public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'release-21.05' into staging-21.05

This commit is contained in:
Vladimír Čunát 2021-06-05 07:30:40 +02:00
parent 65a1f5fbdc 0edbcd01f6
commit 7b686ba07b
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
123 changed files with 1590 additions and 738 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/languages-frameworks/beam.section.md
View File

@ -8,9 +8,9 @@ In this document and related Nix expressions, we use the term, _BEAM_, to descri
All BEAM-related expressions are available via the top-level `beam` attribute, which includes:
- `interpreters`: a set of compilers running on the BEAM, including multiple Erlang/OTP versions (`beam.interpreters.erlangR19`, etc), Elixir (`beam.interpreters.elixir`) and LFE (Lisp Flavoured Erlang) (`beam.interpreters.lfe`).
- `interpreters`: a set of compilers running on the BEAM, including multiple Erlang/OTP versions (`beam.interpreters.erlangR22`, etc), Elixir (`beam.interpreters.elixir`) and LFE (Lisp Flavoured Erlang) (`beam.interpreters.lfe`).
- `packages`: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. `beam.packages.erlangR19`.
- `packages`: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. `beam.packages.erlang22`.
The default Erlang compiler, defined by `beam.interpreters.erlang`, is aliased as `erlang`. The default BEAM package set is defined by `beam.packages.erlang` and aliased at the top level as `beamPackages`.

10
maintainers/maintainer-list.nix
View File

@ -6587,6 +6587,16 @@
githubId = 1387206;
name = "Mike Sperber";
};
mikroskeem = {
email = "mikroskeem@mikroskeem.eu";
github = "mikroskeem";
githubId = 3490861;
name = "Mark Vainomaa";
keys = [{
longkeyid = "rsa4096/0xDA015B05B5A11B22";
fingerprint = "DB43 2895 CF68 F0CE D4B7 EF60 DA01 5B05 B5A1 1B22";
}];
};
milesbreslin = {
email = "milesbreslin@gmail.com";
github = "milesbreslin";

12
nixos/doc/manual/development/writing-nixos-tests.xml
View File

@ -436,6 +436,18 @@ machine.systemctl("list-jobs --no-pager", "any-user") # spawns a shell for `any-
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<methodname>shell_interact</methodname>
</term>
<listitem>
<para>
Allows you to directly interact with the guest shell.
This should only be used during test development, not in production tests.
Killing the interactive session with <literal>Ctrl-d</literal> or <literal>Ctrl-c</literal> also ends the guest session.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>

16
nixos/doc/manual/installation/upgrading.xml
View File

@ -14,7 +14,7 @@
<para>
<emphasis>Stable channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-20.09">nixos-20.09</literal>.
xlink:href="https://nixos.org/channels/nixos-21.05">nixos-21.05</literal>.
These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@ -38,7 +38,7 @@
<para>
<emphasis>Small channels</emphasis>, such as
<literal
xlink:href="https://nixos.org/channels/nixos-20.09-small">nixos-20.09-small</literal>
xlink:href="https://nixos.org/channels/nixos-21.05-small">nixos-21.05-small</literal>
or
<literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@ -63,8 +63,8 @@
<para>
When you first install NixOS, youre automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you
installed from a 20.09 ISO, you will be subscribed to the
<literal>nixos-20.09</literal> channel. To see which NixOS channel youre
installed from a 21.05 ISO, you will be subscribed to the
<literal>nixos-21.05</literal> channel. To see which NixOS channel youre
subscribed to, run the following as root:
<screen>
<prompt># </prompt>nix-channel --list | grep nixos
@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
<prompt># </prompt>nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For
instance, to use the NixOS 20.09 stable channel:
instance, to use the NixOS 21.05 stable channel:
<screen>
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09 nixos
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09-small nixos
<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable
kernel, initrd or kernel modules.
You can also specify a channel explicitly, e.g.
<programlisting>
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.09;
<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-21.05;
</programlisting>
</para>
</section>

