diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix index 97accc7b99a..2be9da8f42a 100644 --- a/nixos/modules/hardware/video/nvidia.nix +++ b/nixos/modules/hardware/video/nvidia.nix @@ -92,7 +92,7 @@ in example = "PCI:4:0:0"; description = '' Bus ID of the AMD APU. You can find it using lspci; for example if lspci - shows the AMD APU at "04:00.0", set this option to "PCI:4:0:0". + shows the AMD APU at "04:00.0", set this option to "PCI:4:0:0". ''; }; @@ -159,7 +159,7 @@ in description = '' The NVIDIA X11 derivation to use. ''; - example = "config.boot.kernelPackages.nvidiaPackages.legacy340"; + example = "config.boot.kernelPackages.nvidiaPackages.legacy_340"; }; }; diff --git a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix index 5d1bfe4ec40..536d394b3fd 100644 --- a/nixos/modules/services/continuous-integration/jenkins/job-builder.nix +++ b/nixos/modules/services/continuous-integration/jenkins/job-builder.nix @@ -165,6 +165,42 @@ in { ''; in '' + joinByString() + { + local separator="$1" + shift + local first="$1" + shift + printf "%s" "$first" "''${@/#/$separator}" + } + + # Map a relative directory path in the output from + # jenkins-job-builder (jobname) to the layout expected by jenkins: + # each directory level gets prepended "jobs/". + getJenkinsJobDir() + { + IFS='/' read -ra input_dirs <<< "$1" + printf "jobs/" + joinByString "/jobs/" "''${input_dirs[@]}" + } + + # The inverse of getJenkinsJobDir (remove the "jobs/" prefixes) + getJobname() + { + IFS='/' read -ra input_dirs <<< "$1" + local i=0 + local nelem=''${#input_dirs[@]} + for e in "''${input_dirs[@]}"; do + if [ $((i % 2)) -eq 1 ]; then + printf "$e" + if [ $i -lt $(( nelem - 1 )) ]; then + printf "/" + fi + fi + i=$((i + 1)) + done + } + rm -rf ${jobBuilderOutputDir} cur_decl_jobs=/run/jenkins-job-builder/declarative-jobs rm -f "$cur_decl_jobs" @@ -172,27 +208,27 @@ in { # Create / update jobs mkdir -p ${jobBuilderOutputDir} for inputFile in ${yamlJobsFile} ${concatStringsSep " " jsonJobsFiles}; do - HOME="${jenkinsCfg.home}" "${pkgs.jenkins-job-builder}/bin/jenkins-jobs" --ignore-cache test -o "${jobBuilderOutputDir}" "$inputFile" + HOME="${jenkinsCfg.home}" "${pkgs.jenkins-job-builder}/bin/jenkins-jobs" --ignore-cache test --config-xml -o "${jobBuilderOutputDir}" "$inputFile" done - for file in "${jobBuilderOutputDir}/"*; do - test -f "$file" || continue - jobname="$(basename $file)" - jobdir="${jenkinsCfg.home}/jobs/$jobname" + find "${jobBuilderOutputDir}" -type f -name config.xml | while read -r f; do echo "$(dirname "$f")"; done | sort | while read -r dir; do + jobname="$(realpath --relative-to="${jobBuilderOutputDir}" "$dir")" + jenkinsjobname=$(getJenkinsJobDir "$jobname") + jenkinsjobdir="${jenkinsCfg.home}/$jenkinsjobname" echo "Creating / updating job \"$jobname\"" - mkdir -p "$jobdir" - touch "$jobdir/${ownerStamp}" - cp "$file" "$jobdir/config.xml" - echo "$jobname" >> "$cur_decl_jobs" + mkdir -p "$jenkinsjobdir" + touch "$jenkinsjobdir/${ownerStamp}" + cp "$dir"/config.xml "$jenkinsjobdir/config.xml" + echo "$jenkinsjobname" >> "$cur_decl_jobs" done # Remove stale jobs - for file in "${jenkinsCfg.home}"/jobs/*/${ownerStamp}; do - test -f "$file" || continue - jobdir="$(dirname $file)" - jobname="$(basename "$jobdir")" - grep --quiet --line-regexp "$jobname" "$cur_decl_jobs" 2>/dev/null && continue + find "${jenkinsCfg.home}" -type f -name "${ownerStamp}" | while read -r f; do echo "$(dirname "$f")"; done | sort --reverse | while read -r dir; do + jenkinsjobname="$(realpath --relative-to="${jenkinsCfg.home}" "$dir")" + grep --quiet --line-regexp "$jenkinsjobname" "$cur_decl_jobs" 2>/dev/null && continue + jobname=$(getJobname "$jenkinsjobname") echo "Deleting stale job \"$jobname\"" + jobdir="${jenkinsCfg.home}/$jenkinsjobname" rm -rf "$jobdir" done '' + (if cfg.accessUser != "" then reloadScript else ""); diff --git a/nixos/tests/custom-ca.nix b/nixos/tests/custom-ca.nix index 7ce1101911d..26f29a3e68f 100644 --- a/nixos/tests/custom-ca.nix +++ b/nixos/tests/custom-ca.nix @@ -107,8 +107,15 @@ in ''; }; - environment.systemPackages = with pkgs; - [ xdotool firefox chromium falkon midori ]; + environment.systemPackages = with pkgs; [ + xdotool + # Firefox was disabled here, because we needed to disable p11-kit support in nss, + # which is why it will not use the system certificate store for the time being. + # firefox + chromium + falkon + midori + ]; }; testScript = '' @@ -145,7 +152,14 @@ in with subtest("Unknown CA is untrusted in curl"): machine.fail("curl -fv https://bad.example.com") - browsers = ["firefox", "chromium", "falkon", "midori"] + browsers = [ + # Firefox was disabled here, because we needed to disable p11-kit support in nss, + # which is why it will not use the system certificate store for the time being. + # "firefox", + "chromium", + "falkon", + "midori" + ] errors = ["Security Risk", "not private", "Certificate Error", "Security"] machine.wait_for_x() diff --git a/nixos/tests/jenkins.nix b/nixos/tests/jenkins.nix index 5898adab759..cb4207c6e77 100644 --- a/nixos/tests/jenkins.nix +++ b/nixos/tests/jenkins.nix @@ -2,6 +2,7 @@ # 1. jenkins service starts on master node # 2. jenkins user can be extended on both master and slave # 3. jenkins service not started on slave node +# 4. declarative jobs can be added and removed import ./make-test-python.nix ({ pkgs, ...