From c844621f7177b0c739dcbe98840d608f75cc57c4 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Wed, 24 Feb 2021 18:10:11 +0000
Subject: [PATCH 01/51] python37Packages.bitbox02: 5.2.0 -> 5.3.0

---
 pkgs/development/python-modules/bitbox02/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/bitbox02/default.nix b/pkgs/development/python-modules/bitbox02/default.nix
index ce62fd6dce0..d57d4a6585b 100644
--- a/pkgs/development/python-modules/bitbox02/default.nix
+++ b/pkgs/development/python-modules/bitbox02/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "bitbox02";
-  version = "5.2.0";
+  version = "5.3.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "52b0b617660601939b30c8b588c28910946448b1b6d69ca231d5e3e47a322b71";
+    sha256 = "fe0e8aeb9b32fd7d76bb3e9838895973a74dfd532a8fb8ac174a1a60214aee26";
   };
 
   propagatedBuildInputs = [ base58 ecdsa hidapi noiseprotocol protobuf semver typing-extensions ];

From 820cc72b52b961220fe862b74d42f27ce8c8b2da Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Tue, 2 Mar 2021 00:57:17 -0800
Subject: [PATCH 02/51] ssm-agent: 2.3.1319.0 -> 3.0.755.0

Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
---
 ...C-tests-that-fail-in-the-Nix-sandbox.patch |  44 +++++++
 ...-gen-don-t-use-unnecessary-constants.patch |  46 ++++++++
 .../networking/cluster/ssm-agent/default.nix  | 108 +++++++++++-------
 3 files changed, 159 insertions(+), 39 deletions(-)
 create mode 100644 pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch
 create mode 100644 pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch

diff --git a/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch b/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch
new file mode 100644
index 00000000000..364f7653efa
--- /dev/null
+++ b/pkgs/applications/networking/cluster/ssm-agent/0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch
@@ -0,0 +1,44 @@
+From bea6307ec2a77d90d59c13940381d73ec0f05b70 Mon Sep 17 00:00:00 2001
+From: Graham Christensen <graham@grahamc.com>
+Date: Mon, 1 Mar 2021 10:57:44 -0500
+Subject: [PATCH] Disable NIC tests that fail in the Nix sandbox.
+
+---
+ agent/managedInstances/fingerprint/fingerprint_integ_test.go | 2 ++
+ agent/ssm/service_test.go                                    | 1 +
+ 2 files changed, 3 insertions(+)
+
+diff --git a/agent/managedInstances/fingerprint/fingerprint_integ_test.go b/agent/managedInstances/fingerprint/fingerprint_integ_test.go
+index a1f969ff..631ea1f5 100644
+--- a/agent/managedInstances/fingerprint/fingerprint_integ_test.go
++++ b/agent/managedInstances/fingerprint/fingerprint_integ_test.go
+@@ -28,12 +28,14 @@ func TestHostnameInfo(t *testing.T) {
+ }
+ 
+ func TestPrimaryIpInfo(t *testing.T) {
++	t.Skip("The Nix build sandbox has no non-loopback IPs, causing this test to fail.");
+ 	ip, err := primaryIpInfo()
+ 	assert.NoError(t, err, "expected no error fetching the primary ip")
+ 	assert.NotEmpty(t, ip, "expected to fetch primary ip")
+ }
+ 
+ func TestMacAddrInfo(t *testing.T) {
++	t.Skip("The Nix build sandbox has no non-loopback interfaces, causing this test to fail.");
+ 	mac, err := macAddrInfo()
+ 	assert.NoError(t, err, "expected no error fetching the mac addr")
+ 	assert.NotEmpty(t, mac, "expected to fetch mac address")
+diff --git a/agent/ssm/service_test.go b/agent/ssm/service_test.go
+index f4b34f83..d8216dba 100644
+--- a/agent/ssm/service_test.go
++++ b/agent/ssm/service_test.go
+@@ -85,6 +85,7 @@ func (suite *SsmServiceTestSuite) TestUpdateEmptyInstanceInformation() {
+ // Test function for update instance information
+ // This function update the agent name, agent statuc, and agent version.
+ func (suite *SsmServiceTestSuite) TestUpdateInstanceInformation() {
++	suite.T().Skip("The Nix build sandbox has no interfaces for IP and MAC address reports.");
+ 	// Give mock value to test UpdateInstanceInformation, assert the error is nil, assert the log.Debug function get called.
+ 	response, err := suite.sdkService.UpdateInstanceInformation(suite.logMock, "2.2.3.2", "active", "Amazon-ssm-agent")
+ 	assert.Nil(suite.T(), err, "Err should be nil")
+-- 
+2.29.2
+
diff --git a/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch b/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch
new file mode 100644
index 00000000000..234e510d3d1
--- /dev/null
+++ b/pkgs/applications/networking/cluster/ssm-agent/0002-version-gen-don-t-use-unnecessary-constants.patch
@@ -0,0 +1,46 @@
+From 473e3f8544915a35b3a45c548743978b34e5310e Mon Sep 17 00:00:00 2001
+From: Cole Helbling <cole.e.helbling@outlook.com>
+Date: Tue, 2 Mar 2021 00:24:00 -0800
+Subject: [PATCH] version-gen: don't use unnecessary constants
+
+This prevents the tool from being built with Nix, because this project
+doesn't use Go modules (or something; I'm not really familiar with Go,
+much less Go + Nix).
+---
+ agent/version/versiongenerator/version-gen.go | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/agent/version/versiongenerator/version-gen.go b/agent/version/versiongenerator/version-gen.go
+index d710effc..55c9a001 100644
+--- a/agent/version/versiongenerator/version-gen.go
++++ b/agent/version/versiongenerator/version-gen.go
+@@ -22,8 +22,6 @@ import (
+ 	"path/filepath"
+ 	"strings"
+ 	"text/template"
+-
+-	"github.com/aws/amazon-ssm-agent/agent/appconfig"
+ )
+ 
+ const versiongoTemplate = `// This is an autogenerated file and should not be edited.
+@@ -59,7 +57,7 @@ func main() {
+ 	versionStr := strings.TrimSpace(string(versionContent))
+ 
+ 	fmt.Printf("Agent Version: %v", versionStr)
+-	if err := ioutil.WriteFile(filepath.Join("VERSION"), []byte(versionStr), appconfig.ReadWriteAccess); err != nil {
++	if err := ioutil.WriteFile(filepath.Join("VERSION"), []byte(versionStr), 0600); err != nil {
+ 		log.Fatalf("Error writing to VERSION file. %v", err)
+ 	}
+ 
+@@ -108,7 +106,7 @@ func main() {
+ 
+ 	releaseNoteOutFile := strings.Join(releaseNoteLines, "\n")
+ 
+-	if err = ioutil.WriteFile(filepath.Join(releaseNotesFile), []byte(releaseNoteOutFile), appconfig.ReadWriteAccess); err != nil {
++	if err = ioutil.WriteFile(filepath.Join(releaseNotesFile), []byte(releaseNoteOutFile), 0600); err != nil {
+ 		log.Fatalf("Error writing to RELEASENOTES.md file. %v", err)
+ 	}
+ 
+-- 
+2.30.0
+
diff --git a/pkgs/applications/networking/cluster/ssm-agent/default.nix b/pkgs/applications/networking/cluster/ssm-agent/default.nix
index b042f8ff15f..9b9e57ca333 100644
--- a/pkgs/applications/networking/cluster/ssm-agent/default.nix
+++ b/pkgs/applications/networking/cluster/ssm-agent/default.nix
@@ -1,63 +1,93 @@
-{ lib, fetchFromGitHub, buildGoPackage, bash, makeWrapper }:
+{ lib
+, writeShellScriptBin
+, buildGoPackage
+, makeWrapper
+, fetchFromGitHub
+, coreutils
+, nettools
+, dmidecode
+, util-linux
+, bashInteractive
+}:
 
+let
+  # The SSM agent doesn't pay attention to our /etc/os-release yet, and the lsb-release tool
+  # in nixpkgs doesn't seem to work properly on NixOS, so let's just fake the two fields SSM
+  # looks for. See https://github.com/aws/amazon-ssm-agent/issues/38 for upstream fix.
+  fake-lsb-release = writeShellScriptBin "lsb_release" ''
+    . /etc/os-release || true
+
+    case "$1" in
+      -i) echo "''${NAME:-unknown}";;
+      -r) echo "''${VERSION:-unknown}";;
+    esac
+  '';
+in
 buildGoPackage rec {
-  pname   = "amazon-ssm-agent";
-  version = "2.3.1319.0";
+  pname = "amazon-ssm-agent";
+  version = "3.0.755.0";
 
   goPackagePath = "github.com/aws/${pname}";
-  subPackages   = [
-    "agent"
-    "agent/framework/processor/executer/outofproc/worker"
-    "agent/framework/processor/executer/outofproc/worker"
-    "agent/framework/processor/executer/outofproc/sessionworker"
-    "agent/session/logging"
-    "agent/cli-main"
-  ];
 
   nativeBuildInputs = [ makeWrapper ];
 
   src = fetchFromGitHub {
-    rev    = version;
-    owner  = "aws";
-    repo   = pname;
-    sha256 = "1yiyhj7ckqa32b1rnbwn7zx89rsj00m5imn1xlpsw002ywxsxbnv";
+    rev = version;
+    owner = "aws";
+    repo = "amazon-ssm-agent";
+    hash = "sha256-yVQJL1MJ1JlAndlrXfEbNLQihlbLhSoQXTKzJMRzhao=";
   };
 
-  preBuild = ''
-    mv go/src/${goPackagePath}/vendor strange-vendor
-    mv strange-vendor/src go/src/${goPackagePath}/vendor
+  patches = [
+    # Some tests use networking, so we skip them.
+    ./0001-Disable-NIC-tests-that-fail-in-the-Nix-sandbox.patch
 
-    cd go/src/${goPackagePath}
-    echo ${version} > VERSION
+    # They used constants from another package that I couldn't figure
+    # out how to resolve, so hardcoded the constants.
+    ./0002-version-gen-don-t-use-unnecessary-constants.patch
+  ];
 
-    substituteInPlace agent/plugins/inventory/gatherers/application/dataProvider.go \
-      --replace '"github.com/aws/amazon-ssm-agent/agent/plugins/configurepackage/localpackages"' ""
+  configurePhase = ''
+    export HOME=$(mktemp -d)
 
-    go run agent/version/versiongenerator/version-gen.go
-    substituteInPlace agent/appconfig/constants_unix.go \
-      --replace /usr/bin/ssm-document-worker $bin/bin/ssm-document-worker \
-      --replace /usr/bin/ssm-session-worker $bin/bin/ssm-session-worker \
-      --replace /usr/bin/ssm-session-logger $bin/bin/ssm-session-logger
-    cd -
+    printf "#!/bin/sh\ntrue" > ./Tools/src/checkstyle.sh
+
+    substituteInPlace agent/platform/platform_unix.go \
+        --replace "/usr/bin/uname" "${coreutils}/bin/uname" \
+        --replace '"/bin", "hostname"' '"${nettools}/bin/hostname"' \
+        --replace '"lsb_release"' '"${fake-lsb-release}/bin/lsb_release"'
+
+    substituteInPlace agent/managedInstances/fingerprint/hardwareInfo_unix.go \
+        --replace /usr/sbin/dmidecode ${dmidecode}/bin/dmidecode
+
+    substituteInPlace agent/session/shell/shell_unix.go \
+        --replace '"script"' '"${util-linux}/bin/script"'
+
+    # Note: if this step fails, please patch the code to fix it! Please only skip
+    # tests if it is not feasible for the test to pass in a sandbox.
+    make quick-integtest
+
+    echo "${version}" > VERSION
+
+    make pre-release
+    make pre-build
   '';
 
-  postBuild = ''
-    mv go/bin/agent go/bin/amazon-ssm-agent
-    mv go/bin/worker go/bin/ssm-document-worker
-    mv go/bin/sessionworker go/bin/ssm-session-worker
-    mv go/bin/logging go/bin/ssm-session-logger
-    mv go/bin/cli-main go/bin/ssm-cli
+  buildPhase = ''
+    make build-linux
   '';
 
-  postInstall = ''
-    wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bash}/bin
+  installPhase = ''
+    mkdir -p $out/bin
+    mv bin/linux_*/* $out/bin/
+    wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bashInteractive}/bin
   '';
 
   meta = with lib; {
     description = "Agent to enable remote management of your Amazon EC2 instance configuration";
-    homepage    = "https://github.com/aws/amazon-ssm-agent";
-    license     = licenses.asl20;
-    platforms   = platforms.unix;
+    homepage = "https://github.com/aws/amazon-ssm-agent";
+    license = licenses.asl20;
+    platforms = platforms.unix;
     maintainers = with maintainers; [ copumpkin manveru ];
   };
 }

From 429d55c6d4957c9a7dce0e7e48e4dc587a38d56b Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Wed, 3 Mar 2021 01:48:53 +0000
Subject: [PATCH 03/51] mcfly: 0.5.3 -> 0.5.4

---
 pkgs/tools/misc/mcfly/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/misc/mcfly/default.nix b/pkgs/tools/misc/mcfly/default.nix
index 616ee822eba..acdde84accd 100644
--- a/pkgs/tools/misc/mcfly/default.nix
+++ b/pkgs/tools/misc/mcfly/default.nix
@@ -2,13 +2,13 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "mcfly";
-  version = "0.5.3";
+  version = "0.5.4";
 
   src = fetchFromGitHub {
     owner = "cantino";
     repo = "mcfly";
     rev = "v${version}";
-    sha256 = "1p51wdv47cyg6dmb81fm0d92x1kp7bwwpgax6vlh669nkddiwvmm";
+    sha256 = "sha256-OYHUawlVHUlKMOWFqeJgg8EIe6Hbe+tKi57sJC5zH1U=";
   };
 
   postInstall = ''
@@ -20,7 +20,7 @@ rustPlatform.buildRustPackage rec {
     install -Dm644 -t $out/share/mcfly mcfly.fish
   '';
 
-  cargoSha256 = "0gcdgca8w8i978b067rwm5zrc81rxb704006k9pbcwizkq2281yy";
+  cargoSha256 = "sha256-aiOw1esERlhOTBCldxoldMCrxMxcGpYXEvjSFQ8xU8A=";
 
   meta = with lib; {
     homepage = "https://github.com/cantino/mcfly";

From 29b99a22a5e06de3d7a2401398c169782685078e Mon Sep 17 00:00:00 2001
From: Cole Helbling <cole.e.helbling@outlook.com>
Date: Tue, 2 Mar 2021 12:47:42 -0800
Subject: [PATCH 04/51] ssm-agent: don't override phases

---
 .../networking/cluster/ssm-agent/default.nix  | 43 +++++++++++++------
 1 file changed, 30 insertions(+), 13 deletions(-)

diff --git a/pkgs/applications/networking/cluster/ssm-agent/default.nix b/pkgs/applications/networking/cluster/ssm-agent/default.nix
index 9b9e57ca333..3aa583f3ae3 100644
--- a/pkgs/applications/networking/cluster/ssm-agent/default.nix
+++ b/pkgs/applications/networking/cluster/ssm-agent/default.nix
@@ -11,9 +11,10 @@
 }:
 
 let
-  # The SSM agent doesn't pay attention to our /etc/os-release yet, and the lsb-release tool
-  # in nixpkgs doesn't seem to work properly on NixOS, so let's just fake the two fields SSM
-  # looks for. See https://github.com/aws/amazon-ssm-agent/issues/38 for upstream fix.
+  # Tests use lsb_release, so we mock it (the SSM agent used to not
+  # read from our /etc/os-release file, but now it does) because in
+  # reality, it won't (shouldn't) be used when active on a system with
+  # /etc/os-release. If it is, we fake the only two fields it cares about.
   fake-lsb-release = writeShellScriptBin "lsb_release" ''
     . /etc/os-release || true
 
@@ -47,9 +48,8 @@ buildGoPackage rec {
     ./0002-version-gen-don-t-use-unnecessary-constants.patch
   ];
 
-  configurePhase = ''
-    export HOME=$(mktemp -d)
-
+  preConfigure = ''
+    rm -r ./Tools/src/goreportcard
     printf "#!/bin/sh\ntrue" > ./Tools/src/checkstyle.sh
 
     substituteInPlace agent/platform/platform_unix.go \
@@ -63,23 +63,40 @@ buildGoPackage rec {
     substituteInPlace agent/session/shell/shell_unix.go \
         --replace '"script"' '"${util-linux}/bin/script"'
 
+    echo "${version}" > VERSION
+  '';
+
+  preBuild = ''
+    cp -r go/src/${goPackagePath}/vendor/src go
+
+    pushd go/src/${goPackagePath}
+
     # Note: if this step fails, please patch the code to fix it! Please only skip
     # tests if it is not feasible for the test to pass in a sandbox.
     make quick-integtest
 
-    echo "${version}" > VERSION
-
     make pre-release
     make pre-build
+
+    popd
   '';
 
-  buildPhase = ''
-    make build-linux
+  postBuild = ''
+    pushd go/bin
+
+    rm integration-cli versiongenerator generator
+
+    mv core amazon-ssm-agent
+    mv agent ssm-agent-worker
+    mv cli-main ssm-cli
+    mv worker ssm-document-worker
+    mv logging ssm-session-logger
+    mv sessionworker ssm-session-worker
+
+    popd
   '';
 
-  installPhase = ''
-    mkdir -p $out/bin
-    mv bin/linux_*/* $out/bin/
+  postFixup = ''
     wrapProgram $out/bin/amazon-ssm-agent --prefix PATH : ${bashInteractive}/bin
   '';
 

From eab2ba0a67d13b65eaa9b2f5befbe7fbd0fc0468 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= <me@danieldk.eu>
Date: Thu, 4 Mar 2021 08:45:33 +0100
Subject: [PATCH 05/51] python3Packages.etebase: switch to buildPythonPackage +
 cargoSetupHook

The derivation also built OpenSSL statically. Switch to our OpenSSL
derivation instead, so that the package gets automatic OpenSSL
security updates.
---
 .../python-modules/etebase/default.nix        | 57 ++++++++++---------
 1 file changed, 30 insertions(+), 27 deletions(-)

diff --git a/pkgs/development/python-modules/etebase/default.nix b/pkgs/development/python-modules/etebase/default.nix
index 7832f6b4787..9151e2471c4 100644
--- a/pkgs/development/python-modules/etebase/default.nix
+++ b/pkgs/development/python-modules/etebase/default.nix
@@ -1,19 +1,17 @@
-{ lib, stdenv
-, wheel
-, rustPlatform
-, pipInstallHook
-, setuptools-rust
-, python
-, msgpack
-, requests
-, openssl
-, perl
-, rustfmt
+{ lib
+, stdenv
 , fetchFromGitHub
+, buildPythonPackage
+, rustPlatform
+, pkg-config
+, rustfmt
+, setuptools-rust
+, openssl
 , Security
+, msgpack
 }:
 
-rustPlatform.buildRustPackage rec {
+buildPythonPackage rec {
   pname = "etebase";
   version = "0.31.1";
 