294
nixos/doc/manual/release-notes/rl-2105.xml
View File

@ -3,8 +3,11 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-21.05">
<title>Release 21.05 (“Okapi”, 2021.05/??)</title>
<title>Release 21.05 (“Okapi”, 2021.05/31)</title>
<para>
Support is planned until the end of December 2021, handing over to 21.11.
</para>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
@ -18,114 +21,81 @@
</para>
<itemizedlist>
<listitem>
<para>
Support is planned until the end of December 2021, handing over to 21.11.
Core version changes:
</para>
<itemizedlist>
<listitem>
<para>
gcc: 9.3.0 -> 10.3.0
</para>
</listitem>
<listitem>
<para>
glibc: 2.30 -> 2.32
</para>
</listitem>
<listitem>
<para>
default linux: 5.4 -> 5.10, all supported kernels available
</para>
</listitem>
<listitem>
<para>
mesa: 20.1.7 -> 21.0.1
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Desktop Environments:
</para>
<itemizedlist>
<listitem>
<para>
GNOME: 3.36 -> 40, see its <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">release notes</link>
</para>
</listitem>
<listitem>
<para>
Plasma5: 5.18.5 -> 5.21.3
</para>
</listitem>
<listitem>
<para>
kdeApplications: 20.08.1 -> 20.12.3
</para>
</listitem>
<listitem>
<para>
cinnamon: 4.6 -> 4.8.1
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Programming Languages and Frameworks:
</para>
<itemizedlist>
<listitem>
<para>
Python optimizations were disabled again. Builds with optimizations enabled
are not reproducible. Optimizations can now be enabled with an option.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para>
<para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para>
</listitem>
<listitem>
<para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
packaged, along with a rewrite to the Nix expressions, allowing users to
override the features upstream supports selecting to compile or not to.
Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
now point to an externally wrapped by default derivations, that allow you to
also add `extraPythonPackages` to the Python interpreter used by GNURadio.
Missing environmental variables needed for operational GUI were also added
(<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
<code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
<code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
defined with <code>gnuradio.callPackage</code> and some packages that depend
on gnuradio are defined with this as well.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
Compared to the previous release, Privoxy has gained support for HTTPS
inspection (still experimental), Brotli decompression, several new filters
and lots of bug fixes, including security ones. In addition, the package
is now built with compression and external filters support, which were
previously disabled.
</para>
<para>
Regarding the NixOS module, new options for HTTPS inspection have been added
and <option>services.privoxy.extraConfig</option> has been replaced by the new
<xref linkend="opt-services.privoxy.settings"/>
(See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
for the motivation).
</para>
</listitem>
<listitem>
<para>
Python optimizations were disabled again. Builds with optimizations enabled
are not reproducible. Optimizations can now be enabled with an option.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
further details.
</para>
</listitem>
<listitem>
<para>
The <option>services.packagekit.backend</option> option has been removed as
it only supported a single setting which would always be the default.
Instead new <link
xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> compliant <xref linkend="opt-services.packagekit.settings"/>
and <xref linkend="opt-services.packagekit.vendorSettings"/> options have
been introduced.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
Now nginx uses the zlib-ng library by default.
</para>
</listitem>
<listitem>
<para>
KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
<link xlink:href="https://kde.org/announcements/gear/21.04/">release
notes</link> for details.
</para>
<para>
The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
in keeping with the new name. The old name remains for compatibility, but
it is deprecated.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
to version 4.4. The package now includes example configurations and manual
pages by default. The NixOS module has been changed to use the upstream
systemd units and write the configuration in the <literal>/etc/ipsec.d/
</literal> directory. In addition, two new options have been added to
specify connection policies
(<xref linkend="opt-services.libreswan.policies"/>)
and disable send/receive redirects
(<xref linkend="opt-services.libreswan.disableRedirects"/>).
</para>
</listitem>
</itemizedlist>
</section>
@ -141,6 +111,20 @@
</para>
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
packaged, along with a rewrite to the Nix expressions, allowing users to
override the features upstream supports selecting to compile or not to.
Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
now point to an externally wrapped by default derivations, that allow you to
also add `extraPythonPackages` to the Python interpreter used by GNURadio.
Missing environmental variables needed for operational GUI were also added