} : { name = "jenkins"; @@ -13,7 +14,45 @@ import ./make-test-python.nix ({ pkgs, ...} : { master = { ... }: - { services.jenkins.enable = true; + { services.jenkins = { + enable = true; + jobBuilder = { + enable = true; + nixJobs = [ + { job = { + name = "job-1"; + builders = [ + { shell = '' + echo "Running job-1" + ''; + } + ]; + }; + } + + { job = { + name = "folder-1"; + project-type = "folder"; + }; + } + + { job = { + name = "folder-1/job-2"; + builders = [ + { shell = '' + echo "Running job-2" + ''; + } + ]; + }; + } + ]; + }; + }; + + specialisation.noJenkinsJobs.configuration = { + services.jenkins.jobBuilder.nixJobs = pkgs.lib.mkForce []; + }; # should have no effect services.jenkinsSlave.enable = true; @@ -32,7 +71,12 @@ import ./make-test-python.nix ({ pkgs, ...} : { }; - testScript = '' + testScript = { nodes, ... }: + let + configWithoutJobs = "${nodes.master.config.system.build.toplevel}/specialisation/noJenkinsJobs"; + jenkinsPort = nodes.master.config.services.jenkins.port; + jenkinsUrl = "http://localhost:${toString jenkinsPort}"; + in '' start_all() master.wait_for_unit("jenkins") @@ -45,5 +89,42 @@ import ./make-test-python.nix ({ pkgs, ...} : { assert "users" in groups slave.fail("systemctl is-enabled jenkins.service") + + with subtest("jobs are declarative"): + # Check that jobs are created on disk. + master.wait_for_unit("jenkins-job-builder") + master.wait_until_fails("systemctl is-active jenkins-job-builder") + master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/job-1/config.xml") + master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/config.xml") + master.wait_until_succeeds("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml") + + # Wait until jenkins is ready, reload configuration and verify it also + # sees the jobs. + master.succeed("curl --fail ${jenkinsUrl}/cli") + master.succeed("curl ${jenkinsUrl}/jnlpJars/jenkins-cli.jar -O") + master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) reload-configuration") + out = master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs") + jobs = [x.strip() for x in out.splitlines()] + # Seeing jobs inside folders requires the Folders plugin + # (https://plugins.jenkins.io/cloudbees-folder/), which we don't have + # in this vanilla jenkins install, so limit ourself to non-folder jobs. + assert jobs == ['job-1'], f"jobs != ['job-1']: {jobs}" + + master.succeed( + "${configWithoutJobs}/bin/switch-to-configuration test >&2" + ) + + # Check that jobs are removed from disk. + master.wait_for_unit("jenkins-job-builder") + master.wait_until_fails("systemctl is-active jenkins-job-builder") + master.wait_until_fails("test -f /var/lib/jenkins/jobs/job-1/config.xml") + master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/config.xml") + master.wait_until_fails("test -f /var/lib/jenkins/jobs/folder-1/jobs/job-2/config.xml") + + # Reload jenkins' configuration and verify it also sees the jobs as removed. + master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) reload-configuration") + out = master.succeed("${pkgs.jre}/bin/java -jar jenkins-cli.jar -s ${jenkinsUrl} -auth admin:$(cat /var/lib/jenkins/secrets/initialAdminPassword) list-jobs") + jobs = [x.strip() for x in out.splitlines()] + assert jobs == [], f"jobs != []: {jobs}" ''; }) diff --git a/nixos/tests/kernel-generic.nix b/nixos/tests/kernel-generic.nix index a300609cf2b..cb23bb2fc2d 100644 --- a/nixos/tests/kernel-generic.nix +++ b/nixos/tests/kernel-generic.nix @@ -31,7 +31,6 @@ with pkgs; { linux_4_19 = makeKernelTest "4.19" linuxPackages_4_19; linux_5_4 = makeKernelTest "5.4" linuxPackages_5_4; linux_5_10 = makeKernelTest "5.10" linuxPackages_5_10; - linux_5_11 = makeKernelTest "5.11" linuxPackages_5_11; linux_5_12 = makeKernelTest "5.12" linuxPackages_5_12; linux_testing = makeKernelTest "testing" linuxPackages_testing; diff --git a/pkgs/applications/backup/vorta/default.nix b/pkgs/applications/backup/vorta/default.nix index fc56d6c5400..4cb21e5267d 100644 --- a/pkgs/applications/backup/vorta/default.nix +++ b/pkgs/applications/backup/vorta/default.nix @@ -7,13 +7,13 @@ python3.pkgs.buildPythonApplication rec { pname = "vorta"; - version = "0.7.5"; + version = "0.7.6"; src = fetchFromGitHub { owner = "borgbase"; repo = "vorta"; rev = "v${version}"; - sha256 = "sha256-qPO8qmXYDDFwV+8hAUyfF4Ins0vkwEJbw4JPguUSYOw="; + sha256 = "sha256-bzhabRVgl1eLTS4KtFkn4xw2KDTZJyFU6zCJdHW5IGE="; }; postPatch = '' diff --git a/pkgs/applications/graphics/ImageMagick/6.x.nix b/pkgs/applications/graphics/ImageMagick/6.x.nix index 79fdacfaadb..7d345e8dba1 100644 --- a/pkgs/applications/graphics/ImageMagick/6.x.nix +++ b/pkgs/applications/graphics/ImageMagick/6.x.nix @@ -16,13 +16,13 @@ in stdenv.mkDerivation rec { pname = "imagemagick"; - version = "6.9.12-12"; + version = "6.9.12-14"; src = fetchFromGitHub { owner = "ImageMagick"; repo = "ImageMagick6"; rev = version; - sha256 = "sha256-yqMYuayQjPlTqi3+CtwP5CdsAGud/fHR0I2LwUPIq00="; + sha256 = "sha256-RK6N4koHVAqol16QXLFWUgI6N5Rph2QCIHxmDFs3Jfk="; }; outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big diff --git a/pkgs/applications/misc/bemenu/default.nix b/pkgs/applications/misc/bemenu/default.nix index c61b8b60101..371bb3a3ef9 100644 --- a/pkgs/applications/misc/bemenu/default.nix +++ b/pkgs/applications/misc/bemenu/default.nix @@ -11,13 +11,13 @@ assert x11Support -> xorg != null; stdenv.mkDerivation rec { pname = "bemenu"; - version = "0.6.0"; + version = "0.6.2"; src = fetchFromGitHub { owner = "Cloudef"; repo = pname; rev = version; - sha256 = "sha256-yhUc1r7HulOUQvH7fLXaoJa0mKxJwyC3y59pnJcHUpk="; + sha256 = "sha256-2xmi/Mh5iU50yc2R1x1yzP8Xaz+mUgLnH73tAeLwxI8="; }; nativeBuildInputs = [ pkg-config pcre ]; diff --git a/pkgs/applications/misc/blender/default.nix b/pkgs/applications/misc/blender/default.nix index cf5ede1c7fe..305ab891713 100644 --- a/pkgs/applications/misc/blender/default.nix +++ b/pkgs/applications/misc/blender/default.nix @@ -12,7 +12,7 @@ , pugixml, llvmPackages, SDL, Cocoa, CoreGraphics, ForceFeedback, OpenAL, OpenGL , potrace , openxr-loader -, embree, gmp +, embree, gmp, libharu }: with lib; @@ -48,6 +48,7 @@ stdenv.mkDerivation rec { gmp pugixml potrace + libharu ] ++ (if (!stdenv.isDarwin) then [ libXi libX11 libXext libXrender diff --git a/pkgs/applications/networking/browsers/chromium/browser.nix b/pkgs/applications/networking/browsers/chromium/browser.nix index dcac873b849..cc443764447 100644 --- a/pkgs/applications/networking/browsers/chromium/browser.nix +++ b/pkgs/applications/networking/browsers/chromium/browser.nix @@ -62,6 +62,8 @@ mkChromiumDerivation (base: rec { -e '/\[Desktop Entry\]/a\' \ -e 'StartupWMClass=chromium-browser' \ $out/share/applications/chromium-browser.desktop + '' + lib.optionalString (channel == "dev") '' + cp -v "$buildPath/crashpad_handler" "$libExecPath/" ''; passthru = { inherit sandboxExecutableName; }; diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix index 7e95da747d1..57cac091912 100644 --- a/pkgs/applications/networking/browsers/chromium/common.nix +++ b/pkgs/applications/networking/browsers/chromium/common.nix @@ -54,9 +54,9 @@ let # source tree. extraAttrs = buildFun base; - githubPatch = commit: sha256: fetchpatch { + githubPatch = { commit, sha256, revert ? false }: fetchpatch { url = "https://github.com/chromium/chromium/commit/${commit}.patch"; - inherit sha256; + inherit sha256 revert; }; mkGnFlags = @@ -166,6 +166,14 @@ let # Fix the build by adding a missing dependency (s. https://crbug.com/1197837): ./patches/fix-missing-atspi2-dependency.patch ./patches/closure_compiler-Use-the-Java-binary-from-the-system.patch + ] ++ lib.optionals (chromiumVersionAtLeast "93") [ + # We need to revert this patch to build M93 with LLVM 12. + (githubPatch { + # Reland "Replace 'blacklist' with 'ignorelist' in ./tools/msan/." + commit = "9d080c0934b848ee4a05013c78641e612fcc1e03"; + sha256 = "1bxdhxmiy6h4acq26lq43x2mxx6rawmfmlgsh5j7w8kyhkw5af0c"; + revert = true; + }) ]; postPatch = '' diff --git a/pkgs/applications/networking/browsers/chromium/get-commit-message.py b/pkgs/applications/networking/browsers/chromium/get-commit-message.py index e14e3642643..2768e31bd03 100755 --- a/pkgs/applications/networking/browsers/chromium/get-commit-message.py +++ b/pkgs/applications/networking/browsers/chromium/get-commit-message.py @@ -27,7 +27,7 @@ for entry in feed.entries: print('\n' + url) if fixes := re.search(r'This update includes .+ security fixes\.', content): fixes = html_tags.sub('', fixes.group(0)) - zero_days = re.search(r'Google is aware of reports that .+ in the wild\.', content) + zero_days = re.search(r'Google is aware( of reports)? that .+ in the wild\.', content) if zero_days: fixes += " " + zero_days.group(0) print('\n' + '\n'.join(textwrap.wrap(fixes, width=72))) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index ab0afd9b54e..5d888fc0649 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -1,8 +1,8 @@ { "stable": { - "version": "91.0.4472.77", - "sha256": "0c8vj3gq3nmb7ssiwj6875g0a8hcprss1a4gqw9h7llqywza9ma5", - "sha256bin64": "0caf47xam5igdnbhipal1iyicnxxvadhi61k199rwysrvyv5sdad", + "version": "91.0.4472.101", + "sha256": "1d3y621iclkq6nvxrapk5aihv50x13hjha0c2gcp2xxfma96253q", + "sha256bin64": "12j5q5b9v0jpiznjnh89831w8lv399vd1z4ljhbsnsidbsygrbr1", "deps": { "gn": { "version": "2021-04-06", @@ -18,22 +18,22 @@ } }, "beta": { - "version": "91.0.4472.69", - "sha256": "0yqc7py5x48wqg5x90j57vp07qfc20w1j0f30rmyxbgl6v346s0z", - "sha256bin64": "1z82i6pq4wbx44d6ij32dkappywdpaxlfp23kl3p7x4x9hv1c0yq", + "version": "92.0.4515.40", + "sha256": "1v0vmnzdqq7d2rqp1sam8nk7z20xg5l9lnlpqjxj30y8k37gzh8p", + "sha256bin64": "0i3plysx51n2gsm5vbf9666rz73pqbbns7v09wznbbncvw9zngrf", "deps": { "gn": { - "version": "2021-04-06", + "version": "2021-05-07", "url": "https://gn.googlesource.com/gn", - "rev": "dba01723a441c358d843a575cb7720d54ddcdf92", - "sha256": "199xkks67qrn0xa5fhp24waq2vk8qb78a96cb3kdd8v1hgacgb8x" + "rev": "39a87c0b36310bdf06b692c098f199a0d97fc810", + "sha256": "0x63jr5hssm9dl6la4q5ahy669k4gxvbapqxi5w32vv107jrj8v4" } } }, "dev": { - "version": "92.0.4512.4", - "sha256": "0ycwr11bz2hlzczs6cajxn5k32m44ndhmqh86iykcbi982dj7jq2", - "sha256bin64": "0wv29rghcbin725qbl8cq20j8w5mlcjmjaqdcr73m753dv3jv8rq", + "version": "93.0.4535.3", + "sha256": "19iy4p59n0pg9s39g614y4yxh5f6h86bcp471qdnm6fvzmzcxd18", + "sha256bin64": "16q9s8l20bmr2n0y3pi505l5hbhbmpi8kh47aylj5gzk1nr30a8r", "deps": { "gn": { "version": "2021-05-07", diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix index 62e641280b6..51a671cb198 100644 --- a/pkgs/applications/networking/browsers/firefox/common.nix +++ b/pkgs/applications/networking/browsers/firefox/common.nix @@ -122,7 +122,9 @@ let then overrideCC stdenv llvmPackages.clangUseLLVM else stdenv; - nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss; + # Disable p11-kit support in nss until our cacert packages has caught up exposing CKA_NSS_MOZILLA_CA_POLICY + # https://github.com/NixOS/nixpkgs/issues/126065 + nss_pkg = if lib.versionOlder ffversion "83" then nss_3_53 else nss.override { useP11kit = false; }; # --enable-release adds -ffunction-sections & LTO that require a big amount of # RAM and the 32-bit memory space cannot handle that linking diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix index 793e8688a5f..13becfc4f62 100644 --- a/pkgs/applications/networking/browsers/firefox/wrapper.nix +++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix @@ -303,10 +303,6 @@ let ln -sLt $out/lib/mozilla/pkcs11-modules $ext/lib/mozilla/pkcs11-modules/* done - # For manpages, in case the program supplies them - mkdir -p $out/nix-support - echo ${browser} > $out/nix-support/propagated-user-env-packages - ######################### # # diff --git a/pkgs/applications/networking/browsers/palemoon/default.nix b/pkgs/applications/networking/browsers/palemoon/default.nix index 63f1958f4a6..e1352c9f336 100644 --- a/pkgs/applications/networking/browsers/palemoon/default.nix +++ b/pkgs/applications/networking/browsers/palemoon/default.nix @@ -1,6 +1,3 @@ -# Compiler in stdenv MUST be a supported one for official branding -# See https://developer.palemoon.org/build/linux/ -# TODO assert if stdenv.cc is supported? { stdenv , lib , fetchFromGitHub @@ -37,6 +34,15 @@ , gtk3 }: +# Only specific GCC versions are supported with branding +# https://developer.palemoon.org/build/linux/ +assert stdenv.cc.isGNU; +assert with lib.strings; ( + versionAtLeast stdenv.cc.version "4.9" + && !hasPrefix "6" stdenv.cc.version + && versionOlder stdenv.cc.version "11" +); + let libPath = lib.makeLibraryPath [ ffmpeg @@ -46,14 +52,14 @@ let in stdenv.mkDerivation rec { pname = "palemoon"; - version = "29.2.0"; + version = "29.2.1"; src = fetchFromGitHub { githubBase = "repo.palemoon.org"; owner = "MoonchildProductions"; repo = "Pale-Moon"; rev = "${version}_Release"; - sha256 = "0pa9j41bbfarwi60a6hxi5vpn52mwgr4p05l98acv4fcs1ccb427"; + sha256 = "0djjl79jrnny16p32db5w7pwwv0a24dc8mg1s1bnavhlvmmk52vq"; fetchSubmodules = true; }; @@ -142,7 +148,6 @@ stdenv.mkDerivation rec { ac_add_options --enable-jemalloc ac_add_options --enable-strip ac_add_options --enable-devtools - # Missing from build instructions, https://forum.palemoon.org/viewtopic.php?f=5&t=25843#p214767 ac_add_options --enable-av1 ac_add_options --disable-eme @@ -188,7 +193,7 @@ stdenv.mkDerivation rec { ./mach install # Fix missing icon due to wrong WMClass - # TODO report upstream + # https://forum.palemoon.org/viewtopic.php?f=3&t=26746&p=214221#p214221 substituteInPlace ./palemoon/branding/official/palemoon.desktop \ --replace 'StartupWMClass="pale moon"' 'StartupWMClass=Pale moon' desktop-file-install --dir=$out/share/applications \ @@ -202,7 +207,7 @@ stdenv.mkDerivation rec { done # Remove unneeded SDK data from installation - # TODO: move to a separate output? + # https://forum.palemoon.org/viewtopic.php?f=37&t=26796&p=214676#p214729 rm -rf $out/{include,share/idl,lib/palemoon-devel-${version}} runHook postInstall @@ -231,6 +236,7 @@ stdenv.mkDerivation rec { extensions and themes to make the browser truly your own. ''; homepage = "https://www.palemoon.org/"; + changelog = "https://repo.palemoon.org/MoonchildProductions/Pale-Moon/releases/tag/${version}_Release"; license = licenses.mpl20; maintainers = with maintainers; [ AndersonTorres OPNA2608 ]; platforms = [ "i686-linux" "x86_64-linux" ]; diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix index 19469783629..01e68e7753b 100644 --- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix @@ -25,7 +25,7 @@ let else ""); in stdenv.mkDerivation rec { pname = "signal-desktop"; - version = "5.4.0"; # Please backport all updates to the stable channel. + version = "5.4.1"; # Please backport all updates to the stable channel. # All releases have a limited lifetime and "expire" 90 days after the release. # When releases "expire" the application becomes unusable until an update is # applied. The expiration date for the current release can be extracted with: @@ -35,7 +35,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb"; - sha256 = "046xy033ars70ay5ryj39i5053py00xj92ajdg212pamq415z1zb"; + sha256 = "1f1narpqj8gcyi4r574nqm1cbyi3azk1y7d1j300scr51gk74fq6"; }; nativeBuildInputs = [ diff --git a/pkgs/applications/networking/remote/x2goclient/default.nix