5 @@
{ stdenv, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt
-, gd, geoip, gperftools, jemalloc
+, substituteAll, gd, geoip, gperftools, jemalloc
, withDebug ? false
, withMail ? false
, withStream ? false
@@ -24,8 +24,14 @@ stdenv.mkDerivation rec {
[ openssl zlib pcre libxml2 libxslt gd geoip gperftools jemalloc ]
++ concatMap (mod: mod.inputs or []) modules;
- patches = [
+ patches = singleton (substituteAll {
+ src = ../nginx/nix-etag-1.15.4.patch;
+ preInstall = ''
+ export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
+ '';
+ }) ++ [
./check-resolv-conf.patch
+ ../nginx/nix-skip-check-logs-path.patch
];
configureFlags = [
@@ -53,6 +59,14 @@ stdenv.mkDerivation rec {
"--with-poll_module"
"--with-google_perftools_module"
"--with-jemalloc"
+ "--http-log-path=/var/log/nginx/access.log"
+ "--error-log-path=/var/log/nginx/error.log"
+ "--pid-path=/var/log/nginx/nginx.pid"
+ "--http-client-body-temp-path=/var/cache/nginx/client_body"
+ "--http-proxy-temp-path=/var/cache/nginx/proxy"
+ "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi"
+ "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi"
+ "--http-scgi-temp-path=/var/cache/nginx/scgi"
] ++ optionals withDebug [
"--with-debug"
] ++ optionals withMail [
diff --git a/pkgs/tools/misc/nix-direnv/default.nix b/pkgs/tools/misc/nix-direnv/default.nix
new file mode 100644
index 00000000000..cff7df1801f
--- /dev/null
+++ b/pkgs/tools/misc/nix-direnv/default.nix
@@ -0,0 +1,36 @@
+{ lib, stdenv, fetchFromGitHub, gnugrep, nix }:
+
+stdenv.mkDerivation rec {
+ pname = "nix-direnv";
+ version = "1.0.0";
+
+ src = fetchFromGitHub {
+ owner = "nix-community";
+ repo = "nix-direnv";
+ rev = "${version}";
+ sha256 = "1lwmg6mn3lf7s0345v53zadxn9v0x8z6pcbj90v5dx3pgrq41gs8";
+ };
+
+ # Substitute instead of wrapping because the resulting file is
+ # getting sourced, not executed:
+ postPatch = ''
+ substituteInPlace direnvrc \
+ --replace "grep" "${gnugrep}/bin/grep" \
+ --replace "nix-shell" "${nix}/bin/nix-shell" \
+ --replace "nix-instantiate" "${nix}/bin/nix-instantiate"
+ '';
+
+ installPhase = ''
+ runHook preInstall
+ install -m500 -D direnvrc $out/share/nix-direnv/direnvrc
+ runHook postInstall
+ '';
+
+ meta = with stdenv.lib; {
+ description = "A fast, persistent use_nix implementation for direnv";
+ homepage = "https://github.com/nix-community/nix-direnv";
+ license = licenses.mit;
+ platforms = platforms.unix;
+ maintainers = with maintainers; [ mic92 ];
+ };
+}
diff --git a/pkgs/tools/networking/amass/default.nix b/pkgs/tools/networking/amass/default.nix
index be6d05ef426..116b0b25306 100644
--- a/pkgs/tools/networking/amass/default.nix
+++ b/pkgs/tools/networking/amass/default.nix
@@ -5,16 +5,16 @@
buildGoModule rec {
pname = "amass";
- version = "3.5.5";
+ version = "3.6.0";
src = fetchFromGitHub {
owner = "OWASP";
repo = "Amass";
rev = "v${version}";
- sha256 = "1w93ia9jr2afgkbaklx2rj0ccd0ghg1qbdg363aqqvyw40ccya1r";
+ sha256 = "05rh61dx4f9kv5p8sahhwwiyivwq438fl30j9d97i4sagvb5jvvm";
};
- modSha256 = "051fxfh7lwrj3hzsgr2c2ga6hksz56673lg35y36sz4d93yldj6f";
+ modSha256 = "1k7yd2lh6hwz3qm6ywrlr1qw0asqwdgrpj594v1gvav426yqyr6s";