(<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.keycloak.org/">Keycloak</link>,
@ -193,6 +177,10 @@
</para>
<itemizedlist>
<listitem>
<para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
</listitem>
<listitem>
<para>
If you are using <option>services.udev.extraRules</option> to assign
@ -591,7 +579,7 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e
<programlisting>
self: super:
{
mpi = super.mpich;
mpi = super.mpich;
}
</programlisting>
</para>
@ -795,6 +783,16 @@ environment.systemPackages = [
the deprecated <option>services.radicale.config</option> is used.
</para>
</listitem>
<listitem>
<para>
In the <option>security.acme</option> module, use of <literal>--reuse-key</literal>
parameter for Lego has been removed. It was introduced for HKPK, but this security
feature is now deprecated. It is a better security practice to rotate key pairs
instead of always keeping the same. If you need to keep this parameter, you can add
it back using <literal>extraLegoRenewFlags</literal> as an option for the
appropriate certificate.
</para>
</listitem>
</itemizedlist>
</section>
@ -814,6 +812,85 @@ environment.systemPackages = [
for details.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
<code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
<code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
defined with <code>gnuradio.callPackage</code> and some packages that depend
on gnuradio are defined with this as well.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
Compared to the previous release, Privoxy has gained support for HTTPS
inspection (still experimental), Brotli decompression, several new filters
and lots of bug fixes, including security ones. In addition, the package
is now built with compression and external filters support, which were
previously disabled.
</para>
<para>
Regarding the NixOS module, new options for HTTPS inspection have been added
and <option>services.privoxy.extraConfig</option> has been replaced by the new
<xref linkend="opt-services.privoxy.settings"/>
(See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
for the motivation).
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
further details.
</para>
</listitem>
<listitem>
<para>
The <option>services.packagekit.backend</option> option has been removed as
it only supported a single setting which would always be the default.
Instead new <link
xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
0042</link> compliant <xref linkend="opt-services.packagekit.settings"/>
and <xref linkend="opt-services.packagekit.vendorSettings"/> options have
been introduced.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
Now nginx uses the zlib-ng library by default.
</para>
</listitem>
<listitem>
<para>
KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
<link xlink:href="https://kde.org/announcements/gear/21.04/">release
notes</link> for details.
</para>
<para>
The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
in keeping with the new name. The old name remains for compatibility, but
it is deprecated.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
to version 4.4. The package now includes example configurations and manual
pages by default. The NixOS module has been changed to use the upstream
systemd units and write the configuration in the <literal>/etc/ipsec.d/
</literal> directory. In addition, two new options have been added to
specify connection policies
(<xref linkend="opt-services.libreswan.policies"/>)
and disable send/receive redirects
(<xref linkend="opt-services.libreswan.disableRedirects"/>).
</para>
</listitem>
<listitem>
<para>
The Mailman NixOS module (<literal>services.mailman</literal>) has a new
@ -975,7 +1052,8 @@ environment.systemPackages = [
PulseAudio was upgraded to 14.0, with changes to the handling of default sinks.
See its <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release notes</link>.
</para>
</listitem>
<listitem>
<para>
GNOME users may wish to delete their <literal>~/.config/pulse</literal> due to the changes to stream routing
logic. See <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio bug 832</link>
@ -1166,6 +1244,14 @@ environment.systemPackages = [
Nixpkgs now contains <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically packaged GNOME Shell extensions</link> from the <link xlink:href="https://extensions.gnome.org/">GNOME Extensions</link> portal. You can find them, filed by their UUID, under <literal>gnome38Extensions</literal> attribute for GNOME 3.38 and under <literal>gnome40Extensions</literal> for GNOME 40. Finally, the <literal>gnomeExtensions</literal> attribute contains extensions for the latest GNOME Shell version in Nixpkgs, listed under a more human-friendly name. The unqualified attribute scope also contains manually packaged extensions. Note that the automatically packaged extensions are provided for convenience and are not checked or guaranteed to work.
</para>
</listitem>
<listitem>
<para>
Erlang/OTP versions older than R21 got dropped. We also dropped the cuter package, as it was purely an example of how to build a package.
We also dropped <literal>lfe_1_2</literal> as it could not build with R21+.
Moving forward, we expect to only support 3 yearly releases of OTP.
</para>
</listitem>
</itemizedlist>
</section>
</section>