b/pkgs/applications/networking/remote/x2goclient/default.nix index 4156c82f91b..d40d8032c29 100644 --- a/pkgs/applications/networking/remote/x2goclient/default.nix +++ b/pkgs/applications/networking/remote/x2goclient/default.nix @@ -1,20 +1,20 @@ -{ lib, fetchgit, cups, libssh, libXpm, nx-libs, openldap, openssh +{ lib, fetchurl, cups, libssh, libXpm, nx-libs, openldap, openssh , mkDerivation, qtbase, qtsvg, qtx11extras, qttools, phonon, pkg-config }: -mkDerivation { +mkDerivation rec { pname = "x2goclient"; - version = "unstable-2019-07-24"; + version = "4.1.2.2"; - src = fetchgit { - url = "git://code.x2go.org/x2goclient.git"; - rev = "704c4ab92d20070dd160824c9b66a6d1c56dcc49"; - sha256 = "1pndp3lfzwifyxqq0gps3p1bwakw06clbk6n8viv020l4bsfmq5f"; + src = fetchurl { + url = "https://code.x2go.org/releases/source/${pname}/${pname}-${version}.tar.gz"; + sha256 = "yZUyZ8QPpnEZrZanO6yx8mYZbaIFnwzc0bjVGZQh0So="; }; buildInputs = [ cups libssh libXpm nx-libs openldap openssh qtbase qtsvg qtx11extras qttools phonon pkg-config ]; postPatch = '' + substituteInPlace src/onmainwindow.cpp --replace "/usr/sbin/sshd" "${openssh}/bin/sshd" substituteInPlace Makefile \ --replace "SHELL=/bin/bash" "SHELL=$SHELL" \ --replace "lrelease-qt4" "${qttools.dev}/bin/lrelease" \ @@ -33,6 +33,7 @@ mkDerivation { meta = with lib; { description = "Graphical NoMachine NX3 remote desktop client"; homepage = "http://x2go.org/"; + maintainers = with maintainers; [ mkg20001 ]; license = licenses.gpl2; platforms = platforms.linux; }; diff --git a/pkgs/data/themes/arc/default.nix b/pkgs/data/themes/arc/default.nix index 630d928e602..ea2362c0529 100644 --- a/pkgs/data/themes/arc/default.nix +++ b/pkgs/data/themes/arc/default.nix @@ -46,7 +46,7 @@ stdenv.mkDerivation rec { ''; mesonFlags = [ - "-Dthemes=cinnamon,gnome-shell,gtk2,gtk3,plank,xfwm" + "-Dthemes=cinnamon,gnome-shell,gtk2,gtk3,plank,xfwm,metacity" "-Dvariants=light,darker,dark,lighter" "-Dcinnamon_version=${cinnamon.cinnamon-common.version}" "-Dgnome_shell_version=${gnome.gnome-shell.version}" diff --git a/pkgs/development/php-packages/composer/default.nix b/pkgs/development/php-packages/composer/default.nix index 23efc987a38..ff7aead0f90 100644 --- a/pkgs/development/php-packages/composer/default.nix +++ b/pkgs/development/php-packages/composer/default.nix @@ -1,14 +1,14 @@ { mkDerivation, fetchurl, makeWrapper, unzip, lib, php }: let pname = "composer"; - version = "2.1.2"; + version = "2.1.3"; in mkDerivation { inherit pname version; src = fetchurl { url = "https://getcomposer.org/download/${version}/composer.phar"; - sha256 = "0gd4hxkxdds3nxpbcd38chrkijha31p6nygdq3f73mbb984h3v1d"; + sha256 = "04ad2zsnf8qi6hzs9sak6y8xxyx8l0f7crmcimnp7nn8vsc2x9zq"; }; dontUnpack = true; diff --git a/pkgs/development/tools/analysis/qcachegrind/default.nix b/pkgs/development/tools/analysis/qcachegrind/default.nix index 75729d1eea4..1f7c6641b1c 100644 --- a/pkgs/development/tools/analysis/qcachegrind/default.nix +++ b/pkgs/development/tools/analysis/qcachegrind/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, qmake, qtbase, perl, python, php, kcachegrind }: +{ lib, stdenv, qmake, qtbase, perl, python, php, kcachegrind, wrapQtAppsHook }: let name = lib.replaceStrings ["kcachegrind"] ["qcachegrind"] kcachegrind.name; @@ -10,7 +10,7 @@ in stdenv.mkDerivation { buildInputs = [ qtbase perl python php ]; - nativeBuildInputs = [ qmake ]; + nativeBuildInputs = [ qmake wrapQtAppsHook ]; dontWrapQtApps = true; @@ -33,9 +33,13 @@ in stdenv.mkDerivation { install -Dm644 kcachegrind/48-apps-kcachegrind.png "$out/share/icons/hicolor/48x48/apps/kcachegrind.png" ''); + preFixup = '' + wrapQtApp "$out/bin/qcachegrind" + ''; + meta = with lib; { description = "A Qt GUI to visualize profiling data"; - license = licenses.gpl2; + license = licenses.gpl2Plus; platforms = platforms.unix; maintainers = with maintainers; [ periklis ]; }; diff --git a/pkgs/development/tools/build-managers/sbt/default.nix b/pkgs/development/tools/build-managers/sbt/default.nix index 7b9c6bca7e2..89628b81fbc 100644 --- a/pkgs/development/tools/build-managers/sbt/default.nix +++ b/pkgs/development/tools/build-managers/sbt/default.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation rec { pname = "sbt"; - version = "1.5.1"; + version = "1.5.3"; src = fetchurl { url = "https://github.com/sbt/sbt/releases/download/v${version}/sbt-${version}.tgz"; - sha256 = "0dsbqipr549awv584fyl227s1gknlpsf5krp990w7w3bbxl3avb7"; + sha256 = "10kIQNy+3V1SD4uEZs/BJ4E6bTCRV3wjBN8gw9jr9VQ="; }; postPatch = '' diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 6cf635da18b..f9c25f12368 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,38 +1,32 @@ { "4.14": { "extra": "-hardened1", - "name": "linux-hardened-4.14.234-hardened1.patch", - "sha256": "1vdr3j62whc2xdy1l4imkp6axpwh7r3cjp0sgsld7l5331x19qh7", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.234-hardened1/linux-hardened-4.14.234-hardened1.patch" + "name": "linux-hardened-4.14.236-hardened1.patch", + "sha256": "08wnc1acx8fnnrpaz5hxw9gakgk7qxf3kq1pycljl7396dnsy6xg", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.236-hardened1/linux-hardened-4.14.236-hardened1.patch" }, "4.19": { "extra": "-hardened1", - "name": "linux-hardened-4.19.192-hardened1.patch", - "sha256": "0gy4h73ygiqr6c9zbmfz4as18ldcnnzgc4qd2nss08m2x1cb1n76", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.192-hardened1/linux-hardened-4.19.192-hardened1.patch" + "name": "linux-hardened-4.19.194-hardened1.patch", + "sha256": "102w5algxybffy5176zzgz7knafpdc0lp9y5wjdrf6yr65l4j5rj", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.194-hardened1/linux-hardened-4.19.194-hardened1.patch" }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.40-hardened1.patch", - "sha256": "15nprqyw9whqghpnr39wpn54snxz49wdr4dq41dbmmqmrrlfyxnr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.40-hardened1/linux-hardened-5.10.40-hardened1.patch" - }, - "5.11": { - "extra": "-hardened1", - "name": "linux-hardened-5.11.22-hardened1.patch", - "sha256": "1lwf56pxyzqzjqw4k1qd93vi44abmbz6hqbalamz6ancxkb800hh", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.22-hardened1/linux-hardened-5.11.22-hardened1.patch" + "name": "linux-hardened-5.10.43-hardened1.patch", + "sha256": "0hx2g4brpk32phiin96w4kgsbibrcb69a22p0rsqcanxl76v48sz", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.43-hardened1/linux-hardened-5.10.43-hardened1.patch" }, "5.12": { "extra": "-hardened1", - "name": "linux-hardened-5.12.7-hardened1.patch", - "sha256": "1r8bf8hrxpzyxqcy3zf1m86bfi0lr4aijbrq12sqb7n2g1wc1j87", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.7-hardened1/linux-hardened-5.12.7-hardened1.patch" + "name": "linux-hardened-5.12.10-hardened1.patch", + "sha256": "0wyw33kg3xih2j19hsff9mapxjll8ad38il74gkcbnhwci0ys1mc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.10-hardened1/linux-hardened-5.12.10-hardened1.patch" }, "5.4": { "extra": "-hardened1", - "name": "linux-hardened-5.4.122-hardened1.patch", - "sha256": "1wa3h18gwgn4blkidf8mlw3r0nb2asya5rbwylghq3qnaa2hc0k7", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.122-hardened1/linux-hardened-5.4.122-hardened1.patch" + "name": "linux-hardened-5.4.125-hardened1.patch", + "sha256": "1vc6jgiglc4i5my9iw24yw16wi0x1lxkvyb6i619z3k3zh39gm04", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.125-hardened1/linux-hardened-5.4.125-hardened1.patch" } } diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 58804158761..9f40429f0ad 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.234"; + version = "4.14.236"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1mwqb9sq6qd9angl3xysdsrfpgppf46g3kiwg1svqgpgrx7cqn1b"; + sha256 = "0albmgxj3cb1dvjagj54l0ffa7kwi8brh7bqwj6gvzpylsby5sp4"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_14 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 23d651e21da..e42a1646791 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.192"; + version = "4.19.194"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1680dz4wjg721a8lqwh6ijd90zcr2f3wzcvhwgn3shbwgjkwsk87"; + sha256 = "15l80psfgffa756vpjxmjkwjqif2gpx441hpzr473xwryp6bvbma"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_19 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 8320c2fb9ce..4fc2985b586 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,13 +1,13 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.4.270"; + version = "4.4.272"; extraMeta.branch = "4.4"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1lz48gv1v3wvw9xvd3y9q4py7ii1g9fj4dwyvvjdzbipyw7s21pq"; + sha256 = "1ar468ymk96v2pq9x209z2z4wbypppb91jpw8g22aa30pr9aagyi"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_4 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 7dda6f5356d..d0cb868f172 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,13 +1,13 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.9.270"; + version = "4.9.272"; extraMeta.branch = "4.9"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0ck5abzpla291gcxrxjindj5szgcvmb2fwfilvdnzc6pnqk00ay3"; + sha256 = "0n0hrszaijdpnbdvd8bvz15m7g268is0zw84w4vaf37418whrgzq"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_9 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index ae8f5095307..50ef93c04b9 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.40"; + version = "5.10.43"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "091g9g29m4vh66bxihiylyprb3cxr8cy4m494klb2lkirlx8103l"; + sha256 = "00yl1g6irpwy3sy0d43qvlk7x1gfk4v1dyv460afxy527d1ixf43"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.11.nix b/pkgs/os-specific/linux/kernel/linux-5.11.nix deleted file mode 100644 index e6a8aef650b..00000000000 --- a/pkgs/os-specific/linux/kernel/linux-5.11.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, buildPackages, fetchurl, perl, buildLinux, nixosTests, modDirVersionArg ? null, ... } @ args: - -with lib; - -buildLinux (args // rec { - version = "5.11.22"; - - # modDirVersion needs to be x.y.z, will automatically add .0 if needed - modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; - - # branchVersion needs to be x.y - extraMeta.branch = versions.majorMinor version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "003nlphkqish6l4xblhi369v4qv2zck7529prkdnx4gb2ihpq0hi"; - }; - - kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_11 ]; -} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.12.nix b/pkgs/os-specific/linux/kernel/linux-5.12.nix index 80a25ad2396..6ae39a84891 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.12.