@@ -24,33 +22,38 @@ rustPlatform.buildRustPackage rec {
     sha256 = "163iw64l8lwawf84qswcjsq9p8qddv9ysjrr3dzqpqxb2yb0sy39";
   };
 
-  cargoSha256 = "0w8ypl6kj1mf6ahbdiwbd4jw6ldxdaig47zwk91jjsww5lbyx4lf";
+  cargoDeps = rustPlatform.fetchCargoTarball {
+    inherit src;
+    name = "${pname}-${version}";
+    sha256 = "0w8ypl6kj1mf6ahbdiwbd4jw6ldxdaig47zwk91jjsww5lbyx4lf";
+  };
+
+  format = "pyproject";
 
   nativeBuildInputs = [
+    pkg-config
     rustfmt
-    perl
-    openssl
-    pipInstallHook
     setuptools-rust
-    wheel
-  ];
+  ] ++ (with rustPlatform; [
+    cargoSetupHook
+    rust.cargo
+    rust.rustc
+  ]);
 
-  buildInputs = lib.optionals stdenv.isDarwin [ Security ];
+  buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ Security ];
 
   propagatedBuildInputs = [
-    python
     msgpack
   ];
 
-  doCheck = true;
-
-  buildPhase = ''
-    ${python.interpreter} setup.py bdist_wheel
+  postPatch = ''
+    # Use system OpenSSL, which gets security updates.
+    substituteInPlace Cargo.toml \
+      --replace ', features = ["vendored"]' ""
   '';
 
-  installPhase = ''
-    pipInstallPhase
-  '';
+  pythonImportsCheck = [ "etebase" ];
+
 
   meta = with lib; {
     homepage = "https://www.etebase.com/";

From 65671395da07d5d6f7daaf69aa7a30d614c3a438 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= <me@danieldk.eu>
Date: Thu, 4 Mar 2021 08:48:26 +0100
Subject: [PATCH 06/51] python3Packages.etebase: 0.31.1 -> 0.31.2

Changelog:
https://github.com/etesync/etebase-py/releases/tag/v0.31.2

(Fixes crashes with Python 3.9.)
---
 pkgs/development/python-modules/etebase/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/python-modules/etebase/default.nix b/pkgs/development/python-modules/etebase/default.nix
index 9151e2471c4..14c93fc719f 100644
--- a/pkgs/development/python-modules/etebase/default.nix
+++ b/pkgs/development/python-modules/etebase/default.nix
@@ -13,19 +13,19 @@
 
 buildPythonPackage rec {
   pname = "etebase";
-  version = "0.31.1";
+  version = "0.31.2";
 
   src = fetchFromGitHub {
     owner = "etesync";
     repo = "etebase-py";
     rev = "v${version}";
-    sha256 = "163iw64l8lwawf84qswcjsq9p8qddv9ysjrr3dzqpqxb2yb0sy39";
+    hash = "sha256-enGmfXW8eV6FgdHfJqXr1orAsGbxDz9xUY6T706sf5U=";
   };
 
   cargoDeps = rustPlatform.fetchCargoTarball {
     inherit src;
     name = "${pname}-${version}";
-    sha256 = "0w8ypl6kj1mf6ahbdiwbd4jw6ldxdaig47zwk91jjsww5lbyx4lf";
+    hash = "sha256-4eJvFf6aY+DYkrYgam5Ok9941PX4uQOmtRznEY0+1TE=";
   };
 
   format = "pyproject";

From 38aa907d46c4b08df996836d94900e8f1c8cfd8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <dev@schuetz-co.de>
Date: Sat, 27 Feb 2021 14:15:20 +0100
Subject: [PATCH 07/51] prs: init at 0.2.2

---
 pkgs/tools/security/prs/default.nix | 48 +++++++++++++++++++++++++++++
 pkgs/top-level/all-packages.nix     |  2 ++
 2 files changed, 50 insertions(+)
 create mode 100644 pkgs/tools/security/prs/default.nix

diff --git a/pkgs/tools/security/prs/default.nix b/pkgs/tools/security/prs/default.nix
new file mode 100644
index 00000000000..197a2ba8b9b
--- /dev/null
+++ b/pkgs/tools/security/prs/default.nix
@@ -0,0 +1,48 @@
+{ lib
+, rustPlatform
+, fetchFromGitLab
+, pkg-config
+, python3
+, dbus
+, glib
+, gpgme
+, gtk3
+, libxcb
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "prs";
+  version = "0.2.2";
+
+  src = fetchFromGitLab {
+    owner = "timvisee";
+    repo = "prs";
+    rev = "v${version}";
+    sha256 = "05l9zaaadv2a7ngwkxggp5vrjlnpvf2wr4ijhprx3jkw8b2cxii7";
+  };
+
+  cargoSha256 = "0fjkvr5mdqiy70qx4liwnh78y6mqdv6vbg3nayinh2h34p0z609y";
+
+  postPatch = ''
+    # The GPGME backend is recommended
+    for f in "gtk3/Cargo.toml" "cli/Cargo.toml"; do
+      substituteInPlace "$f" --replace \
+        'default = ["backend-gnupg-bin"' 'default = ["backend-gpgme"'
+    done
+  '';
+
+  nativeBuildInputs = [ gpgme pkg-config python3 ];
+
+  buildInputs = [ dbus glib gpgme gtk3 libxcb ];
+
+  meta = with lib; {
+    description = "Secure, fast & convenient password manager CLI using GPG and git to sync";
+    homepage = "https://gitlab.com/timvisee/prs";
+    changelog = "https://gitlab.com/timvisee/prs/-/blob/v${version}/CHANGELOG.md";
+    license = with licenses; [
+      lgpl3Only # lib
+      gpl3Only  # everything else
+    ];
+    maintainers = with maintainers; [ dotlambda ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index ae22edcd688..bb9534002bc 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7295,6 +7295,8 @@ in
     openssl = openssl_1_0_2;
   };
 
+  prs = callPackage ../tools/security/prs { };
+
   psw = callPackage ../tools/misc/psw { };
 
   pws = callPackage ../tools/misc/pws { };

From e7b4f9b91e6c93b67f681471f5fa68ab672d9dad Mon Sep 17 00:00:00 2001
From: roblabla <unfiltered@roblab.la>
Date: Sat, 27 Feb 2021 14:59:08 +0100
Subject: [PATCH 08/51] yara: 4.0.1 -> 4.0.5

---
 pkgs/tools/security/yara/default.nix | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix
index f11e772390d..844004c3b9e 100644
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -1,4 +1,5 @@
 { lib, stdenv
+, fetchpatch
 , fetchFromGitHub
 , autoreconfHook
 , pcre
@@ -10,14 +11,14 @@
 }:
 
 stdenv.mkDerivation rec {
-  version = "4.0.1";
+  version = "4.0.5";
   pname = "yara";
 
   src = fetchFromGitHub {
     owner = "VirusTotal";
     repo = "yara";
     rev = "v${version}";
-    sha256 = "0dy8jf0pdn0wilxy1pj6pqjxg7icxkwax09w54np87gl9p00f5rk";
+    sha256 = "1gkdll2ygdlqy1f27a5b84gw2bq75ss7acsx06yhiss90qwdaalq";
   };
 
   nativeBuildInputs = [ autoreconfHook pkg-config ];
@@ -30,6 +31,19 @@ stdenv.mkDerivation rec {
 
   preConfigure = "./bootstrap.sh";
 
+  # If static builds are disabled, `make all-am` will fail to find libyara.a and
+  # cause a build failure. It appears that somewhere between yara 4.0.1 and
+  # 4.0.5, linking the yara binaries dynamically against libyara.so was broken.
+  #
+  # This was already fixed in yara master. Backport the patch to yara 4.0.5.
+  patches = [
+    (fetchpatch {
+      name = "fix-build-with-no-static.patch";
+      url = "https://github.com/VirusTotal/yara/commit/52e6866023b9aca26571c78fb8759bc3a51ba6dc.diff";
+      sha256 = "074cf99j0rqiyacp60j1hkvjqxia7qwd11xjqgcr8jmfwihb38nr";
+    })
+  ];
+
   configureFlags = [
     (lib.withFeature withCrypto "crypto")
     (lib.enableFeature enableMagic "magic")

From a8ce931064b73c5ade7a570c0d4640631b0174b7 Mon Sep 17 00:00:00 2001
From: Stefan Frijters <sfrijters@gmail.com>
Date: Sun, 28 Feb 2021 19:18:51 +0100
Subject: [PATCH 09/51] urserver: 3.6.0.745 -> 3.9.0.2465

---
 pkgs/servers/urserver/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/servers/urserver/default.nix b/pkgs/servers/urserver/default.nix
index eee10d05826..9047ea0ee34 100644
--- a/pkgs/servers/urserver/default.nix
+++ b/pkgs/servers/urserver/default.nix
@@ -9,15 +9,16 @@
 
 stdenv.mkDerivation rec {
   pname = "urserver";
-  version = "3.6.0.745";
+  version = "3.9.0.2465";
 
   src = fetchurl {
-    url = "https://www.unifiedremote.com/static/builds/server/linux-x64/745/urserver-${version}.tar.gz";
-    sha256 = "1ib9317bg9n4knwnlbrn1wfkyrjalj8js3a6h7zlcl8h8xc0szc8";
+    url = "https://www.unifiedremote.com/static/builds/server/linux-x64/${builtins.elemAt (builtins.splitVersion version) 3}/urserver-${version}.tar.gz";
+    sha256 = "sha256-3DIroodWCMbq1fzPjhuGLk/2fY/qFxFISLzjkjJ4i90=";
   };
 
   nativeBuildInputs = [
     autoPatchelfHook
+    makeWrapper
   ];
 
   buildInputs = [
@@ -25,7 +26,6 @@ stdenv.mkDerivation rec {
     bluez
     libX11
     libXtst
-    makeWrapper
   ];
 
   installPhase = ''

From 7e084ddffe6824dec9503fb6b909b65fee3e9cf8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20K=C3=A1n=C4=9B?= <vojtech.kane@gmail.com>
Date: Tue, 16 Feb 2021 15:17:42 +0100
Subject: [PATCH 10/51] natron: fix build and update to 2.3.15

---
 pkgs/applications/video/natron/default.nix | 54 +++++++++++++---------
 1 file changed, 32 insertions(+), 22 deletions(-)

diff --git a/pkgs/applications/video/natron/default.nix b/pkgs/applications/video/natron/default.nix
index a455869ebf9..bbbcf3d7687 100644
--- a/pkgs/applications/video/natron/default.nix
+++ b/pkgs/applications/video/natron/default.nix
@@ -1,14 +1,14 @@
 { lib, stdenv, fetchurl, qt4, pkg-config, boost, expat, cairo, python2Packages,
   cmake, flex, bison, pango, librsvg, librevenge, libxml2, libcdr, libzip,
   poppler, imagemagick, openexr, ffmpeg_3, opencolorio, openimageio,
-  qmake4Hook, libpng, libGL, lndir }:
+  qmake4Hook, libpng, libGL, lndir, libraw, openjpeg, libwebp, fetchFromGitHub }:
 
 let
-  minorVersion = "2.1";
-  version = "${minorVersion}.9";
+  minorVersion = "2.3";
+  version = "${minorVersion}.15";
   OpenColorIO-Configs = fetchurl {
-    url = "https://github.com/MrKepzie/OpenColorIO-Configs/archive/Natron-v${minorVersion}.tar.gz";
-    sha256 = "9eec5a02ca80c9cd8e751013cb347ea982fdddd592a4a9215cce462e332dac51";
+    url = "https://github.com/NatronGitHub/OpenColorIO-Configs/archive/Natron-v${minorVersion}.tar.gz";
+    sha256 = "AZK9J+RnMyxOYcAQOAQZj5QciPQ999m6jrtBt5rdpkA=";
   };
   seexpr = stdenv.mkDerivation rec {
     version = "1.0.1";
@@ -20,14 +20,15 @@ let
     nativeBuildInputs = [ cmake ];
     buildInputs = [ libpng flex bison ];
   };
-  buildPlugin = { pluginName, sha256, nativeBuildInputs ? [], buildInputs ? [], preConfigure ? "" }:
+  buildPlugin = { pluginName, sha256, nativeBuildInputs ? [], buildInputs ? [], preConfigure ? "", postPatch ? "" }:
     stdenv.mkDerivation {
-      name = "openfx-${pluginName}-${version}";
+      pname = "openfx-${pluginName}";
+      version = version;
       src = fetchurl {
-        url = "https://github.com/MrKepzie/Natron/releases/download/${version}/openfx-${pluginName}-${version}.tar.xz";
+        url = "https://github.com/NatronGitHub/openfx-${pluginName}/releases/download/Natron-${version}/openfx-${pluginName}-Natron-${version}.tar.xz";
         inherit sha256;
       };
-      inherit nativeBuildInputs buildInputs;
+      inherit nativeBuildInputs buildInputs postPatch;
       preConfigure = ''
         makeFlagsArray+=("CONFIG=release")
         makeFlagsArray+=("PLUGINPATH=$out/Plugins/OFX/Natron")
@@ -42,14 +43,19 @@ let
     url = "https://raw.githubusercontent.com/lvandeve/lodepng/a70c086077c0eaecbae3845e4da4424de5f43361/lodepng.h";
     sha256 = "14drdikd0vws3wwpyqq7zzm5z3kg98svv4q4w0hr45q6zh6hs0bq";
   };
+  cimgversion = "89b9d062ec472df3d33989e6d5d2a8b50ba0775c";
   CImgh = fetchurl {
-    url = "https://raw.githubusercontent.com/dtschump/CImg/572c12d82b2f59ece21be8f52645c38f1dd407e6/CImg.h";
-    sha256 = "0n4qfxj8j6rmj4svf68gg2pzg8d1pb74bnphidnf8i2paj6lwniz";
+    url = "https://raw.githubusercontent.com/dtschump/CImg/${cimgversion}/CImg.h";
+    sha256 = "sha256-NbYpZDNj2oZ+wqoEkRwwCjiujdr+iGOLA0Pa0Ynso6U=";
+  };
+  inpainth = fetchurl {
+    url = "https://raw.githubusercontent.com/dtschump/CImg/${cimgversion}/plugins/inpaint.h";
+    sha256 = "sha256-cd28a3VOs5002GkthHkbIUrxZfKuGhqIYO4Oxe/2HIQ=";
   };
   plugins = map buildPlugin [
     ({
       pluginName = "arena";
-      sha256 = "0qba13vn9qdfax7nqlz1ps27zspr5kh795jp1xvbmwjzjzjpkqkf";
+      sha256 = "tUb6myG03mRieUAfgRZfv5Ap+cLvbpNrLMYCGTiAq8c=";
       nativeBuildInputs = [ pkg-config ];
       buildInputs = [
         pango librsvg librevenge libcdr opencolorio libxml2 libzip
@@ -65,32 +71,37 @@ let
     })
     ({
       pluginName = "io";
-      sha256 = "0s196i9fkgr9iw92c94mxgs1lkxbhynkf83vmsgrldflmf0xjky7";
+      sha256 = "OQg6a5wNy9TFFySjmgd1subvXRxY/ZnSOCkaoUo+ZaA=";
       nativeBuildInputs = [ pkg-config ];
       buildInputs = [
         libpng ffmpeg_3 openexr opencolorio openimageio boost libGL
-        seexpr
+        seexpr libraw openjpeg libwebp
       ];
     })
     ({
       pluginName = "misc";
-      sha256 = "02h79jrll0c17azxj16as1mks3lmypm4m3da4mms9sg31l3n82qi";
+      sha256 = "XkdQyWI9ilF6IoP3yuHulNUZRPLX1m4lq/+RbXsrFEQ=";
       buildInputs = [
         libGL
       ];
-      preConfigure = ''
-        cp ${CImgh} CImg/CImg.h
+      postPatch = ''
+        cp '${inpainth}' CImg/Inpaint/inpaint.h
+        patch -p0 -dCImg < CImg/Inpaint/inpaint.h.patch # taken from the Makefile; it gets skipped if the file already exists
+        cp '${CImgh}' CImg/CImg.h
       '';
     })
   ];
 in
 stdenv.mkDerivation {
   inherit version;
-  name = "natron-${version}";
+  pname = "natron";
 
-  src = fetchurl {
-    url = "https://github.com/MrKepzie/Natron/releases/download/${version}/Natron-${version}.tar.xz";
-    sha256 = "1wdc0zqriw2jhlrhzs6af3kagrv22cm086ffnbr1x43mgc9hfhjp";
+  src = fetchFromGitHub {
+    owner = "NatronGitHub";
+    repo = "Natron";
+    rev = "v${version}";
+    fetchSubmodules = true;
+    sha256 = "sha256-KuXJmmIsvwl4uqmAxXqWU+273jsdWrCuUSwWn5vuu8M=";
   };
 
   nativeBuildInputs = [ qmake4Hook pkg-config python2Packages.wrapPython ];
@@ -124,6 +135,5 @@ stdenv.mkDerivation {
     license = lib.licenses.gpl2;
     maintainers = [ maintainers.puffnfresh ];
     platforms = platforms.linux;
-    broken = true;
   };
 }

From 9033b0a9316fe080275a99a24a3cf2164cbf2de3 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <baloo@superbaloo.net>
Date: Tue, 23 Feb 2021 01:28:59 +0000
Subject: [PATCH 11/51] pythonPackages.certvalidator: init at 0.11.1

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
---
 .../python-modules/certvalidator/default.nix  | 34 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 36 insertions(+)
 create mode 100644 pkgs/development/python-modules/certvalidator/default.nix

diff --git a/pkgs/development/python-modules/certvalidator/default.nix b/pkgs/development/python-modules/certvalidator/default.nix
new file mode 100644
index 00000000000..8f53bd9805b
--- /dev/null
+++ b/pkgs/development/python-modules/certvalidator/default.nix
@@ -0,0 +1,34 @@
+{ lib, buildPythonPackage, fetchFromGitHub
+, asn1crypto, oscrypto
+, cacert
+}:
+
+buildPythonPackage rec {
+  pname = "certvalidator";
+  version = "0.11.1";
+
+  src = fetchFromGitHub {
+    owner = "wbond";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-yVF7t4FuU3C9fDg67JeM7LWZZh/mv5F4EKmjlO4AuBY=";
+  };
+
+  propagatedBuildInputs = [ asn1crypto oscrypto ];
+
+  checkInputs = [ cacert ];
+  checkPhase = ''
+    # Tests are run with a custom executor/loader
+    # The regex to skip specific tests relies on negative lookahead of regular expressions
+    # We're skipping the few tests that rely on the network, fetching CRLs, OCSP or remote certificates
+    python -c 'import dev.tests; dev.tests.run("^(?!.*test_(basic_certificate_validator_tls|fetch|revocation|build_path)).*$")'
+  '';
+  pythonImportsCheck = [ "certvalidator" ];
+
+  meta = with lib; {
+    homepage = "https://github.com/wbond/certvalidator";
+    description = "Validates X.509 certificates and paths";
+    license = licenses.mit;
+    maintainers = with maintainers; [ baloo ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index a392ef3764f..52a91a62846 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1244,6 +1244,8 @@ in {
 
   certipy = callPackage ../development/python-modules/certipy { };
 