outputs = [ "out" "wordlists" ];
diff --git a/pkgs/tools/networking/wireguard-tools/default.nix b/pkgs/tools/networking/wireguard-tools/default.nix
index 4fac72f7d03..4b6e2aa9f18 100644
--- a/pkgs/tools/networking/wireguard-tools/default.nix
+++ b/pkgs/tools/networking/wireguard-tools/default.nix
@@ -13,11 +13,11 @@ with stdenv.lib;
stdenv.mkDerivation rec {
pname = "wireguard-tools";
- version = "1.0.20200319";
+ version = "1.0.20200510";
src = fetchzip {
url = "https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-${version}.tar.xz";
- sha256 = "0g9vlngg9dnh7qqfhaycw35fq8ij5hfz6p1cykh4ncjgr93i7rbx";
+ sha256 = "0xqchidfn1j3jq5w7ck570aib12q9z0mfvwhmnyzqxx7d3qh76j6";
};
outputs = [ "out" "man" ];
diff --git a/pkgs/tools/security/jadx/default.nix b/pkgs/tools/security/jadx/default.nix
new file mode 100644
index 00000000000..961f1e6954a
--- /dev/null
+++ b/pkgs/tools/security/jadx/default.nix
@@ -0,0 +1,103 @@
+{ stdenv, fetchFromGitHub, gradle, jdk, makeWrapper, perl }:
+
+let
+ pname = "jadx";
+ version = "1.1.0";
+
+ src = fetchFromGitHub {
+ owner = "skylot";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "1dx3g0sm46qy57gggpg8bpmin5glzbxdbf0qzvha9r2dwh4mrwlg";
+ };
+
+ deps = stdenv.mkDerivation {
+ name = "${pname}-deps";
+ inherit src;
+
+ nativeBuildInputs = [ gradle jdk perl ];
+
+ buildPhase = ''
+ export GRADLE_USER_HOME=$(mktemp -d)
+ export JADX_VERSION=${version}
+ gradle --no-daemon jar
+ '';
+
+ # Mavenize dependency paths
+ # e.g. org.codehaus.groovy/groovy/2.4.0/{hash}/groovy-2.4.0.jar -> org/codehaus/groovy/groovy/2.4.0/groovy-2.4.0.jar
+ installPhase = ''
+ find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \
+ | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/$x/$3/$4/$5" #e' \
+ | sh
+ '';
+
+ outputHashAlgo = "sha256";
+ outputHashMode = "recursive";
+ outputHash = "083r4hg6m9cxzm2m8nckf10awq8kh901v5i39r60x47xk5yw84ps";
+ };
+in stdenv.mkDerivation {
+ inherit pname version src;
+
+ nativeBuildInputs = [ gradle jdk makeWrapper ];
+
+ buildPhase = ''
+ # The installDist Gradle build phase tries to copy some dependency .jar
+ # files multiple times into the build directory. This ends up failing when
+ # the dependencies are read directly from the Nix store since they are not
+ # marked as chmod +w. To work around this, get a local copy of the
+ # dependency store, and give write permissions.
+ depsDir=$(mktemp -d)
+ cp -R ${deps}/* $depsDir
+ chmod -R u+w $depsDir
+
+ gradleInit=$(mktemp)
+ cat >$gradleInit <
+ settings.pluginManagement {
+ repositories {
+ maven { url '$depsDir' }
+ }
+ }
+ }
+ EOF
+
+ export GRADLE_USER_HOME=$(mktemp -d)
+ export JADX_VERSION=${version}
+ gradle --offline --no-daemon --info --init-script $gradleInit pack
+ '';
+
+ installPhase = ''
+ mkdir $out $out/bin
+ cp -R build/jadx/lib $out
+ for prog in jadx jadx-gui; do
+ cp build/jadx/bin/$prog $out/bin
+ wrapProgram $out/bin/$prog --set JAVA_HOME ${jdk.home}
+ done
+ '';
+
+ meta = with stdenv.lib; {
+ description = "Dex to Java decompiler";
+ longDescription = ''
+ Command line and GUI tools for produce Java source code from Android Dex
+ and Apk files.