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.12.7"; + version = "5.12.10"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0ircrclggrbmm80vz7irhg73qvhjddsmf7zclw5cqnnmm3qfj8jk"; + sha256 = "03v3wzpbxb78gf4wsnc5wv6683g439cm2bzcjj4q657dagy9km68"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_12 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index a245ee7c44e..94d5f6bd3ff 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.122"; + version = "5.4.125"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "00g6s3ymriwddshy5sd458b1wfvw2ynxv6dr63ziykwfq50jlr9p"; + sha256 = "0g73xfkmj4sahrk7gx72hm2i4m98gqghswqyf8yqh77b9857bvhp"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index 6d1c7339720..2001b350ecc 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "18096"; - sha256 = "08m7afj0h9bcgg8rx8ksp85hmaqjl4k4p4q4zy6x51788xn4mycg"; + rev = "18115"; + sha256 = "00wsxlhz7lc4qk7jcgshb05hvv3mm4m8r3zalc9wvp4r1r6xbbjp"; } , ... }: diff --git a/pkgs/os-specific/linux/kernel/linux-lqx.nix b/pkgs/os-specific/linux/kernel/linux-lqx.nix index 4bc5cee4444..609dc494c69 100644 --- a/pkgs/os-specific/linux/kernel/linux-lqx.nix +++ b/pkgs/os-specific/linux/kernel/linux-lqx.nix @@ -1,7 +1,7 @@ { lib, fetchFromGitHub, buildLinux, linux_zen, ... } @ args: let - version = "5.11.21"; + version = "5.12.9"; suffix = "lqx1"; in @@ -14,13 +14,13 @@ buildLinux (args // { owner = "zen-kernel"; repo = "zen-kernel"; rev = "v${version}-${suffix}"; - sha256 = "1klvik8nrqsqi5ijnga1li4gacsknmap75g2zp8f3hd3hz18d5n1"; + sha256 = "sha256-qmX66nz+gVOt1RGsUT9fA3wPUT7I9Z4jhxpybP0I8Cw="; }; extraMeta = { - branch = "5.10/master"; + branch = "5.12/master"; maintainers = with lib.maintainers; [ atemu ]; description = linux_zen.meta.description + " (Same as linux_zen but less aggressive release schedule)"; }; -} // (args.argsOverride or {})) +} // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index 90c0c4e2930..5567022edcc 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.35-rt39"; # updated by ./update-rt.sh + version = "5.10.41-rt42"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -18,14 +18,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1zcqsjzqgcvlhkjwhzs6sxgbhzkfg898pbisivjqfymp8nfs2dxc"; + sha256 = "0wb739q7dha8nxkd72x42k4in5nw633yw065ppwc8rq7x2fpa17n"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "03gq9y111k4js4cc87yc9y7hyg1wxwbc1bjyjdvb4nrx2wqka79y"; + sha256 = "1z8jgsq5fkg486xxawg4c4wk1l9xra7x1cfqaf4grhw0csbbx883"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix index 34efc8e21ee..8592ad4c3b3 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.4.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.4.115-rt57"; # updated by ./update-rt.sh + version = "5.4.123-rt59"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -14,14 +14,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "1llxk04vlpi7a4ca2f5vlcxfn68n8yhmsar3hsl259i7hms28isv"; + sha256 = "1pi223dls52piw65s3v4ml23wdyy73xpbdvp511187b6zgzk7zlf"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1xh7xi27q58njhfayi2lnk4id7hnlklkgh2zx012gxv4ari76g0k"; + sha256 = "1m1mnmk7h35p7dv6mg3pla6pw3b645hbbccjmp1jc3fyn6qiy6fq"; }; }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-zen.nix b/pkgs/os-specific/linux/kernel/linux-zen.nix index b28400819d5..47e72a61c18 100644 --- a/pkgs/os-specific/linux/kernel/linux-zen.nix +++ b/pkgs/os-specific/linux/kernel/linux-zen.nix @@ -1,7 +1,7 @@ { lib, fetchFromGitHub, buildLinux, ... } @ args: let - version = "5.11.16"; + version = "5.12.9"; suffix = "zen1"; in @@ -14,13 +14,13 @@ buildLinux (args // { owner = "zen-kernel"; repo = "zen-kernel"; rev = "v${version}-${suffix}"; - sha256 = "0jyicnpqccn194jrm1mc4zq0cil7ls9l57ws3nv783vlk7b0k3gv"; + sha256 = "sha256-Sbe7pY/htLRRx5Qs78BpEzNCSIEsnZMj1+bkAftZdbQ="; }; extraMeta = { - branch = "5.10/master"; + branch = "5.12/master"; maintainers = with lib.maintainers; [ atemu andresilva ]; description = "Built using the best configuration and kernel sources for desktop, multimedia, and gaming workloads."; }; -} // (args.argsOverride or {})) +} // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh index 087afb5b6a6..2b94f18f538 100644 --- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh +++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh @@ -216,7 +216,7 @@ nixBuild() { nixFlakeBuild() { if [ -z "$buildHost" ]; then - nix build "$@" --out-link "${tmpDir}/result" + nix "${flakeFlags[@]}" build "$@" --out-link "${tmpDir}/result" readlink -f "${tmpDir}/result" else local attr="$1" diff --git a/pkgs/tools/X11/opentabletdriver/default.nix b/pkgs/tools/X11/opentabletdriver/default.nix index 5128e4d30ca..2d1ce4a4e33 100644 --- a/pkgs/tools/X11/opentabletdriver/default.nix +++ b/pkgs/tools/X11/opentabletdriver/default.nix @@ -23,18 +23,18 @@ stdenv.mkDerivation rec { pname = "OpenTabletDriver"; - version = "0.5.3.1"; + version = "0.5.3.2"; src = fetchFromGitHub { owner = "InfinityGhost"; repo = "OpenTabletDriver"; rev = "v${version}"; - sha256 = "OT8/c+6wNpZyq/q7uMxIqmyJKNAq0B4ynEAqFF0GWyo="; + sha256 = "qRc/9Edp3x7/XVEWgBbPush76MSQz4biYSk+E9Gt68w="; }; debPkg = fetchurl { url = "https://github.com/InfinityGhost/OpenTabletDriver/releases/download/v${version}/OpenTabletDriver.deb"; - sha256 = "0nm0v1xhphl6g6rz3li4rbdp7408g6sf9l4nh3mbbif5042xa0qh"; + sha256 = "14k06iyc642x42yadyfmmf8ky84y8rc6kgd63b4ipskkcxyl1gvl"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/X11/opentabletdriver/deps.nix b/pkgs/tools/X11/opentabletdriver/deps.nix index 041795596b1..45ded855587 100644 --- a/pkgs/tools/X11/opentabletdriver/deps.nix +++ b/pkgs/tools/X11/opentabletdriver/deps.nix @@ -1,43 +1,48 @@ { fetchNuGet }: [ (fetchNuGet { name = "AtkSharp"; - version = "3.22.25.74"; - sha256 = "04zjpjrddw5clac0mjpk0q00rbmv45bh1bsqa4s3pc5pb7fm9cd9"; + version = "3.24.24.34"; + sha256 = "1jn1vgi9xm0jp7769k6sbdi8d273kigjrsh93i6s4c03hqxv7cqs"; }) (fetchNuGet { name = "CairoSharp"; - version = "3.22.25.74"; - sha256 = "0sx7vmwcrfbkg3g887v051iklcdmdhh43ndp96nk4bccjimmmwl6"; + version = "3.24.24.34"; + sha256 = "0pydn1k0cam1gclg9sc1sbnmbyzh28qlc5qanyxcylwghink3kgz"; }) (fetchNuGet { name = "Eto.Forms"; version = "2.5.10"; sha256 = "1d71wglk4ixfqfbm6sxmj753x5iwbar8i9zzjy3bh64fy1dn8lz7"; }) + (fetchNuGet { + name = "Eto.Forms"; + version = "2.5.11"; + sha256 = "0h86jc19wy3ssj7pb34w1h02v92mg29gdipszwjs3y15piy66z3s"; + }) (fetchNuGet { name = "Eto.Platform.Gtk"; - version = "2.5.10"; - sha256 = "1pkqvlfx7bzracnw19bl50i9jg4ym376vihmy9qq7m5z5nfdqn4g"; + version = "2.5.11"; + sha256 = "1s9njz7l9zghrbzli7lbiav5ss3glqf17npj07f3jldd933nb95j"; }) (fetchNuGet { name = "GdkSharp"; - version = "3.22.25.74"; - sha256 = "07sdfvqk2jmyjj7fyd0mikhnzsk52zd3g2dhip8kz3006cczqm81"; + version = "3.24.24.34"; + sha256 = "0r0x0yib7chwsyrbpvicrfwldwqx5lyqq4p86zaxpmzd6zdaj0x5"; }) (fetchNuGet { name = "GioSharp"; - version = "3.22.25.74"; - sha256 = "01l4216bm5jxbxypkkq4d2527c6zd68kbywr3h1lr1darc9nf1d1"; + version = "3.24.24.34"; + sha256 = "02hxvgjd4w9jpzbkk7qf9q9bkvyp5hfzwxfqp10vg5lpl9yl3xpx"; }) (fetchNuGet { name = "GLibSharp"; - version = "3.22.25.74"; - sha256 = "0k2p79z4wcswi528v0ykc37rsqfqi6xd6pl0j4csdj9zf19svgx2"; + version = "3.24.24.34"; + sha256 = "0kvp033fgdwc8p2abfp5z9pzq66cvwbnjfvr4v4bkpy5s5h181kq"; }) (fetchNuGet { name = "GtkSharp"; - version = "3.22.25.74"; - sha256 = "0vazfvkjyzppcynqa1h70s1jmp4vq2j30v5x2scg8n2c5dxaj0k3"; + version = "3.24.24.34"; + sha256 = "0028hzmmqyfx87qqmaf9cgb5psn7gkbmqvixcid67x1d6mzxjicb"; }) (fetchNuGet { name = "HidSharpCore"; @@ -126,8 +131,8 @@ }) (fetchNuGet { name = "PangoSharp"; - version = "3.22.25.74"; - sha256 = "172i1hjpz4rgqlilir8a57kgmciw9x0shz4zwbhhlr59mndvqbih"; + version = "3.24.24.34"; + sha256 = "1r0h14cklglfpv1lhv93cxmzi2w7d5s03gzpq3j5dmrz43flg9zw"; }) (fetchNuGet { name = "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl"; diff --git a/pkgs/tools/security/aws-iam-authenticator/default.nix b/pkgs/tools/security/aws-iam-authenticator/default.nix index f0eda76821d..d9f4f4a0173 100644 --- a/pkgs/tools/security/aws-iam-authenticator/default.nix +++ b/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -2,16 +2,18 @@ buildGoModule rec { pname = "aws-iam-authenticator"; - version = "0.5.2"; + version = "0.5.3"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = pname; rev = "v${version}"; - sha256 = "1xfc3a0dik4930va30sbl6687v6i5irv96fwis9lrqh5rjqnblqp"; + sha256 = "0ga3vf5gn7533iqnxn7kchb6xg5wvk92livlqzkhi5qvqhl1sbw0"; }; - vendorSha256 = null; + # Upstream has inconsistent vendoring, see https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/377 + deleteVendor = true; + vendorSha256 = "+Z8sENIMWXP29Piwb/W6i7UdNXVq6ZnO7AZbSaUYCME="; buildFlagsArray = [ "-ldflags=-s -w -X main.version=v${version}" ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a161dee933f..2ce87c6e10c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20394,13 +20394,6 @@ in ]; }; - linux_5_11 = callPackage ../os-specific/linux/kernel/linux-5.11.nix { - kernelPatches = [ - kernelPatches.bridge_stp_helper - kernelPatches.request_key_helper - ]; - }; - linux_5_12 = callPackage ../os-specific/linux/kernel/linux-5.12.nix { kernelPatches = [ kernelPatches.bridge_stp_helper @@ -20712,7 +20705,6 @@ in linuxPackages_4_19 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_4_19); linuxPackages_5_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_4); linuxPackages_5_10 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_10); - linuxPackages_5_11 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_11); linuxPackages_5_12 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_5_12); # When adding to the list above: @@ -20746,7 +20738,7 @@ in # Hardened Linux hardenedLinuxPackagesFor = kernel': overrides: let # Note: We use this hack since the hardened patches can lag behind and we don't want to delay updates: - linux_latest_for_hardened = pkgs.linux_5_11; + linux_latest_for_hardened = pkgs.linux_5_12; kernel = (if kernel' == pkgs.linux_latest then linux_latest_for_hardened else kernel').override overrides; in linuxPackagesFor (kernel.override { structuredExtraConfig = import ../os-specific/linux/kernel/hardened/config.nix {