+  certvalidator = callPackage ../development/python-modules/certvalidator { };
+
   cffi = callPackage ../development/python-modules/cffi { };
 
   cfgv = callPackage ../development/python-modules/cfgv { };

From 8578ba7cd4078589bb838f3d1a997be541730ca1 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <baloo@superbaloo.net>
Date: Tue, 23 Feb 2021 01:29:59 +0000
Subject: [PATCH 12/51] pythonPackages.signify: init at 0.3.0

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
---
 .../signify/certificate-expiration-date.patch | 18 ++++++++++
 .../python-modules/signify/default.nix        | 36 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 3 files changed, 56 insertions(+)
 create mode 100644 pkgs/development/python-modules/signify/certificate-expiration-date.patch
 create mode 100644 pkgs/development/python-modules/signify/default.nix

diff --git a/pkgs/development/python-modules/signify/certificate-expiration-date.patch b/pkgs/development/python-modules/signify/certificate-expiration-date.patch
new file mode 100644
index 00000000000..6554211a4bc
--- /dev/null
+++ b/pkgs/development/python-modules/signify/certificate-expiration-date.patch
@@ -0,0 +1,18 @@
+diff --git a/tests/test_authenticode.py b/tests/test_authenticode.py
+index 7e2c709..2f27e09 100644
+--- a/tests/test_authenticode.py
++++ b/tests/test_authenticode.py
+@@ -153,10 +153,12 @@ class AuthenticodeParserTestCase(unittest.TestCase):
+         """this certificate is revoked"""
+         with open(str(root_dir / "test_data" / "jameslth"), "rb") as f:
+             pefile = SignedPEFile(f)
+-            pefile.verify()
++            pefile.verify(verification_context_kwargs=
++                          {'timestamp': datetime.datetime(2021, 1, 1, tzinfo=datetime.timezone.utc)})
+
+     def test_jameslth_revoked(self):
+         """this certificate is revoked"""
++        # TODO: this certificate is now expired, so it will not show up as valid anyway
+         with open(str(root_dir / "test_data" / "jameslth"), "rb") as f:
+             pefile = SignedPEFile(f)
+             with self.assertRaises(VerificationError):
diff --git a/pkgs/development/python-modules/signify/default.nix b/pkgs/development/python-modules/signify/default.nix
new file mode 100644
index 00000000000..be0623b1b73
--- /dev/null
+++ b/pkgs/development/python-modules/signify/default.nix
@@ -0,0 +1,36 @@
+{ lib, buildPythonPackage, fetchFromGitHub, pythonOlder, pytestCheckHook
+, certvalidator, pyasn1, pyasn1-modules
+}:
+
+buildPythonPackage rec {
+  pname = "signify";
+  version = "0.3.0";
+  disabled = pythonOlder "3.5";
+
+  src = fetchFromGitHub {
+    owner = "ralphje";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-JxQECpwHhPm8TCVW/bCnEpu5I/WETyZVBx29SQE4NmE=";
+  };
+  patches = [
+    # Upstream patch is available here:
+    #  https://github.com/ralphje/signify/commit/8c345be954e898a317825bb450bed5ba0304b2b5.patch
+    # But update a couple other things and dont apply cleanly. This is an extract of the part
+    # we care about and breaks the tests after 2021-03-01
+    ./certificate-expiration-date.patch
+  ];
+
+  propagatedBuildInputs = [ certvalidator pyasn1 pyasn1-modules ];
+
+  checkInputs = [ pytestCheckHook ];
+  pytestFlagsArray = [ "-v" ];
+  pythonImportsCheck = [ "signify" ];
+
+  meta = with lib; {
+    homepage = "https://github.com/ralphje/signify";
+    description = "library that verifies PE Authenticode-signed binaries";
+    license = licenses.mit;
+    maintainers = with maintainers; [ baloo ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 52a91a62846..1000a64b5e2 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -7368,6 +7368,8 @@ in {
 
   singledispatch = callPackage ../development/python-modules/singledispatch { };
 
+  signify = callPackage ../development/python-modules/signify { };
+
   sip = callPackage ../development/python-modules/sip { };
 
   sip_5 = callPackage ../development/python-modules/sip/5.x.nix { };

From 88fe05a59b3a0c5ca8dcea44e8883d50208a4225 Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Fri, 5 Mar 2021 19:58:23 +0100
Subject: [PATCH 13/51] python3Packages.python-nmap: init at 0.6.4

---
 .../python-modules/python-nmap/default.nix    | 38 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 +
 2 files changed, 40 insertions(+)
 create mode 100644 pkgs/development/python-modules/python-nmap/default.nix

diff --git a/pkgs/development/python-modules/python-nmap/default.nix b/pkgs/development/python-modules/python-nmap/default.nix
new file mode 100644
index 00000000000..745d6c67eac
--- /dev/null
+++ b/pkgs/development/python-modules/python-nmap/default.nix
@@ -0,0 +1,38 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, nmap
+}:
+
+buildPythonPackage rec {
+  pname = "python-nmap";
+  version = "0.6.4";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "013q2797d9sf6mrj7x1hqfcql5gqgg50zgiifp2yypfa4k8cwjsx";
+  };
+
+  propagatedBuildInputs = [ nmap ];
+
+  postPatch = ''
+    substituteInPlace setup.cfg --replace "universal=3" "universal=1"
+  '';
+
+  # Tests requires sudo and performs scans
+  doCheck = false;
+  pythonImportsCheck = [ "nmap" ];
+
+  meta = with lib; {
+    description = "Python library which helps in using nmap";
+    longDescription = ''
+      python-nmap is a Python library which helps in using nmap port scanner. It
+      allows to easily manipulate nmap scan results and will be a perfect tool
+      for systems administrators who want to automatize scanning task and reports.
+      It also supports nmap script outputs.
+    '';
+    homepage = "http://xael.org/pages/python-nmap-en.html";
+    license = with licenses; [ gpl3Plus ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index fc77de9a88d..4dfabc30ad5 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -6493,6 +6493,8 @@ in {
       inherit (pkgs) pkg-config;
     };
 
+  python-nmap = callPackage ../development/python-modules/python-nmap { };
+
   python-nomad = callPackage ../development/python-modules/python-nomad { };
 
   python-oauth2 = callPackage ../development/python-modules/python-oauth2 { };

From 33f6c146a064a8bb283e56fb5ed013a94a2fe3f1 Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Fri, 5 Mar 2021 19:58:41 +0100
Subject: [PATCH 14/51] home-assistant: update component-packages

---
 pkgs/servers/home-assistant/component-packages.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix
index bc9768a7345..0425fae5d70 100644
--- a/pkgs/servers/home-assistant/component-packages.nix
+++ b/pkgs/servers/home-assistant/component-packages.nix
@@ -549,7 +549,7 @@
     "niko_home_control" = ps: with ps; [ ]; # missing inputs: niko-home-control
     "nilu" = ps: with ps; [ ]; # missing inputs: niluclient
     "nissan_leaf" = ps: with ps; [ ]; # missing inputs: pycarwings2
-    "nmap_tracker" = ps: with ps; [ getmac ]; # missing inputs: python-nmap
+    "nmap_tracker" = ps: with ps; [ getmac python-nmap ];
     "nmbs" = ps: with ps; [ ]; # missing inputs: pyrail
     "no_ip" = ps: with ps; [ ];
     "noaa_tides" = ps: with ps; [ ]; # missing inputs: noaa-coops

From 6817802d0ab74d903ec1892e0fd66fa5f0363a0b Mon Sep 17 00:00:00 2001
From: Aaron Andersen <aaron@fosslib.net>
Date: Thu, 4 Mar 2021 20:53:10 -0500
Subject: [PATCH 15/51] kodi: remove unused code

---
 pkgs/applications/video/kodi/default.nix | 103 ++++++-----------------
 1 file changed, 27 insertions(+), 76 deletions(-)

diff --git a/pkgs/applications/video/kodi/default.nix b/pkgs/applications/video/kodi/default.nix
index f461838fdf1..8d598f0bf55 100644
--- a/pkgs/applications/video/kodi/default.nix
+++ b/pkgs/applications/video/kodi/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl, fetchFromGitHub, autoconf, automake, libtool, makeWrapper, linuxHeaders
+{ stdenv, lib, fetchFromGitHub, autoconf, automake, libtool, makeWrapper
 , pkg-config, cmake, gnumake, yasm, python3Packages
 , libgcrypt, libgpgerror, libunistring
 , boost, avahi, lame
@@ -57,41 +57,15 @@ let
     sha256 = "097dg6a7v4ia85jx1pmlpwzdpqcqxlrmniqd005q73zvgj67zc2p";
   };
 
-  cmakeProto = fetchurl {
-    url = "https://raw.githubusercontent.com/pramsey/libght/ca9b1121c352ea10170636e170040e1af015bad1/cmake/modules/CheckPrototypeExists.cmake";
-    sha256  = "1zai82gm5x55n3xvdv7mns3ja6a2k81x9zz0nk42j6s2yb0fkjxh";
-  };
-
-  cmakeProtoPatch = ''
-    # get rid of windows headers as they will otherwise be found first
-    rm -rf msvc
-
-    cp ${cmakeProto} cmake/${cmakeProto.name}
-    # we need to enable support for C++ for check_prototype_exists to do its thing
-    substituteInPlace CMakeLists.txt --replace 'LANGUAGES C' 'LANGUAGES C CXX'
-    if [ -f cmake/CheckHeadersSTDC.cmake ]; then
-      sed -i cmake/CheckHeadersSTDC.cmake \
-        -e '7iinclude(CheckPrototypeExists)'
-    fi
-  '';
-
-  kodiDependency = { name, version, rev, sha256, ... } @attrs:
-    let
-      attrs' = builtins.removeAttrs attrs ["name" "version" "rev" "sha256"];
-    in stdenv.mkDerivation ({
-      name = "kodi-${lib.toLower name}-${version}";
-      src = fetchFromGitHub {
-        owner = "xbmc";
-        repo  = name;
-        inherit rev sha256;
-      };
-    } // attrs');
-
-  ffmpeg = kodiDependency rec {
-    name    = "FFmpeg";
+  ffmpeg = stdenv.mkDerivation rec {
+    pname = "kodi-ffmpeg";
     version = "4.3.1";
-    rev     = "${version}-${rel}-Beta1";
-    sha256  = "1c5rwlxn6xj501iw7masdv2p6wb9rkmd299lmlkx97sw1kvxvg2w";
+    src = fetchFromGitHub {
+      owner   = "xbmc";
+      repo    = "FFmpeg";
+      rev     = "${version}-${rel}-Beta1";
+      sha256  = "1c5rwlxn6xj501iw7masdv2p6wb9rkmd299lmlkx97sw1kvxvg2w";
+    };
     preConfigure = ''
       cp ${kodi_src}/tools/depends/target/ffmpeg/{CMakeLists.txt,*.cmake} .
       sed -i 's/ --cpu=''${CPU}//' CMakeLists.txt
@@ -110,47 +84,25 @@ let
 
   # We can build these externally but FindLibDvd.cmake forces us to build it
   # them, so we currently just use them for the src.
-  libdvdcss = kodiDependency rec {
-    name              = "libdvdcss";
-    version           = "1.4.2";
-    rev               = "${version}-${rel}-Beta-5";
-    sha256            = "0j41ydzx0imaix069s3z07xqw9q95k7llh06fc27dcn6f7b8ydyl";
-    buildInputs       = [ linuxHeaders ];
-    nativeBuildInputs = [ cmake pkg-config ];
-    postPatch = ''
-      rm -rf msvc
-
-      substituteInPlace config.h.cm \
-        --replace '#cmakedefine O_BINARY "''${O_BINARY}"' '#define O_BINARY 0'
-    '';
-    cmakeFlags = [
-      "-DBUILD_SHARED_LIBS=1"
-      "-DHAVE_LINUX_DVD_STRUCT=1"
-    ];
+  libdvdcss = fetchFromGitHub {
+    owner = "xbmc";
+    repo = "libdvdcss";
+    rev = "1.4.2-${rel}-Beta-5";
+    sha256 = "0j41ydzx0imaix069s3z07xqw9q95k7llh06fc27dcn6f7b8ydyl";
   };
 
-  libdvdnav = kodiDependency rec {
-    name              = "libdvdnav";
-    version           = "6.0.0";
-    rev               = "${version}-${rel}-Alpha-3";
-    sha256            = "0qwlf4lgahxqxk1r2pzl866mi03pbp7l1fc0rk522sc0ak2s9jhb";
-    buildInputs       = [ libdvdcss libdvdread ];
-    nativeBuildInputs = [ cmake pkg-config ];
-    postPatch         = cmakeProtoPatch;
-    postInstall = ''
-      mv $out/lib/liblibdvdnav.so $out/lib/libdvdnav.so
-    '';
+  libdvdnav = fetchFromGitHub {
+    owner = "xbmc";
+    repo = "libdvdnav";
+    rev = "6.0.0-${rel}-Alpha-3";
+    sha256 = "0qwlf4lgahxqxk1r2pzl866mi03pbp7l1fc0rk522sc0ak2s9jhb";
   };
 
-  libdvdread = kodiDependency rec {
-    name              = "libdvdread";
-    version           = "6.0.0";
-    rev               = "${version}-${rel}-Alpha-3";
-    sha256            = "1xxn01mhkdnp10cqdr357wx77vyzfb5glqpqyg8m0skyi75aii59";
-    buildInputs       = [ libdvdcss ];
-    nativeBuildInputs = [ cmake pkg-config ];
-    configureFlags    = [ "--with-libdvdcss" ];
-    postPatch         = cmakeProtoPatch;
+  libdvdread = fetchFromGitHub {
+    owner = "xbmc";
+    repo = "libdvdread";
+    rev = "6.0.0-${rel}-Alpha-3";
+    sha256 = "1xxn01mhkdnp10cqdr357wx77vyzfb5glqpqyg8m0skyi75aii59";
   };
 
   kodi_platforms =
@@ -184,7 +136,6 @@ in stdenv.mkDerivation {
       bluez giflib glib harfbuzz lcms2 libpthreadstubs
       ffmpeg flatbuffers fmt fstrcmp rapidjson
       lirc
-      # libdvdcss libdvdnav libdvdread
     ]
     ++ lib.optional x11Support [
       libX11 xorgproto libXt libXmu libXext.dev libXdmcp
@@ -231,9 +182,9 @@ in stdenv.mkDerivation {
 
     cmakeFlags = [
       "-DAPP_RENDER_SYSTEM=${if useGbm then "gles" else "gl"}"
-      "-Dlibdvdcss_URL=${libdvdcss.src}"
-      "-Dlibdvdnav_URL=${libdvdnav.src}"
-      "-Dlibdvdread_URL=${libdvdread.src}"
+      "-Dlibdvdcss_URL=${libdvdcss}"
+      "-Dlibdvdnav_URL=${libdvdnav}"
+      "-Dlibdvdread_URL=${libdvdread}"
       "-DGIT_VERSION=${kodiReleaseDate}"
       "-DENABLE_EVENTCLIENTS=ON"
       "-DENABLE_INTERNAL_CROSSGUID=OFF"

From d5242ee214b61ceb7d9317dab376459770f209c0 Mon Sep 17 00:00:00 2001
From: Aaron Andersen <aaron@fosslib.net>
Date: Thu, 4 Mar 2021 21:21:33 -0500
Subject: [PATCH 16/51] kodi: add samba to path for `nmblookup` executable

---
 pkgs/applications/video/kodi/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/video/kodi/default.nix b/pkgs/applications/video/kodi/default.nix
index 8d598f0bf55..da338e17586 100644
--- a/pkgs/applications/video/kodi/default.nix
+++ b/pkgs/applications/video/kodi/default.nix
@@ -221,7 +221,7 @@ in stdenv.mkDerivation {
     postInstall = ''
       for p in $(ls $out/bin/) ; do
         wrapProgram $out/bin/$p \
-          --prefix PATH            ":" "${lib.makeBinPath ([ python3Packages.python glxinfo ] ++ lib.optional x11Support xdpyinfo)}" \
+          --prefix PATH            ":" "${lib.makeBinPath ([ python3Packages.python glxinfo ] ++ lib.optional x11Support xdpyinfo ++ lib.optional sambaSupport samba)}" \
           --prefix LD_LIBRARY_PATH ":" "${lib.makeLibraryPath
               ([ curl systemd libmad libvdpau libcec libcec_platform libass ]
                  ++ lib.optional nfsSupport libnfs

From 55142f4301163ada7c1aa1bb2b687a7342b488c1 Mon Sep 17 00:00:00 2001
From: Mario Rodas <marsam@users.noreply.github.com>
Date: Sat, 6 Mar 2021 04:20:00 +0000
Subject: [PATCH 17/51] rubocop: 1.10.0 -> 1.11.0

https://github.com/rubocop/rubocop/releases/tag/v1.11.0
---
 pkgs/development/tools/rubocop/Gemfile.lock | 4 ++--
 pkgs/development/tools/rubocop/default.nix  | 1 -
 pkgs/development/tools/rubocop/gemset.nix   | 8 ++++----
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/pkgs/development/tools/rubocop/Gemfile.lock b/pkgs/development/tools/rubocop/Gemfile.lock
index 54287074bed..2c5deffc2d1 100644
--- a/pkgs/development/tools/rubocop/Gemfile.lock
+++ b/pkgs/development/tools/rubocop/Gemfile.lock
@@ -6,9 +6,9 @@ GEM
     parser (3.0.0.0)
       ast (~> 2.4.1)
     rainbow (3.0.0)
-    regexp_parser (2.0.3)
+    regexp_parser (2.1.1)
     rexml (3.2.4)
-    rubocop (1.10.0)
+    rubocop (1.11.0)
       parallel (~> 1.10)
       parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
diff --git a/pkgs/development/tools/rubocop/default.nix b/pkgs/development/tools/rubocop/default.nix
index 9a6393977d7..a388377ae08 100644
--- a/pkgs/development/tools/rubocop/default.nix
+++ b/pkgs/development/tools/rubocop/default.nix
@@ -14,6 +14,5 @@ bundlerEnv {
     homepage = "https://docs.rubocop.org/";
     license = licenses.mit;
     maintainers = with maintainers; [ marsam leemachin ];
-    platforms = platforms.unix;
   };
 }
diff --git a/pkgs/development/tools/rubocop/gemset.nix b/pkgs/development/tools/rubocop/gemset.nix
index b460200c74e..46d920bc657 100644
--- a/pkgs/development/tools/rubocop/gemset.nix
+++ b/pkgs/development/tools/rubocop/gemset.nix
@@ -45,10 +45,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0zm86k9q8m5jkcnpb1f93wsvc57saldfj8czxkx1aw031i95inip";
+      sha256 = "0vg7imjnfcqjx7kw94ccj5r78j4g190cqzi1i59sh4a0l940b9cr";
       type = "gem";
     };
-    version = "2.0.3";
+    version = "2.1.1";
   };
   rexml = {
     groups = ["default"];
@@ -66,10 +66,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1ncd6w4sc112j86j9j12ws7flxfi8dk8nal2kyxg7phdfr703qlz";
+      sha256 = "0zrzsgx35mcr81c51gyx63s7yngcfgk33dbkx5j0npkaks4fcm7r";
       type = "gem";
     };
-    version = "1.10.0";
+    version = "1.11.0";
   };
   rubocop-ast = {
     dependencies = ["parser"];