+ '';
+ license = licenses.asl20;
+ platforms = platforms.unix;
+ maintainers = with maintainers; [ delroth ];
+ };
+}
diff --git a/pkgs/tools/system/ytop/default.nix b/pkgs/tools/system/ytop/default.nix
index 562886ad57e..08e227d2454 100644
--- a/pkgs/tools/system/ytop/default.nix
+++ b/pkgs/tools/system/ytop/default.nix
@@ -4,18 +4,18 @@ assert stdenv.isDarwin -> IOKit != null;
rustPlatform.buildRustPackage rec {
pname = "ytop";
- version = "0.6.0";
+ version = "0.6.1";
src = fetchFromGitHub {
owner = "cjbassi";
repo = pname;
rev = version;
- sha256 = "1zajgzhhxigga5wc94bmbk8iwx7yc2jq3f0hqadfsa4f0wmpi0nf";
+ sha256 = "1p746v9xrfm6avc6v9dvcnpckhvdizzf53pcg9bpcp0lw5sh85da";
};
buildInputs = stdenv.lib.optionals stdenv.isDarwin [ IOKit ];
- cargoSha256 = "1ka9d81ddzz52w75xdiwd2xkv1rlamyvvdax09wanb61zxxwm0i7";
+ cargoSha256 = "15cpi0b5yqjwi1liry2q17sn9hpc4xf9gn33ri3rs6ls5qs7j7pa";
meta = with stdenv.lib; {
description = "A TUI system monitor written in Rust";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 14591f195d5..7998b7ac437 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -2058,6 +2058,8 @@ in
nfstrace = callPackage ../tools/networking/nfstrace { };
+ nix-direnv = callPackage ../tools/misc/nix-direnv { };
+
nixpkgs-pytools = with python3.pkgs; toPythonApplication nixpkgs-pytools;
noteshrink = callPackage ../tools/misc/noteshrink { };
@@ -4373,6 +4375,8 @@ in
jade = callPackage ../tools/text/sgml/jade { };
+ jadx = callPackage ../tools/security/jadx { };
+
jazzy = callPackage ../development/tools/jazzy { };
jc = with python3Packages; toPythonApplication jc;
@@ -17063,7 +17067,7 @@ in
# Hardened linux
hardenedLinuxPackagesFor = kernel: linuxPackagesFor (kernel.override {
- structuredExtraConfig = import ../os-specific/linux/kernel/hardened-config.nix {
+ structuredExtraConfig = import ../os-specific/linux/kernel/hardened/config.nix {
inherit stdenv;
inherit (kernel) version;
};
@@ -19385,6 +19389,8 @@ in
geany = callPackage ../applications/editors/geany { };
geany-with-vte = callPackage ../applications/editors/geany/with-vte.nix { };
+ genxword = callPackage ../applications/misc/genxword { };
+
geoipupdate = callPackage ../applications/misc/geoipupdate/default.nix { };
ghostwriter = libsForQt5.callPackage ../applications/editors/ghostwriter { };
@@ -24954,9 +24960,16 @@ in
fped = callPackage ../applications/science/electronics/fped { };
+ # this is a wrapper for kicad.base and kicad.libraries
kicad = callPackage ../applications/science/electronics/kicad { };
kicad-small = kicad.override { pname = "kicad-small"; with3d = false; };
- kicad-unstable = kicad.override { pname = "kicad-unstable"; debug = true; };
+ kicad-unstable = kicad.override { pname = "kicad-unstable"; stable = false; };
+ # mostly here so the kicad-unstable components (except packages3d) get built
+ kicad-unstable-small = kicad.override {
+ pname = "kicad-unstable-small";
+ stable = false;
+ with3d = false;
+ };
librepcb = libsForQt5.callPackage ../applications/science/electronics/librepcb { };
diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix
index 44b90219606..aadd51e6294 100644
--- a/pkgs/top-level/ocaml-packages.nix
+++ b/pkgs/top-level/ocaml-packages.nix
@@ -42,11 +42,6 @@ let
async_unix_p4 = callPackage ../development/ocaml-modules/async_unix { };
- async_p4 =
- if lib.versionOlder "4.02" ocaml.version
- then callPackage ../development/ocaml-modules/async { }
- else null;
-
atd = callPackage ../development/ocaml-modules/atd { };
atdgen = callPackage ../development/ocaml-modules/atdgen { };
@@ -1213,13 +1208,6 @@ let
then callPackage ../development/ocaml-modules/janestreet/async-extra.nix {}
else async_extra_p4;
- async =
- if lib.versionOlder "4.03" ocaml.version
- then janeStreet.async
- else if lib.versionOlder "4.02" ocaml.version
- then callPackage ../development/ocaml-modules/janestreet/async.nix {}
- else async_p4;
-
# Apps / from all-packages
ocamlnat = callPackage ../development/ocaml-modules/ocamlnat { };
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index e54a4e9fe45..c356700167e 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1479,6 +1479,8 @@ in {
transforms3d = callPackage ../development/python-modules/transforms3d { };
+ trimesh = callPackage ../development/python-modules/trimesh {};
+
sentinel = callPackage ../development/python-modules/sentinel { };
sentry-sdk = callPackage ../development/python-modules/sentry-sdk {};