11
nixos/lib/test-driver/test-driver.py
View File

@ -21,6 +21,7 @@ import shutil
import socket
import subprocess
import sys
import telnetlib
import tempfile
import time
import traceback
@ -455,6 +456,16 @@ class Machine:
return (status_code, output)
output += chunk
def shell_interact(self) -> None:
"""Allows you to interact with the guest shell
Should only be used during test development, not in the production test."""
self.connect()
self.log("Terminal is ready (there is no prompt):")
telnet = telnetlib.Telnet()
telnet.sock = self.shell # type: ignore
telnet.interact()
def succeed(self, *commands: str) -> str:
"""Execute each command and check that it succeeds."""
output = ""

39
nixos/modules/installer/cd-dvd/iso-image.nix
View File

@ -182,13 +182,29 @@ let
# Menu configuration
#
# Search using a "marker file"
search --set=root --file /EFI/nixos-installer-image
insmod gfxterm
insmod png
set gfxpayload=keep
set gfxmode=${concatStringsSep "," [
# GRUB will use the first valid mode listed here.
# `auto` will sometimes choose the smallest valid mode it detects.
# So instead we'll list a lot of possibly valid modes :/
#"3840x2160"
#"2560x1440"
"1920x1080"
"1366x768"
"1280x720"
"1024x768"
"800x600"
"auto"
]}
# Fonts can be loaded?
# (This font is assumed to always be provided as a fallback by NixOS)
if loadfont /EFI/boot/unicode.pf2; then
if loadfont (\$root)/EFI/boot/unicode.pf2; then
set with_fonts=true
fi
if [ "\$textmode" != "true" -a "\$with_fonts" == "true" ]; then
@ -212,11 +228,11 @@ let
${ # When there is a theme configured, use it, otherwise use the background image.
if config.isoImage.grubTheme != null then ''
# Sets theme.
set theme=/EFI/boot/grub-theme/theme.txt
set theme=(\$root)/EFI/boot/grub-theme/theme.txt
# Load theme fonts
$(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont /EFI/boot/grub-theme/%P\n")
$(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont (\$root)/EFI/boot/grub-theme/%P\n")
'' else ''
if background_image /EFI/boot/efi-background.png; then
if background_image (\$root)/EFI/boot/efi-background.png; then
# Black background means transparent background when there
# is a background image set... This seems undocumented :(
set color_normal=black/black
@ -239,6 +255,9 @@ let
} ''
mkdir -p $out/EFI/boot/
# Add a marker so GRUB can find the filesystem.
touch $out/EFI/nixos-installer-image
# ALWAYS required modules.
MODULES="fat iso9660 part_gpt part_msdos \
normal boot linux configfile loopback chain halt \
@ -294,12 +313,12 @@ let
${grubMenuCfg}
hiddenentry 'Text mode' --hotkey 't' {
loadfont /EFI/boot/unicode.pf2
loadfont (\$root)/EFI/boot/unicode.pf2
set textmode=true
terminal_output gfxterm console
}
hiddenentry 'GUI mode' --hotkey 'g' {
$(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont /EFI/boot/grub-theme/%P\n")
$(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont (\$root)/EFI/boot/grub-theme/%P\n")
set textmode=false
terminal_output gfxterm
}
@ -370,8 +389,10 @@ let
${lib.optionalString (refindBinary != null) ''
# GRUB apparently cannot do "chainloader" operations on "CD".
if [ "\$root" != "cd0" ]; then
# Force root to be the FAT partition
# Otherwise it breaks rEFInd's boot
search --set=root --no-floppy --fs-uuid 1234-5678
menuentry 'rEFInd' --class refind {
# \$root defaults to the drive the EFI is found on.
chainloader (\$root)/EFI/boot/${refindBinary}
}
fi
@ -403,7 +424,9 @@ let
mkdir ./boot
cp -p "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}" \
"${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}" ./boot/
touch --date=@0 ./EFI ./boot
# Rewrite dates for everything in the FS
find . -exec touch --date=2000-01-01 {} +
usage_size=$(du -sb --apparent-size . | tr -cd '[:digit:]')
# Make the image 110% as big as the files need to make up for FAT overhead

1
nixos/modules/module-list.nix
View File

@ -1111,6 +1111,7 @@
./virtualisation/openvswitch.nix
./virtualisation/parallels-guest.nix
./virtualisation/podman.nix
./virtualisation/podman-network-socket-ghostunnel.nix
./virtualisation/qemu-guest-agent.nix
./virtualisation/railcar.nix
./virtualisation/spice-usb-redirection.nix