From ee3d784011119ecbae588241129ce9b36acb67dd Mon Sep 17 00:00:00 2001
From: zseri <zseri.devel@ytrizja.de>
Date: Sat, 6 Mar 2021 02:39:36 +0100
Subject: [PATCH 18/51] zs-wait4host: init at 0.3.2

---
 .../tools/networking/zs-wait4host/default.nix | 36 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 ++
 2 files changed, 38 insertions(+)
 create mode 100644 pkgs/tools/networking/zs-wait4host/default.nix

diff --git a/pkgs/tools/networking/zs-wait4host/default.nix b/pkgs/tools/networking/zs-wait4host/default.nix
new file mode 100644
index 00000000000..4c8342256c7
--- /dev/null
+++ b/pkgs/tools/networking/zs-wait4host/default.nix
@@ -0,0 +1,36 @@
+{ bash, coreutils, fetchurl, fping, lib, stdenvNoCC }:
+
+stdenvNoCC.mkDerivation rec {
+  pname = "zs-wait4host";
+  version = "0.3.2";
+
+  src = fetchurl {
+    url = "https://ytrizja.de/distfiles/${pname}-${version}.tar.gz";
+    sha256 = "9F1264BDoGlRR7bWlRXhfyvxWio4ydShKmabUQEIz9I=";
+  };
+
+  buildInputs = [ bash coreutils fping ];
+
+  postPatch = ''
+    for i in zs-wait4host zs-wait4host-inf; do
+      substituteInPlace "$i" \
+        --replace '$(zs-guess-fping)' '${fping}/bin/fping' \
+        --replace ' sleep ' ' ${coreutils}/bin/sleep ' \
+        --replace '[ "$FPING" ] || exit 1' ""
+    done
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    install -D -t $out/bin zs-wait4host zs-wait4host-inf
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Wait for a host to come up/go down";
+    homepage = "https://ytrizja.de/";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ zseri ];
+    platforms = platforms.all;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 6d829b1126a..06e0c7bae62 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9400,6 +9400,8 @@ in
 
   zs-apc-spdu-ctl = callPackage ../tools/networking/zs-apc-spdu-ctl { };
 
+  zs-wait4host = callPackage ../tools/networking/zs-wait4host { };
+
   zstxtns-utils = callPackage ../tools/text/zstxtns-utils { };
 
   zsh-autoenv = callPackage ../tools/misc/zsh-autoenv { };

From 74d70bd5a74e0aebcf7e1ac2941a832151c1999c Mon Sep 17 00:00:00 2001
From: Yevhen Shymotiuk <yevhenshymotiuk@gmail.com>
Date: Sat, 6 Mar 2021 16:59:08 +0200
Subject: [PATCH 19/51] python3Packages.pipx: 0.16.0.0 -> 0.16.1.0

---
 pkgs/development/python-modules/pipx/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/pipx/default.nix b/pkgs/development/python-modules/pipx/default.nix
index c29847c9f29..34a7bc6b31a 100644
--- a/pkgs/development/python-modules/pipx/default.nix
+++ b/pkgs/development/python-modules/pipx/default.nix
@@ -6,12 +6,13 @@
 , argcomplete
 , packaging
 , importlib-metadata
+, colorama
 , pytestCheckHook
 }:
 
 buildPythonPackage rec {
   pname = "pipx";
-  version = "0.16.0.0";
+  version = "0.16.1.0";
 
   disabled = pythonOlder "3.6";
 
@@ -20,13 +21,14 @@ buildPythonPackage rec {
     owner = "pipxproject";
     repo = pname;
     rev = version;
-    sha256 = "08mn7vm8iw20pg0gfn491y1jx8wcyjijps6f1hy7ipzd5ckynscn";
+    sha256 = "081raqsaq7i2x4yxhxppv930jhajdwmngin5wazy7vqhiy3xc669";
   };
 
   propagatedBuildInputs = [
     userpath
     argcomplete
     packaging
+    colorama
   ] ++ lib.optionals (pythonOlder "3.8") [
     importlib-metadata
   ];

From 66328b6949f9e605d66ab7cb224d4967a928b9cd Mon Sep 17 00:00:00 2001
From: tu-maurice <valentin.gehrke@zom.bi>
Date: Sun, 21 Feb 2021 18:11:45 +0100
Subject: [PATCH 20/51] fishnet: 2.2.4 -> 2.2.5

---
 pkgs/servers/fishnet/assets.nix  | 5 +++--
 pkgs/servers/fishnet/default.nix | 7 ++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/pkgs/servers/fishnet/assets.nix b/pkgs/servers/fishnet/assets.nix
index 6844db1b810..d246159402d 100644
--- a/pkgs/servers/fishnet/assets.nix
+++ b/pkgs/servers/fishnet/assets.nix
@@ -14,8 +14,8 @@ stdenv.mkDerivation rec {
   src = fetchFromGitHub {
     owner = "niklasf";
     repo = pname;
-    rev = "b4fa30e57ec8976fb1c10bd36737bc784351b93e";
-    sha256 = "0gfs9lm4ih3h3fmgqylw05ii1h0d6mpjfxadnw3wymnjsspfb0m4";
+    rev = "acd36ab6ccee67a652b6d84aedc4c2828abac5c6";
+    sha256 = "0mh4gh6qij70clp64m4jw6q7dafr7gwjqpvpaf9vc6h10g1rhzrx";
   };
 
   relAssetsPath = "share/${pname}";
@@ -53,5 +53,6 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/niklasf/fishnet-assets";
     license = licenses.gpl3Only;
     maintainers = with maintainers; [ tu-maurice ];
+    platforms = [ "x86_64-linux" ];
   };
 }
diff --git a/pkgs/servers/fishnet/default.nix b/pkgs/servers/fishnet/default.nix
index 508068bd2d4..8060943fa5e 100644
--- a/pkgs/servers/fishnet/default.nix
+++ b/pkgs/servers/fishnet/default.nix
@@ -12,16 +12,16 @@ let
 in
 rustPlatform.buildRustPackage rec {
   pname = "fishnet";
-  version = "2.2.4";
+  version = "2.2.5";
 
   src = fetchFromGitHub {
     owner = "niklasf";
     repo = pname;
     rev = "v${version}";
-    sha256 = "19dh69b6mqx16195w9d20fah4jl8hhbxm84xq4zwsgl4khmw7zqz";
+    sha256 = "0gif9wagm9bzq7j3biasqvzp9lfvmxqr5wagqqybmhbn8ipj20a8";
   };
 
-  cargoSha256 = "0zl2fnmqncyjd52wkn6dddx9lm9ywpw7swy895yq299z2bbbkv3h";
+  cargoSha256 = "0hqyh0nzfrm7m34kqixrlbc7w8d0k7v6psw8jg6zpwpfcmhqq15j";
 
   preBuild = ''
     rmdir ./assets
@@ -33,5 +33,6 @@ rustPlatform.buildRustPackage rec {
     homepage = "https://github.com/niklasf/fishnet";
     license = licenses.gpl3Plus;
     maintainers = with maintainers; [ tu-maurice ];
+    platforms = [ "x86_64-linux" ];
   };
 }

From ef615b5a61c049317da5ed5637e4561b224dd66d Mon Sep 17 00:00:00 2001
From: Mauricio Collares <mauricio@collares.org>
Date: Mon, 1 Mar 2021 10:42:12 -0300
Subject: [PATCH 21/51] sage: adapt for eclib output format changes

---
 .../eclib-20210223-test-formatting.patch      | 131 ++++++++++++++++++
 .../science/math/sage/sage-src.nix            |   3 +
 2 files changed, 134 insertions(+)
 create mode 100644 pkgs/applications/science/math/sage/patches/eclib-20210223-test-formatting.patch

diff --git a/pkgs/applications/science/math/sage/patches/eclib-20210223-test-formatting.patch b/pkgs/applications/science/math/sage/patches/eclib-20210223-test-formatting.patch
new file mode 100644
index 00000000000..3fdb8f768e9
--- /dev/null
+++ b/pkgs/applications/science/math/sage/patches/eclib-20210223-test-formatting.patch
@@ -0,0 +1,131 @@
+diff --git a/src/sage/libs/eclib/interface.py b/src/sage/libs/eclib/interface.py
+index e898456720..6b98c12328 100644
+--- a/src/sage/libs/eclib/interface.py
++++ b/src/sage/libs/eclib/interface.py
+@@ -758,78 +758,78 @@ class mwrank_MordellWeil(SageObject):
+ 
+         sage: EQ = mwrank_MordellWeil(E, verbose=True)
+         sage: EQ.search(1)
+-        P1 = [0:1:0]     is torsion point, order 1
+-        P1 = [-3:0:1]     is generator number 1
+-        saturating up to 20...Checking 2-saturation
++        P1 = [0:1:0]         is torsion point, order 1
++        P1 = [-3:0:1]         is generator number 1
++        saturating up to 20...Checking 2-saturation...
+         Points have successfully been 2-saturated (max q used = 7)
+-        Checking 3-saturation
++        Checking 3-saturation...
+         Points have successfully been 3-saturated (max q used = 7)
+-        Checking 5-saturation
++        Checking 5-saturation...
+         Points have successfully been 5-saturated (max q used = 23)
+-        Checking 7-saturation
++        Checking 7-saturation...
+         Points have successfully been 7-saturated (max q used = 41)
+-        Checking 11-saturation
++        Checking 11-saturation...
+         Points have successfully been 11-saturated (max q used = 17)
+-        Checking 13-saturation
++        Checking 13-saturation...
+         Points have successfully been 13-saturated (max q used = 43)
+-        Checking 17-saturation
++        Checking 17-saturation...
+         Points have successfully been 17-saturated (max q used = 31)
+-        Checking 19-saturation
++        Checking 19-saturation...
+         Points have successfully been 19-saturated (max q used = 37)
+         done
+-        P2 = [-2:3:1]     is generator number 2
+-        saturating up to 20...Checking 2-saturation
++        P2 = [-2:3:1]         is generator number 2
++        saturating up to 20...Checking 2-saturation...
+         possible kernel vector = [1,1]
+         This point may be in 2E(Q): [14:-52:1]
+         ...and it is!
+         Replacing old generator #1 with new generator [1:-1:1]
+         Points have successfully been 2-saturated (max q used = 7)
+         Index gain = 2^1
+-        Checking 3-saturation
++        Checking 3-saturation...
+         Points have successfully been 3-saturated (max q used = 13)
+-        Checking 5-saturation
++        Checking 5-saturation...
+         Points have successfully been 5-saturated (max q used = 67)
+-        Checking 7-saturation
++        Checking 7-saturation...
+         Points have successfully been 7-saturated (max q used = 53)
+-        Checking 11-saturation
++        Checking 11-saturation...
+         Points have successfully been 11-saturated (max q used = 73)
+-        Checking 13-saturation
++        Checking 13-saturation...
+         Points have successfully been 13-saturated (max q used = 103)
+-        Checking 17-saturation
++        Checking 17-saturation...
+         Points have successfully been 17-saturated (max q used = 113)
+-        Checking 19-saturation
++        Checking 19-saturation...
+         Points have successfully been 19-saturated (max q used = 47)
+         done (index = 2).
+         Gained index 2, new generators = [ [1:-1:1] [-2:3:1] ]
+-        P3 = [-14:25:8]   is generator number 3
+-        saturating up to 20...Checking 2-saturation
++        P3 = [-14:25:8]       is generator number 3
++        saturating up to 20...Checking 2-saturation...
+         Points have successfully been 2-saturated (max q used = 11)
+-        Checking 3-saturation
++        Checking 3-saturation...
+         Points have successfully been 3-saturated (max q used = 13)
+-        Checking 5-saturation
++        Checking 5-saturation...
+         Points have successfully been 5-saturated (max q used = 71)
+-        Checking 7-saturation
++        Checking 7-saturation...
+         Points have successfully been 7-saturated (max q used = 101)
+-        Checking 11-saturation
++        Checking 11-saturation...
+         Points have successfully been 11-saturated (max q used = 127)
+-        Checking 13-saturation
++        Checking 13-saturation...
+         Points have successfully been 13-saturated (max q used = 151)
+-        Checking 17-saturation
++        Checking 17-saturation...
+         Points have successfully been 17-saturated (max q used = 139)
+-        Checking 19-saturation
++        Checking 19-saturation...
+         Points have successfully been 19-saturated (max q used = 179)
+         done (index = 1).
+-        P4 = [-1:3:1]    = -1*P1 + -1*P2 + -1*P3 (mod torsion)
+-        P4 = [0:2:1]     = 2*P1 + 0*P2 + 1*P3 (mod torsion)
+-        P4 = [2:13:8]    = -3*P1 + 1*P2 + -1*P3 (mod torsion)
+-        P4 = [1:0:1]     = -1*P1 + 0*P2 + 0*P3 (mod torsion)
+-        P4 = [2:0:1]     = -1*P1 + 1*P2 + 0*P3 (mod torsion)
+-        P4 = [18:7:8]    = -2*P1 + -1*P2 + -1*P3 (mod torsion)
+-        P4 = [3:3:1]     = 1*P1 + 0*P2 + 1*P3 (mod torsion)
+-        P4 = [4:6:1]     = 0*P1 + -1*P2 + -1*P3 (mod torsion)
+-        P4 = [36:69:64]  = 1*P1 + -2*P2 + 0*P3 (mod torsion)
+-        P4 = [68:-25:64]         = -2*P1 + -1*P2 + -2*P3 (mod torsion)
+-        P4 = [12:35:27]  = 1*P1 + -1*P2 + -1*P3 (mod torsion)
++        P4 = [-1:3:1]        = -1*P1 + -1*P2 + -1*P3 (mod torsion)
++        P4 = [0:2:1]         = 2*P1 + 0*P2 + 1*P3 (mod torsion)
++        P4 = [2:13:8]        = -3*P1 + 1*P2 + -1*P3 (mod torsion)
++        P4 = [1:0:1]         = -1*P1 + 0*P2 + 0*P3 (mod torsion)
++        P4 = [2:0:1]         = -1*P1 + 1*P2 + 0*P3 (mod torsion)
++        P4 = [18:7:8]        = -2*P1 + -1*P2 + -1*P3 (mod torsion)
++        P4 = [3:3:1]         = 1*P1 + 0*P2 + 1*P3 (mod torsion)
++        P4 = [4:6:1]         = 0*P1 + -1*P2 + -1*P3 (mod torsion)
++        P4 = [36:69:64]      = 1*P1 + -2*P2 + 0*P3 (mod torsion)
++        P4 = [68:-25:64]     = -2*P1 + -1*P2 + -2*P3 (mod torsion)
++        P4 = [12:35:27]      = 1*P1 + -1*P2 + -1*P3 (mod torsion)
+         sage: EQ
+         Subgroup of Mordell-Weil group: [[1:-1:1], [-2:3:1], [-14:25:8]]
+ 
+@@ -1076,7 +1076,7 @@ class mwrank_MordellWeil(SageObject):
+             sage: EQ.search(1)
+             P1 = [0:1:0]         is torsion point, order 1
+             P1 = [-3:0:1]         is generator number 1
+-            saturating up to 20...Checking 2-saturation
++            saturating up to 20...Checking 2-saturation...
+             ...
+             P4 = [12:35:27]      = 1*P1 + -1*P2 + -1*P3 (mod torsion)
+             sage: EQ
diff --git a/pkgs/applications/science/math/sage/sage-src.nix b/pkgs/applications/science/math/sage/sage-src.nix
index ff8e53d4172..99a163eb0b8 100644
--- a/pkgs/applications/science/math/sage/sage-src.nix
+++ b/pkgs/applications/science/math/sage/sage-src.nix
@@ -112,6 +112,9 @@ stdenv.mkDerivation rec {
 
     # workaround until we use sage's fork of threejs, which contains a "version" file
     ./patches/dont-grep-threejs-version-from-minified-js.patch
+
+    # updated eclib output has punctuation changes and tidier whitespace
+    ./patches/eclib-20210223-test-formatting.patch
   ];
 
   patches = nixPatches ++ bugfixPatches ++ packageUpgradePatches;

From 6efed4bee8436d8f55c0671a28759b6e58eb0440 Mon Sep 17 00:00:00 2001
From: Mauricio Collares <mauricio@collares.org>
Date: Sat, 6 Mar 2021 12:22:37 -0300
Subject: [PATCH 22/51] Revert "python3Packages.cypari2: 2.1.1 -> 2.1.2"

This reverts commit 7a3db26212b957cf1b210a4fbb85ed3c83c139e9.

Updating this requires fixing Sage tests, which will be done in a
separate PR.
---
 pkgs/development/python-modules/cypari2/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/cypari2/default.nix b/pkgs/development/python-modules/cypari2/default.nix
index 8c189848fc3..a7115d1e940 100644
--- a/pkgs/development/python-modules/cypari2/default.nix
+++ b/pkgs/development/python-modules/cypari2/default.nix
@@ -11,11 +11,11 @@
 buildPythonPackage rec {
   pname = "cypari2";
   # upgrade may break sage, please test the sage build or ping @timokau on upgrade
-  version = "2.1.2";
+  version = "2.1.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "03cd45edab8716ebbfdb754e65fea72e873c73dc91aec098fe4a01e35324ac7a";
+    sha256 = "df1ef62e771ec36e5a456f5fc8b51bc6745b70f0efdd0c7a30c3f0b5f1fb93db";
   };
 
   # This differs slightly from the default python installPhase in that it pip-installs

From 9a18802edfb9db4d826ec967d7301c6c7460dad9 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sat, 6 Mar 2021 19:48:03 +0100
Subject: [PATCH 23/51] botan2: 2.17.2 -> 2.17.3

Fixes CVE-2021-24115.
---
 pkgs/development/libraries/botan/2.0.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/botan/2.0.nix b/pkgs/development/libraries/botan/2.0.nix
index 2346153e2a1..cb40e535b0c 100644
--- a/pkgs/development/libraries/botan/2.0.nix
+++ b/pkgs/development/libraries/botan/2.0.nix
@@ -2,8 +2,8 @@
 
 callPackage ./generic.nix (args // {
   baseVersion = "2.17";
-  revision = "2";
-  sha256 = "0v0yiq0qxcrsn5b34j6bz8i6pds8dih2ds90ylmy1msm5gz7vqpb";
+  revision = "3";
+  sha256 = "121vn1aryk36cpks70kk4c4cfic5g0qs82bf92xap9258ijkn4kr";
   postPatch = ''
     sed -e 's@lang_flags "@&--std=c++11 @' -i src/build-data/cc/{gcc,clang}.txt
   '';

From 7adf9e90559a70473ee5fbcba9ef53d6a5850949 Mon Sep 17 00:00:00 2001
From: ajs124 <git@ajs124.de>
Date: Sat, 6 Mar 2021 19:59:34 +0100
Subject: [PATCH 24/51] pythonPackages.configshell: 1.1.28 -> 1.1.29

---
 pkgs/development/python-modules/configshell/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/configshell/default.nix b/pkgs/development/python-modules/configshell/default.nix
index a41d077f22d..9f67aacf2d4 100644
--- a/pkgs/development/python-modules/configshell/default.nix
+++ b/pkgs/development/python-modules/configshell/default.nix
@@ -2,13 +2,13 @@
 
 buildPythonPackage rec {
   pname = "configshell";
-  version = "1.1.28";
+  version = "1.1.29";
 
   src = fetchFromGitHub {
     owner = "open-iscsi";
     repo = "${pname}-fb";
     rev = "v${version}";
-    sha256 = "1ym2hkvmmacgy21wnjwzyrcxyl3sx4bcx4hc51vf4lzcnj589l68";
+    sha256 = "0mjj3c9335sph8rhwww7j4zvhyk896fbmx887vibm89w3jpvjjr9";
   };
 
   propagatedBuildInputs = [ pyparsing six urwid ];

From d178471fadd0cb85aa79e19be15144da4efc63a8 Mon Sep 17 00:00:00 2001
From: ajs124 <git@ajs124.de>
Date: Sat, 6 Mar 2021 20:00:33 +0100
Subject: [PATCH 25/51] targetcli: 2.1.53 -> 2.1.54

---
 pkgs/os-specific/linux/targetcli/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/targetcli/default.nix b/pkgs/os-specific/linux/targetcli/default.nix
index 4d3446d5a5d..f08ac284f23 100644
--- a/pkgs/os-specific/linux/targetcli/default.nix
+++ b/pkgs/os-specific/linux/targetcli/default.nix
@@ -2,13 +2,13 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "targetcli";
-  version = "2.1.53";
+  version = "2.1.54";
 
   src = fetchFromGitHub {
     owner = "open-iscsi";
     repo = "${pname}-fb";
     rev = "v${version}";
-    sha256 = "1qrq7y5hnghzbxgrxgl153n8jlhw31kqjbr93jsvlvhz5b3ci750";
+    sha256 = "1kbbvx0lba96ynr5iwws9jpi319m4rzph4bmcj7yfb37k8mi161v";
   };
 
   propagatedBuildInputs = with python3.pkgs; [ configshell rtslib ];

From 9c512f7a7651f55b3081418d138deef246a90ee7 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sat, 6 Mar 2021 19:58:04 +0100
Subject: [PATCH 26/51] smarty3: 3.1.36 -> 3.1.39

Fixes CVE-2021-26119 and CVE-2021-26120.

https://github.com/smarty-php/smarty/blob/v3.1.39/CHANGELOG.md
---
 pkgs/development/libraries/smarty3/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/smarty3/default.nix b/pkgs/development/libraries/smarty3/default.nix
index 29f640dedfc..c3c4f8610c7 100644
--- a/pkgs/development/libraries/smarty3/default.nix
+++ b/pkgs/development/libraries/smarty3/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "smarty3";
-  version = "3.1.36";
+  version = "3.1.39";
 
   src = fetchFromGitHub {
     owner = "smarty-php";
     repo = "smarty";
     rev = "v${version}";
-    sha256 = "0jljzw1xl2kjwf9cylp1ddnjhz7wbm499s03r479891max1m2mlf";
+    sha256 = "0n5hmnw66gxqikp6frgfd9ywsvr2azyg5nl7ix89digqlzcljkbg";
   };
 
   installPhase = ''

From 6f4b61d2ce39057fc0d9971fa7620cc7d7e7dd3a Mon Sep 17 00:00:00 2001
From: Dave Gallant <davegallant@gmail.com>
Date: Sat, 6 Mar 2021 14:09:43 -0500
Subject: [PATCH 27/51] awscli2: 2.1.17 -> 2.1.29

---
 pkgs/tools/admin/awscli2/default.nix | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/pkgs/tools/admin/awscli2/default.nix b/pkgs/tools/admin/awscli2/default.nix
index d832b00a6ee..1f5ff48d25a 100644
--- a/pkgs/tools/admin/awscli2/default.nix
+++ b/pkgs/tools/admin/awscli2/default.nix
@@ -1,19 +1,14 @@
-{ lib
-, python3
-, groff
-, less
-, fetchFromGitHub
-}:
+{ lib, python3, groff, less, fetchFromGitHub }:
 let
   py = python3.override {
     packageOverrides = self: super: {
       botocore = super.botocore.overridePythonAttrs (oldAttrs: rec {
-        version = "2.0.0dev85";
+        version = "2.0.0dev97";
         src = fetchFromGitHub {
           owner = "boto";
           repo = "botocore";
-          rev = "962bb5d356096c57e25a5579d09e4b4d928c886d";
-          sha256 = "09bk8d0r3245kbi96641gvfl3q4jjhw55gjldc2cpml6mv36hhnb";
+          rev = "f240d284994b521b0bd099161bc0ab5786caf700";
+          sha256 = "sha256-Ot3w/4OcQ+pXq6bJnQqV5uvG50/uIOa1pwMWqor5NXM=";
         };
       });
       prompt_toolkit = super.prompt_toolkit.overridePythonAttrs (oldAttrs: rec {
@@ -29,13 +24,13 @@ let
 in
 with py.pkgs; buildPythonApplication rec {
   pname = "awscli2";
-  version = "2.1.17"; # N.B: if you change this, change botocore to a matching version too
+  version = "2.1.29"; # N.B: if you change this, change botocore to a matching version too
 
   src = fetchFromGitHub {
     owner = "aws";
     repo = "aws-cli";
     rev = version;
-    sha256 = "1pla97sylzhvj7r5cschv4bg23hpl0ax1m5cx4291fppjnrn2yp9";
+    sha256 = "sha256-6SVDJeyPJQX4XIH8RYRzJG2LFDHxIrW/b1a0JZ5kIFY=";
   };
 
   postPatch = ''

From 39b57a4d0daa896455be6ccd0df73361335b2484 Mon Sep 17 00:00:00 2001
From: Xinglu Chen <public@yoctocell.xyz>
Date: Sat, 6 Mar 2021 17:52:44 +0100
Subject: [PATCH 28/51] tor-browser-bundle-bin: 10.0.12 -> 10.0.13

Update to latest release.

<https://blog.torproject.org/new-release-tor-browser-10013>
---
 .../browsers/tor-browser-bundle-bin/default.nix          | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
index 6517203eeeb..9264bbb1560 100644
--- a/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
+++ b/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
@@ -33,9 +33,6 @@
 
 , gmp
 
-# Pluggable transport dependencies
-, python27
-
 # Wrapper runtime
 , coreutils
 , glibcLocales
@@ -91,19 +88,19 @@ let
   fteLibPath = makeLibraryPath [ stdenv.cc.cc gmp ];
 
   # Upstream source
-  version = "10.0.12";
+  version = "10.0.13";
 
   lang = "en-US";
 
   srcs = {
     x86_64-linux = fetchurl {
       url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux64-${version}_${lang}.tar.xz";
-      sha256 = "0i5g997kgn7n6ji7pxbyvkx33nqfi2s1val680fp5hh1zz31yvfv";
+      sha256 = "sha256-KxJKS/ymbkAg8LjMFz3BDSupPk5cNB1pFz9fFyRTndk=";
     };
 
     i686-linux = fetchurl {
       url = "https://dist.torproject.org/torbrowser/${version}/tor-browser-linux32-${version}_${lang}.tar.xz";
-      sha256 = "16915fvvq3d16v1bzclnb52sa6yyaalihk3gv93jcnph9vsz8ags";
+      sha256 = "sha256-4glc2qP6AdHtWc8zW+varG30rlAXpeFyKjqDPsmiVfI=";
     };
   };
 in

From 390684da02cf154c25355212c86609c335414486 Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Wed, 3 Mar 2021 13:48:33 +0100
Subject: [PATCH 29/51] python3Packages.bitlist: init at 0.3.1

---
 .../python-modules/bitlist/default.nix        | 35 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 37 insertions(+)
 create mode 100644 pkgs/development/python-modules/bitlist/default.nix

diff --git a/pkgs/development/python-modules/bitlist/default.nix b/pkgs/development/python-modules/bitlist/default.nix
new file mode 100644
index 00000000000..ac8cf39cff2
--- /dev/null
+++ b/pkgs/development/python-modules/bitlist/default.nix
@@ -0,0 +1,35 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, nose
+, parts
+, pytestCheckHook
+}:
+
+buildPythonPackage rec {
+  pname = "bitlist";
+  version = "0.3.1";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "04dz64r21a39p8wph5qlhvs5y873qgk6xxjlzw8n695b8jm3ixir";
+  };
+
+  propagatedBuildInputs = [
+    parts
+  ];
+
+  checkInputs = [
+    pytestCheckHook
+    nose
+  ];
+
+  pythonImportsCheck = [ "bitlist" ];
+
+  meta = with lib; {
+    description = "Python library for working with little-endian list representation of bit strings";
+    homepage = "https://github.com/lapets/bitlist";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 810ecb9b86f..de94696c610 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -979,6 +979,8 @@ in {
 
   bitcoin-price-api = callPackage ../development/python-modules/bitcoin-price-api { };
 
+  bitlist = callPackage ../development/python-modules/bitlist { };
+
   bitmath = callPackage ../development/python-modules/bitmath { };
 
   bitstring = callPackage ../development/python-modules/bitstring { };

From 60b78b1c09951a0732b21cb403d927082081d27f Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Wed, 3 Mar 2021 13:52:49 +0100
Subject: [PATCH 30/51] python3Packages.fe25519: init at 0.2.0

---
 .../python-modules/fe25519/default.nix        | 39 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 +
 2 files changed, 41 insertions(+)
 create mode 100644 pkgs/development/python-modules/fe25519/default.nix

diff --git a/pkgs/development/python-modules/fe25519/default.nix b/pkgs/development/python-modules/fe25519/default.nix
new file mode 100644
index 00000000000..466de64453f
--- /dev/null
+++ b/pkgs/development/python-modules/fe25519/default.nix
@@ -0,0 +1,39 @@
+{ lib
+, bitlist
+, buildPythonPackage
+, fetchPypi
+, fountains
+, parts
+, nose
+, pytestCheckHook
+}:
+
+buildPythonPackage rec {
+  pname = "fe25519";
+  version = "0.2.0";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1m85qvw9dwxk81mv9k45c9n75pk8wqn70qkinqh56h5zv56vgq24";
+  };
+
+  propagatedBuildInputs = [
+    bitlist
+    fountains
+    parts
+  ];
+
+  checkInputs = [
+    nose
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [ "fe25519" ];
+
+  meta = with lib; {
+    description = "Python field operations for Curve25519's prime";
+    homepage = "https://github.com/BjoernMHaase/fe25519";
+    license = with licenses; [ cc0 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index de94696c610..137826f0e7c 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -2230,6 +2230,8 @@ in {
 
   fdint = callPackage ../development/python-modules/fdint { };
 
+  fe25519 = callPackage ../development/python-modules/fe25519 { };
+
   feedgen = callPackage ../development/python-modules/feedgen { };
 
   feedgenerator = callPackage ../development/python-modules/feedgenerator { inherit (pkgs) glibcLocales; };

From 7cdb7324494760a016f8772954eef10de71e3b79 Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Wed, 3 Mar 2021 13:54:41 +0100
Subject: [PATCH 31/51] python3Packages.ge25519: init at 0.2.0

---
 .../python-modules/ge25519/default.nix        | 41 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 +
 2 files changed, 43 insertions(+)
 create mode 100644 pkgs/development/python-modules/ge25519/default.nix

diff --git a/pkgs/development/python-modules/ge25519/default.nix b/pkgs/development/python-modules/ge25519/default.nix
new file mode 100644
index 00000000000..0e8d3722fbe
--- /dev/null
+++ b/pkgs/development/python-modules/ge25519/default.nix
@@ -0,0 +1,41 @@
+{ lib
+, bitlist
+, buildPythonPackage
+, fe25519
+, fetchPypi
+, fountains
+, nose
+, parts
+, pytestCheckHook
+}:
+
+buildPythonPackage rec {
+  pname = "ge25519";
+  version = "0.2.0";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1wgv0vqg8iv9y5d7if14gmcgslwd5zzgk322w9jaxdfbndldddik";
+  };
+
+  propagatedBuildInputs = [
+    fe25519
+    parts
+    bitlist
+    fountains
+  ];
+
+  checkInputs = [
+    nose
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [ "ge25519" ];
+
+  meta = with lib; {
+    description = "Python implementation of Ed25519 group elements and operations";
+    homepage = "https://github.com/nthparty/ge25519";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 137826f0e7c..bd6cc68d213 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -2530,6 +2530,8 @@ in {
 
   gdrivefs = callPackage ../development/python-modules/gdrivefs { };
 
+  ge25519 = callPackage ../development/python-modules/ge25519 { };
+
   geant4 = disabledIf (!isPy3k) (toPythonModule (pkgs.geant4.override {
     enablePython = true;
     python3 = python;

From e83c692f972cb8b3190f85ed8705f1d2eddc4c53 Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Sat, 6 Mar 2021 21:44:29 +0100
Subject: [PATCH 32/51] python3Packages.fountains: init at 0.2.1

---
 .../python-modules/fountains/default.nix      | 30 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 32 insertions(+)
 create mode 100644 pkgs/development/python-modules/fountains/default.nix

diff --git a/pkgs/development/python-modules/fountains/default.nix b/pkgs/development/python-modules/fountains/default.nix
new file mode 100644
index 00000000000..b706930b3ef
--- /dev/null
+++ b/pkgs/development/python-modules/fountains/default.nix
@@ -0,0 +1,30 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, bitlist
+}:
+
+buildPythonPackage rec {
+  pname = "fountains";
+  version = "0.2.1";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "0jk5y099g6ggaq5lwp0jlg4asyhcdxnl3him3ibmzc1k9nnknp30";
+  };
+
+  propagatedBuildInputs = [
+    bitlist
+  ];
+
+  # Project has no test
+  doCheck = false;
+  pythonImportsCheck = [ "fountains" ];
+
+  meta = with lib; {
+    description = "Python library for generating and embedding data for unit testing";
+    homepage = "https://github.com/reity/fountains";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index bd6cc68d213..65a8db8108e 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -2446,6 +2446,8 @@ in {
   foundationdb60 = callPackage ../servers/foundationdb/python.nix { foundationdb = pkgs.foundationdb60; };
   foundationdb61 = callPackage ../servers/foundationdb/python.nix { foundationdb = pkgs.foundationdb61; };
 
+  fountains = callPackage ../development/python-modules/fountains { };
+
   foxdot = callPackage ../development/python-modules/foxdot { };
 
   fpdf = callPackage ../development/python-modules/fpdf { };

From 10b1c7e54b97ae6053adf7346349d18644d8edfa Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Sat, 6 Mar 2021 21:48:17 +0100
Subject: [PATCH 33/51] python3Packages.parts: init at 1.0.2

---
 .../python-modules/parts/default.nix          | 25 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 ++
 2 files changed, 27 insertions(+)
 create mode 100644 pkgs/development/python-modules/parts/default.nix

diff --git a/pkgs/development/python-modules/parts/default.nix b/pkgs/development/python-modules/parts/default.nix
new file mode 100644
index 00000000000..1bf7f26adfd
--- /dev/null
+++ b/pkgs/development/python-modules/parts/default.nix
@@ -0,0 +1,25 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+}:
+
+buildPythonPackage rec {
+  pname = "parts";
+  version = "1.0.2";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1ym238hxwsw15ivvf6gzmkmla08b9hwhdyc3v6rs55wga9j3a4db";
+  };
+
+  # Project has no tests
+  doCheck = false;
+  pythonImportsCheck = [ "parts" ];
+
+  meta = with lib; {
+    description = "Python library for common list functions related to partitioning lists";
+    homepage = "https://github.com/lapets/parts";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 65a8db8108e..042590dff89 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -4751,6 +4751,8 @@ in {
 
   partd = callPackage ../development/python-modules/partd { };
 
+  parts = callPackage ../development/python-modules/parts { };
+
   parver = callPackage ../development/python-modules/parver { };
   arpeggio = callPackage ../development/python-modules/arpeggio { };
 

From 4e25873e92dc07b9d7ce3dfff4974c3bf04046ea Mon Sep 17 00:00:00 2001
From: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
Date: Sun, 21 Feb 2021 18:03:46 -0500
Subject: [PATCH 34/51] pythonPackages.awkward: 1.0.2 -> 1.1.2

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
---
 pkgs/development/python-modules/awkward/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/awkward/default.nix b/pkgs/development/python-modules/awkward/default.nix
index 298074f300d..a343306a5b9 100644
--- a/pkgs/development/python-modules/awkward/default.nix
+++ b/pkgs/development/python-modules/awkward/default.nix
@@ -10,11 +10,11 @@
 
 buildPythonPackage rec {
   pname = "awkward";
-  version = "1.0.2";
+  version = "1.1.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "3468cb80cab51252a1936e5e593c7df4588ea0e18dcb6fb31e3d2913ba883928";
+    sha256 = "4ae8371d9e6d5bd3e90f3686b433cebc0541c88072655d2c75ec58e79b5d6943";
   };
 
   nativeBuildInputs = [ cmake ];
@@ -25,6 +25,7 @@ buildPythonPackage rec {
 
   checkInputs = [ pytestCheckHook numba ];
   dontUseSetuptoolsCheck = true;
+  disabledTestPaths = [ "tests-cuda" ];
 
   meta = with lib; {
     description = "Manipulate JSON-like data with NumPy-like idioms";

From 41d3640e004e23744d9d01ba09995a9d53ed4963 Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Sat, 6 Mar 2021 23:14:12 +0100
Subject: [PATCH 35/51] python3Packages.scramp: 1.2.0 -> 1.2.2

---
 pkgs/development/python-modules/scramp/default.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/python-modules/scramp/default.nix b/pkgs/development/python-modules/scramp/default.nix
index 7beefa4e899..dc57461d549 100644
--- a/pkgs/development/python-modules/scramp/default.nix
+++ b/pkgs/development/python-modules/scramp/default.nix
@@ -1,16 +1,23 @@
-{ lib, buildPythonPackage, fetchFromGitHub, pytestCheckHook }:
+{ lib
+, asn1crypto
+, buildPythonPackage
+, fetchFromGitHub
+, pytestCheckHook
+}:
 
 buildPythonPackage rec {
   pname = "scramp";
-  version = "1.2.0";
+  version = "1.2.2";
 
   src = fetchFromGitHub {
     owner = "tlocke";
     repo = "scramp";
     rev = version;
-    sha256 = "15jb7z5l2lijxr60fb9v55i3f81h6d83c0b7fv5q0fv5q259nv0a";
+    sha256 = "sha256-d/kfrhvU96eH8TQX7n1hVRclEFWLseEvOxiR6VaOdrg=";
   };
 
+  propagatedBuildInputs = [ asn1crypto ];
+
   checkInputs = [ pytestCheckHook ];
 
   pythonImportsCheck = [ "scramp" ];

From 04208d2ffa148d607164aebcb53ce3037ce40cad Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Sat, 6 Mar 2021 23:33:01 +0100
Subject: [PATCH 36/51] python3Packages.pg8000: 1.17.0 -> 1.18.0

---
 pkgs/development/python-modules/pg8000/default.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/development/python-modules/pg8000/default.nix b/pkgs/development/python-modules/pg8000/default.nix
index ad51a80674b..3cf843b864c 100644
--- a/pkgs/development/python-modules/pg8000/default.nix
+++ b/pkgs/development/python-modules/pg8000/default.nix
@@ -1,19 +1,19 @@
 { lib
 , buildPythonPackage
 , fetchPypi
-, scramp
-, isPy3k
 , passlib
+, pythonOlder
+, scramp
 }:
 
 buildPythonPackage rec {
   pname = "pg8000";
-  version = "1.17.0";
-  disabled = !isPy3k;
+  version = "1.18.0";
+  disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-FBmMWv6yiRBuQO5uXkwFKcU2mTn2yliKAos3GnX+IN0=";
+    sha256 = "1nkjxf95ldda41mkmahbikhd1fvxai5lfjb4a5gyhialpz4g5fim";
   };
 
   propagatedBuildInputs = [ passlib scramp ];

From 3787cf2075c6b40f77f369f0701a49d97c6c4446 Mon Sep 17 00:00:00 2001
From: Maxine Aubrey <maxeaubrey@gmail.com>
Date: Sat, 6 Mar 2021 23:54:53 +0100
Subject: [PATCH 37/51] consul: 1.9.3 -> 1.9.4

---
 pkgs/servers/consul/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/servers/consul/default.nix b/pkgs/servers/consul/default.nix
index fb4372a1d89..cc00f4cf0ce 100644
--- a/pkgs/servers/consul/default.nix
+++ b/pkgs/servers/consul/default.nix
@@ -2,7 +2,7 @@
 
 buildGoModule rec {
   pname = "consul";
-  version = "1.9.3";
+  version = "1.9.4";
   rev = "v${version}";
 
   # Note: Currently only release tags are supported, because they have the Consul UI
@@ -17,7 +17,7 @@ buildGoModule rec {
     owner = "hashicorp";
     repo = pname;
     inherit rev;
-    sha256 = "sha256-/PjtLZtMSq/+S1mWe0oJ+dRCmCq0mlgvreL2awm0PcE=";
+    sha256 = "1ck55i8snpm583p21y1hac0w76wiwyjpgfxkzscd4whp2jnzhhif";
   };
 
   passthru.tests.consul = nixosTests.consul;
@@ -26,7 +26,7 @@ buildGoModule rec {
   # has a split module structure in one repo
   subPackages = ["." "connect/certgen"];
 
-  vendorSha256 = "sha256-eIW3xQgy2doirGwKGE6OFGgXtKs8LYx3sfsnIu8n5Hg=";
+  vendorSha256 = "0y744zpj49zvn5vqqb9wmfs1fs0lir71h2kcmhidmn9j132vg1bq";
 
   doCheck = false;
 

From ceb1e7d18a618b9f726b4cc2061c39ad03aed0a5 Mon Sep 17 00:00:00 2001
From: Ingo Blechschmidt <iblech@web.de>
Date: Sun, 7 Mar 2021 00:31:43 +0100
Subject: [PATCH 38/51] dsniff: 2.4b1+debian-29 -> 2.4b1+debian-30

---
 pkgs/tools/networking/dsniff/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/networking/dsniff/default.nix b/pkgs/tools/networking/dsniff/default.nix
index 3a8eab862cb..8e641ec83e7 100644
--- a/pkgs/tools/networking/dsniff/default.nix
+++ b/pkgs/tools/networking/dsniff/default.nix
@@ -53,8 +53,8 @@ in gcc9Stdenv.mkDerivation rec {
     domain = "salsa.debian.org";
     owner = "pkg-security-team";
     repo = "dsniff";
-    rev = "debian/${version}+debian-29";
-    sha256 = "10zz9krf65jsqvlcr72ycp5cd27xwr18jkc38zqp2i4j6x0caj2g";
+    rev = "debian/${version}+debian-30";
+    sha256 = "1fk2k0sfdp5g27i11g0sbzm7al52raz5yr1aibzssnysv7l9xgzh";
     name = "dsniff.tar.gz";
   };
 

From d59047a77430fa8705c2fb67795145f657923eff Mon Sep 17 00:00:00 2001
From: Ben Wolsieffer <benwolsieffer@gmail.com>
Date: Sat, 6 Mar 2021 19:01:30 -0500
Subject: [PATCH 39/51] python3Packages.pypugjs: 5.9.8 -> 5.9.9

---
 pkgs/development/python-modules/pypugjs/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/pypugjs/default.nix b/pkgs/development/python-modules/pypugjs/default.nix
index 4e2bf164a33..77ca912db6c 100644
--- a/pkgs/development/python-modules/pypugjs/default.nix
+++ b/pkgs/development/python-modules/pypugjs/default.nix
@@ -3,11 +3,11 @@
 
 buildPythonPackage rec {
   pname = "pypugjs";
-  version = "5.9.8";
+  version = "5.9.9";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1iy8k56rbslxcylhamdik2bd6gqqirrix55mrdn29zz9gl6vg1xi";
+    sha256 = "0s0a239940z6rsssa13yz6pfkjk4300j35hs7qysyz45f3ixq19j";
   };
 
   propagatedBuildInputs = [ six chardet ];

From b3c90695a9a23b893f22903c5b9c22f5ba9af3a8 Mon Sep 17 00:00:00 2001
From: Austin Butler <austinabutler@gmail.com>
Date: Sat, 6 Mar 2021 16:51:58 -0800
Subject: [PATCH 40/51] nomachine-client: 7.0.211 -> 7.2.3

---
 pkgs/tools/admin/nomachine-client/default.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/tools/admin/nomachine-client/default.nix b/pkgs/tools/admin/nomachine-client/default.nix
index c419c7e834a..fa5763178bd 100644
--- a/pkgs/tools/admin/nomachine-client/default.nix
+++ b/pkgs/tools/admin/nomachine-client/default.nix
@@ -1,10 +1,10 @@
 { lib, stdenv, file, fetchurl, makeWrapper,
   autoPatchelfHook, jsoncpp, libpulseaudio }:
 let
-  versionMajor = "7.0";
-  versionMinor = "211";
-  versionBuild_x86_64 = "4";
-  versionBuild_i686 = "4";
+  versionMajor = "7.2";
+  versionMinor = "3";
+  versionBuild_x86_64 = "8";
+  versionBuild_i686 = "8";
 in
   stdenv.mkDerivation rec {
     pname = "nomachine-client";
@@ -14,12 +14,12 @@ in
       if stdenv.hostPlatform.system == "x86_64-linux" then
         fetchurl {
           url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_${versionBuild_x86_64}_x86_64.tar.gz";
-          sha256 = "06habqsl5gp13sym519r3qp188qwqqfw8p48wcs4zj3kcri6fjz0";
+          sha256 = "1x60vmngq4927qvy6ljmyvwlz5lapilld3495w3y3jdllwd3dxp4";
         }
       else if stdenv.hostPlatform.system == "i686-linux" then
         fetchurl {
           url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_${versionBuild_i686}_i686.tar.gz";
-          sha256 = "1y4lr95mwilwr7gqsxqvygq4w3dcp4cjh8m06wdi3avwdzrjkgj9";
+          sha256 = "0dx921g6w3gk0x4p771qqxbbi16vl11hmdzzwhfczrq90pgzrhks";
         }
       else
         throw "NoMachine client is not supported on ${stdenv.hostPlatform.system}";

From 725f331cc8b1d3b762b1adeadf2ee2044f5b69c6 Mon Sep 17 00:00:00 2001
From: Demyan Rogozhin <Demyan.Rogozhin@gmail.com>
Date: Sun, 7 Mar 2021 01:58:04 +0100
Subject: [PATCH 41/51] particl-core: 0.19.2.3 -> 0.19.2.5

---
 pkgs/applications/blockchains/particl/particl-core.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/blockchains/particl/particl-core.nix b/pkgs/applications/blockchains/particl/particl-core.nix
index feced9eecb0..99bc49e8db3 100644
--- a/pkgs/applications/blockchains/particl/particl-core.nix
+++ b/pkgs/applications/blockchains/particl/particl-core.nix
@@ -17,11 +17,11 @@ with lib;
 
 stdenv.mkDerivation rec {
   pname = "particl-core";
-  version = "0.19.2.3";
+  version = "0.19.2.5";
 
   src = fetchurl {
     url = "https://github.com/particl/particl-core/archive/v${version}.tar.gz";
-    sha256 = "sha256-nAsQvYWUejSu/4MMIwZhlV5Gjza/Da4jcp6/01lppvg=";
+    sha256 = "sha256-uI4T8h6RvCikk8h/sZmGlj3Uj3Xhu0vDn/fPb6rLcSg=";
   };
 
   nativeBuildInputs = [ pkg-config autoreconfHook ];

From 6303d139fc09122613108f8eb0996441429fe2ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sun, 7 Mar 2021 02:58:01 +0100
Subject: [PATCH 42/51] pythonPackages.cairosvg: 2.5.1 -> 2.5.2

---
 .../python-modules/cairosvg/default.nix       | 35 ++++++++++++++-----
 1 file changed, 27 insertions(+), 8 deletions(-)

diff --git a/pkgs/development/python-modules/cairosvg/default.nix b/pkgs/development/python-modules/cairosvg/default.nix
index 0244f772be1..58b8c267306 100644
--- a/pkgs/development/python-modules/cairosvg/default.nix
+++ b/pkgs/development/python-modules/cairosvg/default.nix
@@ -1,25 +1,44 @@
-{ lib, buildPythonPackage, fetchPypi, isPy3k, fetchpatch
-, cairocffi, cssselect2, defusedxml, pillow, tinycss2
-, pytest, pytestrunner, pytestcov, pytest-flake8, pytest-isort }:
+{ lib
+, buildPythonPackage
+, fetchPypi
+, isPy3k
+, cairocffi
+, cssselect2
+, defusedxml
+, pillow
+, tinycss2
+, pytestCheckHook
+, pytest-runner
+, pytest-flake8
+, pytest-isort
+}:
 
 buildPythonPackage rec {
   pname = "CairoSVG";
-  version = "2.5.1";
-
+  version = "2.5.2";
   disabled = !isPy3k;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "bfa0deea7fa0b9b2f29e41b747a915c249dbca731a4667c2917e47ff96e773e0";
+    sha256 = "sha256-sLmSnPXboAUXjXRqgDb88AJVUPSYylTbYYczIjhHg7w=";
   };
 
+  buildInputs = [ pytest-runner ];
+
   propagatedBuildInputs = [ cairocffi cssselect2 defusedxml pillow tinycss2 ];
 
-  checkInputs = [ pytest pytestrunner pytestcov pytest-flake8 pytest-isort ];
+  checkInputs = [ pytestCheckHook pytest-flake8 pytest-isort ];
+
+  pytestFlagsArray = [
+    "cairosvg/test_api.py"
+  ];
+
+  pythonImportsCheck = [ "cairosvg" ];
 
   meta = with lib; {
     homepage = "https://cairosvg.org";
-    license = licenses.lgpl3;
+    license = licenses.lgpl3Plus;
     description = "SVG converter based on Cairo";
+    maintainers = with maintainers; [ SuperSandro2000 ];
   };
 }

From fa2bf8e38e9ad75f7bfd9953974196fc41980ef7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sun, 7 Mar 2021 02:58:56 +0100
Subject: [PATCH 43/51] pythonPackages.celery: add missing requirement

---
 pkgs/development/python-modules/celery/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/celery/default.nix b/pkgs/development/python-modules/celery/default.nix
index e1fb0b98ea0..f0fe81f85e2 100644
--- a/pkgs/development/python-modules/celery/default.nix
+++ b/pkgs/development/python-modules/celery/default.nix
@@ -1,5 +1,5 @@
 { lib, buildPythonPackage, fetchPypi
-, billiard, click, click-didyoumean, click-repl, kombu, pytz, vine
+, billiard, click, click-didyoumean, click-plugins, click-repl, kombu, pytz, vine
 , boto3, case, moto, pytest, pytest-celery, pytest-subtests, pytest-timeout
 }:
 
@@ -17,7 +17,7 @@ buildPythonPackage rec {
       --replace "moto==1.3.7" moto
   '';
 
-  propagatedBuildInputs = [ billiard click click-didyoumean click-repl kombu pytz vine ];
+  propagatedBuildInputs = [ billiard click click-didyoumean click-plugins click-repl kombu pytz vine ];
 
   checkInputs = [ boto3 case moto pytest pytest-celery pytest-subtests pytest-timeout ];
 
@@ -38,5 +38,6 @@ buildPythonPackage rec {
     homepage = "https://github.com/celery/celery/";
     description = "Distributed task queue";
     license = licenses.bsd3;
+    maintainers = [ ];
   };
 }

From 9c43942caf1e3cb496cf50325bc128d4c0ce740d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sun, 7 Mar 2021 03:13:51 +0100
Subject: [PATCH 44/51] mirage: remove unused input

---
 .../networking/instant-messengers/mirage/default.nix            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/networking/instant-messengers/mirage/default.nix b/pkgs/applications/networking/instant-messengers/mirage/default.nix
index 3b6b9bfc6f9..42ea1c52fa9 100644
--- a/pkgs/applications/networking/instant-messengers/mirage/default.nix
+++ b/pkgs/applications/networking/instant-messengers/mirage/default.nix
@@ -1,6 +1,6 @@
 { lib, stdenv, mkDerivation, fetchFromGitHub
 , qmake, pkg-config, olm, wrapQtAppsHook
-, qtbase, qtquickcontrols2, qtkeychain, qtmultimedia, qttools, qtgraphicaleffects
+, qtbase, qtquickcontrols2, qtkeychain, qtmultimedia, qtgraphicaleffects
 , python3Packages, pyotherside, libXScrnSaver
 }:
 

From 0218a3a1d54870440889aa06f5ab8ccf1e0e9a97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sun, 7 Mar 2021 03:14:35 +0100
Subject: [PATCH 45/51] pythonPackages.flower: fix broken

---
 pkgs/development/python-modules/flower/default.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/python-modules/flower/default.nix b/pkgs/development/python-modules/flower/default.nix
index 09368552966..3662116bc2a 100644
--- a/pkgs/development/python-modules/flower/default.nix
+++ b/pkgs/development/python-modules/flower/default.nix
@@ -35,11 +35,13 @@ buildPythonPackage rec {
 
   checkInputs = [ mock ];
 
+  pythonImportsCheck = [ "flower" ];
+
   meta = with lib; {
     description = "Celery Flower";
     homepage = "https://github.com/mher/flower";
     license = licenses.bsdOriginal;
     maintainers = [ maintainers.arnoldfarkas ];
-    broken = (celery.version == "5.0.2"); # currently broken with celery>=5.0 by https://github.com/mher/flower/pull/1021
+    broken = (celery.version >= "5.0.2"); # currently broken with celery>=5.0 by https://github.com/mher/flower/pull/1021
   };
 }

From fc750b2000a1cfb31cc4cf2a409f16f243d2f9c0 Mon Sep 17 00:00:00 2001
From: Yurii Matsiuk <ymatsiuk@users.noreply.github.com>
Date: Wed, 13 Jan 2021 13:44:22 +0100
Subject: [PATCH 46/51] kubernetes: 1.19.5 -> 1.20.4

---
 .../networking/cluster/kubernetes/default.nix             | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix
index d4ec9cf5ef3..184f36c69f7 100644
--- a/pkgs/applications/networking/cluster/kubernetes/default.nix
+++ b/pkgs/applications/networking/cluster/kubernetes/default.nix
@@ -20,13 +20,13 @@
 
 stdenv.mkDerivation rec {
   pname = "kubernetes";
-  version = "1.19.5";
+  version = "1.20.4";
 
   src = fetchFromGitHub {
     owner = "kubernetes";
     repo = "kubernetes";
     rev = "v${version}";
-    sha256 = "15bv620fj4x731f2z2a9dcdss18rk379kc40g49bpqsdn42jjx2z";
+    sha256 = "0nni351ya688dphdkpyq94p3wjw2kigg85kmalwdpv5wpz1abl5g";
   };
 
   nativeBuildInputs = [ removeReferencesTo makeWrapper which go rsync installShellFiles ];
@@ -53,7 +53,7 @@ stdenv.mkDerivation rec {
 
   postBuild = ''
     ./hack/update-generated-docs.sh
-    (cd build/pause && cc pause.c -o pause)
+    (cd build/pause/linux && cc pause.c -o pause)
   '';
 
   installPhase = ''
@@ -61,7 +61,7 @@ stdenv.mkDerivation rec {
       install -D _output/local/go/bin/''${p##*/} -t $out/bin
     done
 
-    install -D build/pause/pause -t $pause/bin
+    install -D build/pause/linux/pause -t $pause/bin
     installManPage docs/man/man1/*.[1-9]
 
     cp cluster/addons/addon-manager/kube-addons.sh $out/bin/kube-addons

From 7da62867be079bb5f6412fb12a76dbb68f9bad4b Mon Sep 17 00:00:00 2001
From: Yurii Matsiuk <ymatsiuk@users.noreply.github.com>
Date: Wed, 13 Jan 2021 20:10:04 +0100
Subject: [PATCH 47/51] nixos/kubernetes: adapt module and test cases to fit
 kubernetes v1.20.X as well as coredns v1.7.X

---
 .../cluster/kubernetes/addons/dns.nix         |  7 ++-
 .../services/cluster/kubernetes/apiserver.nix | 44 ++++++++++++++++---
 .../services/cluster/kubernetes/kubelet.nix   | 16 ++++++-
 .../services/cluster/kubernetes/pki.nix       |  1 +
 .../networking/cluster/kubernetes/default.nix | 11 ++++-
 .../fixup-addonmanager-lib-path.patch         | 23 ++++++++++
 6 files changed, 89 insertions(+), 13 deletions(-)
 create mode 100644 pkgs/applications/networking/cluster/kubernetes/fixup-addonmanager-lib-path.patch

diff --git a/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixos/modules/services/cluster/kubernetes/addons/dns.nix
index f12e866930d..24d86628b21 100644
--- a/nixos/modules/services/cluster/kubernetes/addons/dns.nix
+++ b/nixos/modules/services/cluster/kubernetes/addons/dns.nix
@@ -3,7 +3,7 @@
 with lib;
 
 let
-  version = "1.6.4";
+  version = "1.7.1";
   cfg = config.services.kubernetes.addons.dns;
   ports = {
     dns = 10053;
@@ -55,9 +55,9 @@ in {
       type = types.attrs;
       default = {
         imageName = "coredns/coredns";
-        imageDigest = "sha256:493ee88e1a92abebac67cbd4b5658b4730e0f33512461442d8d9214ea6734a9b";
+        imageDigest = "sha256:4a6e0769130686518325b21b0c1d0688b54e7c79244d48e1b15634e98e40c6ef";
         finalImageTag = version;
-        sha256 = "0fm9zdjavpf5hni8g7fkdd3csjbhd7n7py7llxjc66sbii087028";
+        sha256 = "02r440xcdsgi137k5lmmvp0z5w5fmk8g9mysq5pnysq1wl8sj6mw";
       };
     };
   };
@@ -156,7 +156,6 @@ in {
             health :${toString ports.health}
             kubernetes ${cfg.clusterDomain} in-addr.arpa ip6.arpa {
               pods insecure
-              upstream
               fallthrough in-addr.arpa ip6.arpa
             }
             prometheus :${toString ports.metrics}
diff --git a/nixos/modules/services/cluster/kubernetes/apiserver.nix b/nixos/modules/services/cluster/kubernetes/apiserver.nix
index 95bdb4c0d14..616389dfaac 100644
--- a/nixos/modules/services/cluster/kubernetes/apiserver.nix
+++ b/nixos/modules/services/cluster/kubernetes/apiserver.nix
@@ -238,14 +238,42 @@ in
       type = int;
     };
 
+    apiAudiences = mkOption {
+      description = ''
+        Kubernetes apiserver ServiceAccount issuer.
+      '';
+      default = "api,https://kubernetes.default.svc";
+      type = str;
+    };
+
+    serviceAccountIssuer = mkOption {
+      description = ''
+        Kubernetes apiserver ServiceAccount issuer.
+      '';
+      default = "https://kubernetes.default.svc";
+      type = str;
+    };
+
+    serviceAccountSigningKeyFile = mkOption {
+      description = ''
+        Path to the file that contains the current private key of the service
+        account token issuer. The issuer will sign issued ID tokens with this
+        private key.
+      '';
+      default = top.serviceAccountSigningKeyFile;
+      type = path;
+    };
+
     serviceAccountKeyFile = mkOption {
       description = ''
-        Kubernetes apiserver PEM-encoded x509 RSA private or public key file,
-        used to verify ServiceAccount tokens. By default tls private key file
-        is used.
+        File containing PEM-encoded x509 RSA or ECDSA private or public keys,
+        used to verify ServiceAccount tokens. The specified file can contain
+        multiple keys, and the flag can be specified multiple times with
+        different files. If unspecified, --tls-private-key-file is used.
+        Must be specified when --service-account-signing-key is provided
       '';
-      default = null;
-      type = nullOr path;
+      default = top.serviceAccountKeyFile;
+      type = path;
     };
 
     serviceClusterIpRange = mkOption {
@@ -357,8 +385,10 @@ in
               ${optionalString (cfg.runtimeConfig != "")
                 "--runtime-config=${cfg.runtimeConfig}"} \
               --secure-port=${toString cfg.securePort} \
-              ${optionalString (cfg.serviceAccountKeyFile!=null)
-                "--service-account-key-file=${cfg.serviceAccountKeyFile}"} \
+              --api-audiences=${toString cfg.apiAudiences} \
+              --service-account-issuer=${toString cfg.serviceAccountIssuer} \
+              --service-account-signing-key-file=${cfg.serviceAccountSigningKeyFile} \
+              --service-account-key-file=${cfg.serviceAccountKeyFile} \
               --service-cluster-ip-range=${cfg.serviceClusterIpRange} \
               --storage-backend=${cfg.storageBackend} \
               ${optionalString (cfg.tlsCertFile != null)
diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix
index 479027f1b27..4da6efca535 100644
--- a/nixos/modules/services/cluster/kubernetes/kubelet.nix
+++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix
@@ -125,6 +125,18 @@ in
       };
     };
 
+    containerRuntime = mkOption {
+      description = "Which container runtime type to use";
+      type = enum ["docker" "remote"];
+      default = "remote";
+    };
+
+    containerRuntimeEndpoint = mkOption {
+      description = "Endpoint at which to find the container runtime api interface/socket";
+      type = str;
+      default = "unix:///var/run/docker/containerd/containerd.sock";
+    };
+
     enable = mkEnableOption "Kubernetes kubelet.";
 
     extraOpts = mkOption {
@@ -240,7 +252,7 @@ in
       systemd.services.kubelet = {
         description = "Kubernetes Kubelet Service";
         wantedBy = [ "kubernetes.target" ];
-        after = [ "network.target" "docker.service" "kube-apiserver.service" ];
+        after = [ "network.target" "kube-apiserver.service" "sockets.target" ];
         path = with pkgs; [
           gitMinimal
           openssh
@@ -306,6 +318,8 @@ in
             ${optionalString (cfg.tlsKeyFile != null)
               "--tls-private-key-file=${cfg.tlsKeyFile}"} \
             ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
+            --container-runtime=${cfg.containerRuntime} \
+            --container-runtime-endpoint=${cfg.containerRuntimeEndpoint} \
             ${cfg.extraOpts}
           '';
           WorkingDirectory = top.dataDir;
diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix
index 933ae481e96..8de6a3ba0d8 100644
--- a/nixos/modules/services/cluster/kubernetes/pki.nix
+++ b/nixos/modules/services/cluster/kubernetes/pki.nix
@@ -361,6 +361,7 @@ in
           tlsCertFile = mkDefault cert;
           tlsKeyFile = mkDefault key;
           serviceAccountKeyFile = mkDefault cfg.certs.serviceAccount.cert;
+          serviceAccountSigningKeyFile = mkDefault cfg.certs.serviceAccount.key;
           kubeletClientCaFile = mkDefault caCert;
           kubeletClientCertFile = mkDefault cfg.certs.apiserverKubeletClient.cert;
           kubeletClientKeyFile = mkDefault cfg.certs.apiserverKubeletClient.key;
diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix
index 184f36c69f7..cb669615f63 100644
--- a/pkgs/applications/networking/cluster/kubernetes/default.nix
+++ b/pkgs/applications/networking/cluster/kubernetes/default.nix
@@ -33,6 +33,8 @@ stdenv.mkDerivation rec {
 
   outputs = [ "out" "man" "pause" ];
 
+  patches = [ ./fixup-addonmanager-lib-path.patch ];
+
   postPatch = ''
     # go env breaks the sandbox
     substituteInPlace "hack/lib/golang.sh" \
@@ -64,10 +66,17 @@ stdenv.mkDerivation rec {
     install -D build/pause/linux/pause -t $pause/bin
     installManPage docs/man/man1/*.[1-9]
 
-    cp cluster/addons/addon-manager/kube-addons.sh $out/bin/kube-addons
+    # Unfortunately, kube-addons-main.sh only looks for the lib file in either the current working dir
+    # or in /opt. We have to patch this for now.
+    substitute cluster/addons/addon-manager/kube-addons-main.sh $out/bin/kube-addons \
+      --subst-var out
+
+    chmod +x $out/bin/kube-addons
     patchShebangs $out/bin/kube-addons
     wrapProgram $out/bin/kube-addons --set "KUBECTL_BIN" "$out/bin/kubectl"
 
+    cp cluster/addons/addon-manager/kube-addons.sh $out/bin/kube-addons-lib.sh
+
     cp ${./mk-docker-opts.sh} $out/bin/mk-docker-opts.sh
 
     for tool in kubeadm kubectl; do
diff --git a/pkgs/applications/networking/cluster/kubernetes/fixup-addonmanager-lib-path.patch b/pkgs/applications/networking/cluster/kubernetes/fixup-addonmanager-lib-path.patch
new file mode 100644
index 00000000000..ef2904bdcfe
--- /dev/null
+++ b/pkgs/applications/networking/cluster/kubernetes/fixup-addonmanager-lib-path.patch
@@ -0,0 +1,23 @@
+diff --git a/cluster/addons/addon-manager/kube-addons-main.sh b/cluster/addons/addon-manager/kube-addons-main.sh
+index 849973470d1..e4fef30eaea 100755
+--- a/cluster/addons/addon-manager/kube-addons-main.sh
++++ b/cluster/addons/addon-manager/kube-addons-main.sh
+@@ -17,17 +17,7 @@
+ # Import required functions. The addon manager is installed to /opt in
+ # production use (see the Dockerfile)
+ # Disabling shellcheck following files as the full path would be required.
+-if [ -f "kube-addons.sh" ]; then
+-  # shellcheck disable=SC1091
+-  source "kube-addons.sh"
+-elif [ -f "/opt/kube-addons.sh" ]; then
+-  # shellcheck disable=SC1091
+-  source "/opt/kube-addons.sh"
+-else
+-  # If the required source is missing, we have to fail.
+-  log ERR "== Could not find kube-addons.sh (not in working directory or /opt) at $(date -Is) =="
+-  exit 1
+-fi
++source "@out@/bin/kube-addons-lib.sh"
+ 
+ # The business logic for whether a given object should be created
+ # was already enforced by salt, and /etc/kubernetes/addons is the

From 7b5c38e97384257a03ec29e9eec56e2a46a07816 Mon Sep 17 00:00:00 2001
From: Johan Thomsen <jth@dbc.dk>
Date: Thu, 25 Feb 2021 16:00:59 +0100
Subject: [PATCH 48/51] nixos/kubernetes: docker -> containerd

also, nixos/containerd: module init
---
 nixos/doc/manual/release-notes/rl-2105.xml    |   9 ++
 nixos/modules/module-list.nix                 |   1 +
 .../services/cluster/kubernetes/apiserver.nix |   2 -
 .../services/cluster/kubernetes/default.nix   |  33 +++--
 .../services/cluster/kubernetes/flannel.nix   |  40 +------
 .../services/cluster/kubernetes/kubelet.nix   |  27 +++--
 nixos/modules/services/networking/flannel.nix |   6 +-
 nixos/modules/virtualisation/containerd.nix   |  60 ++++++++++
 nixos/tests/kubernetes/dns.nix                |  15 ++-
 nixos/tests/kubernetes/rbac.nix               |   6 +-
 .../networking/cluster/kubernetes/default.nix |   2 -
 .../cluster/kubernetes/mk-docker-opts.sh      | 113 ------------------
 12 files changed, 129 insertions(+), 185 deletions(-)
 create mode 100644 nixos/modules/virtualisation/containerd.nix
 delete mode 100755 pkgs/applications/networking/cluster/kubernetes/mk-docker-opts.sh

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 0666b4300ec..2f87869fbe3 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -788,6 +788,15 @@ self: super:
      and use Maturin as their build tool.
     </para>
    </listitem>
+   <listitem>
+    <para>
+     Kubernetes has <link xlink:href="https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/">deprecated docker</link> as container runtime.
+     As a consequence, the Kubernetes module now has support for configuration of custom remote container runtimes and enables containerd by default.
+     Note that containerd is more strict regarding container image OCI-compliance.
+     As an example, images with CMD or ENTRYPOINT defined as strings (not lists) will fail on containerd, while working fine on docker.
+     Please test your setup and container images with containerd prior to upgrading.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 </section>
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index f91c21ad5cb..9bb81d085c9 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1053,6 +1053,7 @@
   ./testing/service-runner.nix
   ./virtualisation/anbox.nix
   ./virtualisation/container-config.nix
+  ./virtualisation/containerd.nix
   ./virtualisation/containers.nix
   ./virtualisation/nixos-containers.nix
   ./virtualisation/oci-containers.nix
diff --git a/nixos/modules/services/cluster/kubernetes/apiserver.nix b/nixos/modules/services/cluster/kubernetes/apiserver.nix
index 616389dfaac..a5b13215476 100644
--- a/nixos/modules/services/cluster/kubernetes/apiserver.nix
+++ b/nixos/modules/services/cluster/kubernetes/apiserver.nix
@@ -260,7 +260,6 @@ in
         account token issuer. The issuer will sign issued ID tokens with this
         private key.
       '';
-      default = top.serviceAccountSigningKeyFile;
       type = path;
     };
 
@@ -272,7 +271,6 @@ in
         different files. If unspecified, --tls-private-key-file is used.
         Must be specified when --service-account-signing-key is provided
       '';
-      default = top.serviceAccountKeyFile;
       type = path;
     };
 
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
index 3a11a6513a4..19edc338bba 100644
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -5,6 +5,29 @@ with lib;
 let
   cfg = config.services.kubernetes;
 
+  defaultContainerdConfigFile = pkgs.writeText "containerd.toml" ''
+    version = 2
+    root = "/var/lib/containerd/daemon"
+    state = "/var/run/containerd/daemon"
+    oom_score = 0
+
+    [grpc]
+      address = "/var/run/containerd/containerd.sock"
+
+    [plugins."io.containerd.grpc.v1.cri"]
+      sandbox_image = "pause:latest"
+
+    [plugins."io.containerd.grpc.v1.cri".cni]
+      bin_dir = "/opt/cni/bin"
+      max_conf_num = 0
+
+    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+      runtime_type = "io.containerd.runc.v2"
+
+    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes."io.containerd.runc.v2".options]
+      SystemdCgroup = true
+  '';
+
   mkKubeConfig = name: conf: pkgs.writeText "${name}-kubeconfig" (builtins.toJSON {
     apiVersion = "v1";
     kind = "Config";
@@ -222,14 +245,9 @@ in {
     })
 
     (mkIf cfg.kubelet.enable {
-      virtualisation.docker = {
+      virtualisation.containerd = {
         enable = mkDefault true;
-
-        # kubernetes needs access to logs
-        logDriver = mkDefault "json-file";
-
-        # iptables must be disabled for kubernetes
-        extraOptions = "--iptables=false --ip-masq=false";
+        configFile = mkDefault defaultContainerdConfigFile;
       };
     })
 
@@ -269,7 +287,6 @@ in {
       users.users.kubernetes = {
         uid = config.ids.uids.kubernetes;
         description = "Kubernetes user";
-        extraGroups = [ "docker" ];
         group = "kubernetes";
         home = cfg.dataDir;
         createHome = true;
diff --git a/nixos/modules/services/cluster/kubernetes/flannel.nix b/nixos/modules/services/cluster/kubernetes/flannel.nix
index 548ffed1ddb..3f55719027f 100644
--- a/nixos/modules/services/cluster/kubernetes/flannel.nix
+++ b/nixos/modules/services/cluster/kubernetes/flannel.nix
@@ -8,16 +8,6 @@ let
 
   # we want flannel to use kubernetes itself as configuration backend, not direct etcd
   storageBackend = "kubernetes";
-
-  # needed for flannel to pass options to docker
-  mkDockerOpts = pkgs.runCommand "mk-docker-opts" {
-    buildInputs = [ pkgs.makeWrapper ];
-  } ''
-    mkdir -p $out
-
-    # bashInteractive needed for `compgen`
-    makeWrapper ${pkgs.bashInteractive}/bin/bash $out/mk-docker-opts --add-flags "${pkgs.kubernetes}/bin/mk-docker-opts.sh"
-  '';
 in
 {
   ###### interface
@@ -43,43 +33,17 @@ in
         cniVersion = "0.3.1";
         delegate = {
           isDefaultGateway = true;
-          bridge = "docker0";
+          bridge = "mynet";
         };
       }];
     };
 
-    systemd.services.mk-docker-opts = {
-      description = "Pre-Docker Actions";
-      path = with pkgs; [ gawk gnugrep ];
-      script = ''
-        ${mkDockerOpts}/mk-docker-opts -d /run/flannel/docker
-        systemctl restart docker
-      '';
-      serviceConfig.Type = "oneshot";
-    };
-
-    systemd.paths.flannel-subnet-env = {
-      wantedBy = [ "flannel.service" ];
-      pathConfig = {
-        PathModified = "/run/flannel/subnet.env";
-        Unit = "mk-docker-opts.service";
-      };
-    };
-
-    systemd.services.docker = {
-      environment.DOCKER_OPTS = "-b none";
-      serviceConfig.EnvironmentFile = "-/run/flannel/docker";
-    };
-
-    # read environment variables generated by mk-docker-opts
-    virtualisation.docker.extraOptions = "$DOCKER_OPTS";
-
     networking = {
       firewall.allowedUDPPorts = [
         8285  # flannel udp
         8472  # flannel vxlan
       ];
-      dhcpcd.denyInterfaces = [ "docker*" "flannel*" ];
+      dhcpcd.denyInterfaces = [ "mynet*" "flannel*" ];
     };
 
     services.kubernetes.pki.certs = {
diff --git a/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixos/modules/services/cluster/kubernetes/kubelet.nix
index 4da6efca535..ef6da26a024 100644
--- a/nixos/modules/services/cluster/kubernetes/kubelet.nix
+++ b/nixos/modules/services/cluster/kubernetes/kubelet.nix
@@ -23,7 +23,7 @@ let
     name = "pause";
     tag = "latest";
     contents = top.package.pause;
-    config.Cmd = "/bin/pause";
+    config.Cmd = ["/bin/pause"];
   };
 
   kubeconfig = top.lib.mkKubeConfig "kubelet" cfg.kubeconfig;
@@ -134,7 +134,7 @@ in
     containerRuntimeEndpoint = mkOption {
       description = "Endpoint at which to find the container runtime api interface/socket";
       type = str;
-      default = "unix:///var/run/docker/containerd/containerd.sock";
+      default = "unix:///var/run/containerd/containerd.sock";
     };
 
     enable = mkEnableOption "Kubernetes kubelet.";
@@ -247,16 +247,24 @@ in
   ###### implementation
   config = mkMerge [
     (mkIf cfg.enable {
+
+      environment.etc."cni/net.d".source = cniConfig;
+
       services.kubernetes.kubelet.seedDockerImages = [infraContainer];
 
+      boot.kernel.sysctl = {
+        "net.bridge.bridge-nf-call-iptables"  = 1;
+        "net.ipv4.ip_forward"                 = 1;
+        "net.bridge.bridge-nf-call-ip6tables" = 1;
+      };
+
       systemd.services.kubelet = {
         description = "Kubernetes Kubelet Service";
         wantedBy = [ "kubernetes.target" ];
-        after = [ "network.target" "kube-apiserver.service" "sockets.target" ];
+        after = [ "containerd.service" "network.target" "kube-apiserver.service" ];
         path = with pkgs; [
           gitMinimal
           openssh
-          docker
           util-linux
           iproute
           ethtool
@@ -266,8 +274,12 @@ in
         ] ++ lib.optional config.boot.zfs.enabled config.boot.zfs.package ++ top.path;
         preStart = ''
           ${concatMapStrings (img: ''
-            echo "Seeding docker image: ${img}"
-            docker load <${img}
+            echo "Seeding container image: ${img}"
+            ${if (lib.hasSuffix "gz" img) then
+              ''${pkgs.gzip}/bin/zcat "${img}" | ${pkgs.containerd}/bin/ctr -n k8s.io image import -''
+            else
+              ''${pkgs.coreutils}/bin/cat "${img}" | ${pkgs.containerd}/bin/ctr -n k8s.io image import -''
+            }
           '') cfg.seedDockerImages}
 
           rm /opt/cni/bin/* || true
@@ -320,6 +332,7 @@ in
             ${optionalString (cfg.verbosity != null) "--v=${toString cfg.verbosity}"} \
             --container-runtime=${cfg.containerRuntime} \
             --container-runtime-endpoint=${cfg.containerRuntimeEndpoint} \
+            --cgroup-driver=systemd \
             ${cfg.extraOpts}
           '';
           WorkingDirectory = top.dataDir;
@@ -329,7 +342,7 @@ in
       # Allways include cni plugins
       services.kubernetes.kubelet.cni.packages = [pkgs.cni-plugins];
 
-      boot.kernelModules = ["br_netfilter"];
+      boot.kernelModules = ["br_netfilter" "overlay"];
 
       services.kubernetes.kubelet.hostname = with config.networking;
         mkDefault (hostName + optionalString (domain != null) ".${domain}");
diff --git a/nixos/modules/services/networking/flannel.nix b/nixos/modules/services/networking/flannel.nix
index 4c040112d28..32a7eb3ed69 100644
--- a/nixos/modules/services/networking/flannel.nix
+++ b/nixos/modules/services/networking/flannel.nix
@@ -162,10 +162,7 @@ in {
         NODE_NAME = cfg.nodeName;
       };
       path = [ pkgs.iptables ];
-      preStart = ''
-        mkdir -p /run/flannel
-        touch /run/flannel/docker
-      '' + optionalString (cfg.storageBackend == "etcd") ''
+      preStart = optionalString (cfg.storageBackend == "etcd") ''
         echo "setting network configuration"
         until ${pkgs.etcdctl}/bin/etcdctl set /coreos.com/network/config '${builtins.toJSON networkConfig}'
         do
@@ -177,6 +174,7 @@ in {
         ExecStart = "${cfg.package}/bin/flannel";
         Restart = "always";
         RestartSec = "10s";
+        RuntimeDirectory = "flannel";
       };
     };
 
diff --git a/nixos/modules/virtualisation/containerd.nix b/nixos/modules/virtualisation/containerd.nix
new file mode 100644
index 00000000000..194276d1695
--- /dev/null
+++ b/nixos/modules/virtualisation/containerd.nix
@@ -0,0 +1,60 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.virtualisation.containerd;
+  containerdConfigChecked = pkgs.runCommand "containerd-config-checked.toml" { nativeBuildInputs = [pkgs.containerd]; } ''
+    containerd -c ${cfg.configFile} config dump >/dev/null
+    ln -s ${cfg.configFile} $out
+  '';
+in
+{
+
+  options.virtualisation.containerd = with lib.types; {
+    enable = lib.mkEnableOption "containerd container runtime";
+
+    configFile = lib.mkOption {
+      default = null;
+      description = "path to containerd config file";
+      type = nullOr path;
+    };
+
+    args = lib.mkOption {
+      default = {};
+      description = "extra args to append to the containerd cmdline";
+      type = attrsOf str;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.containerd.args.config = lib.mkIf (cfg.configFile != null) (toString containerdConfigChecked);
+
+    environment.systemPackages = [pkgs.containerd];
+
+    systemd.services.containerd = {
+      description = "containerd - container runtime";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      path = with pkgs; [
+        containerd
+        runc
+        iptables
+      ];
+      serviceConfig = {
+        ExecStart = ''${pkgs.containerd}/bin/containerd ${lib.concatStringsSep " " (lib.cli.toGNUCommandLine {} cfg.args)}'';
+        Delegate = "yes";
+        KillMode = "process";
+        Type = "notify";
+        Restart = "always";
+        RestartSec = "5";
+        StartLimitBurst = "8";
+        StartLimitIntervalSec = "120s";
+
+        # "limits" defined below are adopted from upstream: https://github.com/containerd/containerd/blob/master/containerd.service
+        LimitNPROC = "infinity";
+        LimitCORE = "infinity";
+        LimitNOFILE = "infinity";
+        TasksMax = "infinity";
+        OOMScoreAdjust = "-999";
+      };
+    };
+  };
+}
diff --git a/nixos/tests/kubernetes/dns.nix b/nixos/tests/kubernetes/dns.nix
index 890499a0fb8..b6cd811c5ae 100644
--- a/nixos/tests/kubernetes/dns.nix
+++ b/nixos/tests/kubernetes/dns.nix
@@ -34,7 +34,7 @@ let
     name = "redis";
     tag = "latest";
     contents = [ pkgs.redis pkgs.bind.host ];
-    config.Entrypoint = "/bin/redis-server";
+    config.Entrypoint = ["/bin/redis-server"];
   };
 
   probePod = pkgs.writeText "probe-pod.json" (builtins.toJSON {
@@ -55,12 +55,11 @@ let
     name = "probe";
     tag = "latest";
     contents = [ pkgs.bind.host pkgs.busybox ];
-    config.Entrypoint = "/bin/tail";
+    config.Entrypoint = ["/bin/tail"];
   };
 
-  extraConfiguration = { config, pkgs, ... }: {
+  extraConfiguration = { config, pkgs, lib, ... }: {
     environment.systemPackages = [ pkgs.bind.host ];
-    # virtualisation.docker.extraOptions = "--dns=${config.services.kubernetes.addons.dns.clusterIp}";
     services.dnsmasq.enable = true;
     services.dnsmasq.servers = [
       "/cluster.local/${config.services.kubernetes.addons.dns.clusterIp}#53"
@@ -77,7 +76,7 @@ let
       # prepare machine1 for test
       machine1.wait_until_succeeds("kubectl get node machine1.${domain} | grep -w Ready")
       machine1.wait_until_succeeds(
-          "docker load < ${redisImage}"
+          "${pkgs.gzip}/bin/zcat ${redisImage} | ${pkgs.containerd}/bin/ctr -n k8s.io image import -"
       )
       machine1.wait_until_succeeds(
           "kubectl create -f ${redisPod}"
@@ -86,7 +85,7 @@ let
           "kubectl create -f ${redisService}"
       )
       machine1.wait_until_succeeds(
-          "docker load < ${probeImage}"
+          "${pkgs.gzip}/bin/zcat ${probeImage} | ${pkgs.containerd}/bin/ctr -n k8s.io image import -"
       )
       machine1.wait_until_succeeds(
           "kubectl create -f ${probePod}"
@@ -118,7 +117,7 @@ let
       # prepare machines for test
       machine1.wait_until_succeeds("kubectl get node machine2.${domain} | grep -w Ready")
       machine2.wait_until_succeeds(
-          "docker load < ${redisImage}"
+          "${pkgs.gzip}/bin/zcat ${redisImage} | ${pkgs.containerd}/bin/ctr -n k8s.io image import -"
       )
       machine1.wait_until_succeeds(
           "kubectl create -f ${redisPod}"
@@ -127,7 +126,7 @@ let
           "kubectl create -f ${redisService}"
       )
       machine2.wait_until_succeeds(
-          "docker load < ${probeImage}"
+          "${pkgs.gzip}/bin/zcat ${probeImage} | ${pkgs.containerd}/bin/ctr -n k8s.io image import -"
       )
       machine1.wait_until_succeeds(
           "kubectl create -f ${probePod}"
diff --git a/nixos/tests/kubernetes/rbac.nix b/nixos/tests/kubernetes/rbac.nix
index c922da515d9..3fc8ed0fbe3 100644
--- a/nixos/tests/kubernetes/rbac.nix
+++ b/nixos/tests/kubernetes/rbac.nix
@@ -85,7 +85,7 @@ let
     name = "kubectl";
     tag = "latest";
     contents = [ kubectl pkgs.busybox kubectlPod2 ];
-    config.Entrypoint = "/bin/sh";
+    config.Entrypoint = ["/bin/sh"];
   };
 
   base = {
@@ -97,7 +97,7 @@ let
       machine1.wait_until_succeeds("kubectl get node machine1.my.zyx | grep -w Ready")
 
       machine1.wait_until_succeeds(
-          "docker load < ${kubectlImage}"
+          "${pkgs.gzip}/bin/zcat ${kubectlImage} | ${pkgs.containerd}/bin/ctr -n k8s.io image import -"
       )
 
       machine1.wait_until_succeeds(
@@ -134,7 +134,7 @@ let
       machine1.wait_until_succeeds("kubectl get node machine2.my.zyx | grep -w Ready")
 
       machine2.wait_until_succeeds(
-          "docker load < ${kubectlImage}"
+          "${pkgs.gzip}/bin/zcat ${kubectlImage} | ${pkgs.containerd}/bin/ctr -n k8s.io image import -"
       )
 
       machine1.wait_until_succeeds(
diff --git a/pkgs/applications/networking/cluster/kubernetes/default.nix b/pkgs/applications/networking/cluster/kubernetes/default.nix
index cb669615f63..c218e1b492b 100644
--- a/pkgs/applications/networking/cluster/kubernetes/default.nix
+++ b/pkgs/applications/networking/cluster/kubernetes/default.nix
@@ -77,8 +77,6 @@ stdenv.mkDerivation rec {
 
     cp cluster/addons/addon-manager/kube-addons.sh $out/bin/kube-addons-lib.sh
 
-    cp ${./mk-docker-opts.sh} $out/bin/mk-docker-opts.sh
-
     for tool in kubeadm kubectl; do
       installShellCompletion --cmd $tool \
         --bash <($out/bin/$tool completion bash) \
diff --git a/pkgs/applications/networking/cluster/kubernetes/mk-docker-opts.sh b/pkgs/applications/networking/cluster/kubernetes/mk-docker-opts.sh
deleted file mode 100755
index 22a459f5134..00000000000
--- a/pkgs/applications/networking/cluster/kubernetes/mk-docker-opts.sh
+++ /dev/null
@@ -1,113 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright 2014 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Generate Docker daemon options based on flannel env file.
-
-# exit on any error
-set -e
-
-usage() {
-  echo "$0 [-f FLANNEL-ENV-FILE] [-d DOCKER-ENV-FILE] [-i] [-c] [-m] [-k COMBINED-KEY]
-
-Generate Docker daemon options based on flannel env file
-OPTIONS:
-    -f  Path to flannel env file. Defaults to /run/flannel/subnet.env
-    -d  Path to Docker env file to write to. Defaults to /run/docker_opts.env
-    -i  Output each Docker option as individual var. e.g. DOCKER_OPT_MTU=1500
-    -c  Output combined Docker options into DOCKER_OPTS var
-    -k  Set the combined options key to this value (default DOCKER_OPTS=)
-    -m  Do not output --ip-masq (useful for older Docker version)
-" >/dev/stderr
-  exit 1
-}
-
-flannel_env="/run/flannel/subnet.env"
-docker_env="/run/docker_opts.env"
-combined_opts_key="DOCKER_OPTS"
-indiv_opts=false
-combined_opts=false
-ipmasq=true
-val=""
-
-while getopts "f:d:icmk:" opt; do
-  case $opt in
-    f)
-      flannel_env=$OPTARG
-      ;;
-    d)
-      docker_env=$OPTARG
-      ;;
-    i)
-      indiv_opts=true
-      ;;
-    c)
-      combined_opts=true
-      ;;
-    m)
-      ipmasq=false
-      ;;
-    k)
-      combined_opts_key=$OPTARG
-      ;;
-    \?)
-      usage
-      ;;
-  esac
-done
-
-if [[ $indiv_opts = false ]] && [[ $combined_opts = false ]]; then
-  indiv_opts=true
-  combined_opts=true
-fi
-
-if [[ -f "${flannel_env}" ]]; then
-  source "${flannel_env}"
-fi
-
-if [[ -n "$FLANNEL_SUBNET" ]]; then
-  # shellcheck disable=SC2034  # Variable name referenced in OPT_LOOP below
-  DOCKER_OPT_BIP="--bip=$FLANNEL_SUBNET"
-fi
-
-if [[ -n "$FLANNEL_MTU" ]]; then
-  # shellcheck disable=SC2034  # Variable name referenced in OPT_LOOP below
-  DOCKER_OPT_MTU="--mtu=$FLANNEL_MTU"
-fi
-
-if [[ "$FLANNEL_IPMASQ" = true ]] && [[ $ipmasq = true ]]; then
-  # shellcheck disable=SC2034  # Variable name referenced in OPT_LOOP below
-  DOCKER_OPT_IPMASQ="--ip-masq=false"
-fi
-
-eval docker_opts="\$${combined_opts_key}"
-docker_opts+=" "
-
-echo -n "" >"${docker_env}"
-
-# OPT_LOOP
-for opt in $(compgen -v DOCKER_OPT_); do
-  eval val=\$"${opt}"
-
-  if [[ "$indiv_opts" = true ]]; then
-    echo "$opt=\"$val\"" >>"${docker_env}"
-  fi
-
-  docker_opts+="$val "
-done
-
-if [[ "$combined_opts" = true ]]; then
-  echo "${combined_opts_key}=\"${docker_opts}\"" >>"${docker_env}"
-fi

From b79b4ab4cb5c57453f82175cbbd41a15b028f0d5 Mon Sep 17 00:00:00 2001
From: Masanori Ogino <167209+omasanori@users.noreply.github.com>
Date: Sun, 7 Mar 2021 12:24:15 +0900
Subject: [PATCH 49/51] kramdown-rfc2629: 1.2.13 -> 1.3.37

Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
---
 pkgs/tools/text/kramdown-rfc2629/Gemfile.lock |  4 +++-
 pkgs/tools/text/kramdown-rfc2629/gemset.nix   | 16 +++++++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/pkgs/tools/text/kramdown-rfc2629/Gemfile.lock b/pkgs/tools/text/kramdown-rfc2629/Gemfile.lock
index b50dc2fdbca..feab5cddf99 100644
--- a/pkgs/tools/text/kramdown-rfc2629/Gemfile.lock
+++ b/pkgs/tools/text/kramdown-rfc2629/Gemfile.lock
@@ -2,9 +2,11 @@ GEM
   remote: https://rubygems.org/
   specs:
     certified (1.0.0)
+    json_pure (2.5.1)
     kramdown (1.17.0)
-    kramdown-rfc2629 (1.2.13)
+    kramdown-rfc2629 (1.3.37)
       certified (~> 1.0)
+      json_pure (~> 2.0)
       kramdown (~> 1.17.0)
 
 PLATFORMS
diff --git a/pkgs/tools/text/kramdown-rfc2629/gemset.nix b/pkgs/tools/text/kramdown-rfc2629/gemset.nix
index bf0cf130c42..f0b6c39a359 100644
--- a/pkgs/tools/text/kramdown-rfc2629/gemset.nix
+++ b/pkgs/tools/text/kramdown-rfc2629/gemset.nix
@@ -9,6 +9,16 @@
     };
     version = "1.0.0";
   };
+  json_pure = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "030hmc268wchqsccbjk41hvbyg99krpa72i3q0y3wwqzfh8hi736";
+      type = "gem";
+    };
+    version = "2.5.1";
+  };
   kramdown = {
     groups = ["default"];
     platforms = [];
@@ -20,14 +30,14 @@
     version = "1.17.0";
   };
   kramdown-rfc2629 = {
-    dependencies = ["certified" "kramdown"];
+    dependencies = ["certified" "json_pure" "kramdown"];
     groups = ["default"];
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0s53m46qlcdakik0czvx0p41mk46l9l36331cps8gpf364wf3l9d";
+      sha256 = "16m08q5bgib3i54bb9p3inrxb1xksiybs9zj1rnncq492gcqqv4j";
       type = "gem";
     };
-    version = "1.2.13";
+    version = "1.3.37";
   };
 }

From f003d2c9cecdb55e720967bc3d13931ef9145fc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <Mic92@users.noreply.github.com>
Date: Sun, 7 Mar 2021 03:35:30 +0000
Subject: [PATCH 50/51] drone-runner-exec: init at unstable-2020-04-19
 (#115003)

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
---
 .../drone-runner-exec/default.nix             | 26 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 ++
 2 files changed, 28 insertions(+)
 create mode 100644 pkgs/development/tools/continuous-integration/drone-runner-exec/default.nix

diff --git a/pkgs/development/tools/continuous-integration/drone-runner-exec/default.nix b/pkgs/development/tools/continuous-integration/drone-runner-exec/default.nix
new file mode 100644
index 00000000000..373c6183725
--- /dev/null
+++ b/pkgs/development/tools/continuous-integration/drone-runner-exec/default.nix
@@ -0,0 +1,26 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "drone-runner-exec";
+  version = "unstable-2020-04-19";
+
+  src = fetchFromGitHub {
+    owner = "drone-runners";
+    repo = "drone-runner-exec";
+    rev = "c0a612ef2bdfdc6d261dfbbbb005c887a0c3668d";
+    sha256 = "sha256-0UIJwpC5Y2TQqyZf6C6neICYBZdLQBWAZ8/K1l6KVRs=";
+  };
+
+  vendorSha256 = "sha256-ypYuQKxRhRQGX1HtaWt6F6BD9vBpD8AJwx/4esLrJsw=";
+
+  meta = with lib; {
+    description = "Drone pipeline runner that executes builds directly on the host machine";
+    homepage = "https://github.com/drone-runners/drone-runner-exec";
+    # https://polyformproject.org/licenses/small-business/1.0.0/
+    license = licenses.unfree;
+    maintainers = with maintainers; [ mic92 ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 1cb21e4866a..4de12459f07 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3782,6 +3782,8 @@ in
 
   drone-cli = callPackage ../development/tools/continuous-integration/drone-cli { };
 
+  drone-runner-exec = callPackage ../development/tools/continuous-integration/drone-runner-exec { };
+
   dropbear = callPackage ../tools/networking/dropbear { };
 
   dsview = libsForQt5.callPackage ../applications/science/electronics/dsview { };

From 5a7d2375290d7f9be63a71381564196c640ee579 Mon Sep 17 00:00:00 2001
From: Zhaofeng Li <hello@zhaofeng.li>
Date: Sat, 6 Mar 2021 18:49:14 -0800
Subject: [PATCH 51/51] dpt-rp1-py: unstable-2018-10-16 -> 0.1.12

---
 pkgs/tools/misc/dpt-rp1-py/default.nix | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/pkgs/tools/misc/dpt-rp1-py/default.nix b/pkgs/tools/misc/dpt-rp1-py/default.nix
index 69b689fb824..cf3a9a42406 100644
--- a/pkgs/tools/misc/dpt-rp1-py/default.nix
+++ b/pkgs/tools/misc/dpt-rp1-py/default.nix
@@ -1,22 +1,27 @@
 { lib, python3Packages, fetchFromGitHub }:
 python3Packages.buildPythonApplication rec {
   pname = "dpt-rp1-py";
-  version = "unstable-2018-10-16";
+  version = "0.1.12";
 
   src = fetchFromGitHub {
     owner = "janten";
     repo = pname;
-    rev = "4551b4432f8470de5f2ad9171105f731a6259395";
-    sha256 = "176y5j31aci1vpi8v6r5ki55432fbdsazh9bsyzr90im9zimkffl";
+    rev = "v${version}";
+    sha256 = "0xw853s5bx2lr57w6ldfjzi1ppc6px66zd7hzk8y2kg82q6bnasq";
   };
 
   doCheck = false;
 
   propagatedBuildInputs = with python3Packages; [
+    anytree
+    fusepy
     httpsig
-    requests
     pbkdf2
+    pyyaml
+    requests
+    tqdm
     urllib3
+    zeroconf
   ];
 
   meta = with lib; {