2
nixos/modules/security/acme.nix
View File

@ -152,7 +152,7 @@ let
);
renewOpts = escapeShellArgs (
commonOpts
++ [ "renew" "--reuse-key" ]
++ [ "renew" ]
++ optionals data.ocspMustStaple [ "--must-staple" ]
++ data.extraLegoRenewFlags
);

17
nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix
View File

@ -35,13 +35,28 @@ in
{
<xref linkend="opt-services.prometheus.exporters.dovecot.enable" /> = true;
<xref linkend="opt-services.prometheus.exporters.dovecot.socketPath" /> = "/var/run/dovecot2/old-stats";
<xref linkend="opt-services.dovecot2.mailPlugins.globally.enable" /> = [ "old_stats" ];
<xref linkend="opt-services.dovecot2.extraConfig" /> = '''
mail_plugins = $mail_plugins old_stats
service old-stats {
unix_listener old-stats {
user = dovecot-exporter
group = dovecot-exporter
mode = 0660
}
fifo_listener old-stats-mail {
mode = 0660
user = dovecot
group = dovecot
}
fifo_listener old-stats-user {
mode = 0660
user = dovecot
group = dovecot
}
}
plugin {
old_stats_refresh = 30 secs
old_stats_track_cmds = yes
}
''';
}

18
nixos/modules/services/monitoring/prometheus/exporters/mail.nix
View File

@ -112,6 +112,24 @@ let
'';
description = ''
List of servers that should be probed.
<emphasis>Note:</emphasis> if your mailserver has <citerefentry>
<refentrytitle>rspamd</refentrytitle><manvolnum>8</manvolnum></citerefentry> configured,
it can happen that emails from this exporter are marked as spam.
It's possible to work around the issue with a config like this:
<programlisting>
{
<link linkend="opt-services.rspamd.locals._name_.text">services.rspamd.locals."multimap.conf".text</link> = '''
ALLOWLIST_PROMETHEUS {
filter = "email:domain:tld";
type = "from";
map = "''${pkgs.writeText "allowmap" "domain.tld"}";
score = -100.0;
}
''';
}
</programlisting>
'';
};
};

36
nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
View File

@ -5,21 +5,19 @@ with lib;
let
cfg = config.services.prometheus.exporters.rspamd;
prettyJSON = conf:
pkgs.runCommand "rspamd-exporter-config.yml" { } ''
echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq '.' > $out
'';
mkFile = conf:
pkgs.writeText "rspamd-exporter-config.yml" (builtins.toJSON conf);
generateConfig = extraLabels: {
metrics = (map (path: {
name = "rspamd_${replaceStrings [ "." " " ] [ "_" "_" ] path}";
name = "rspamd_${replaceStrings [ "[" "." " " "]" "\\" "'" ] [ "_" "_" "_" "" "" "" ] path}";
path = "{ .${path} }";
labels = extraLabels;
}) [
"actions.'add header'"
"actions.'no action'"
"actions.'rewrite subject'"
"actions.'soft reject'"
"actions['add\\ header']"
"actions['no\\ action']"
"actions['rewrite\\ subject']"
"actions['soft\\ reject']"
"actions.greylist"
"actions.reject"
"bytes_allocated"
@ -40,18 +38,18 @@ let
]) ++ [{
name = "rspamd_statfiles";
type = "object";
path = "$.statfiles[*]";
path = "{.statfiles[*]}";
labels = recursiveUpdate {
symbol = "$.symbol";
type = "$.type";
symbol = "{.symbol}";
type = "{.type}";
} extraLabels;
values = {
revision = "$.revision";
size = "$.size";
total = "$.total";
used = "$.used";
languages = "$.languages";
users = "$.users";
revision = "{.revision}";
size = "{.size}";
total = "{.total}";
used = "{.used}";
languages = "{.languages}";
users = "{.users}";
};
}];
};
@ -76,7 +74,7 @@ in
};
serviceOpts.serviceConfig.ExecStart = ''
${pkgs.prometheus-json-exporter}/bin/json_exporter \
--config.file ${prettyJSON (generateConfig cfg.extraLabels)} \
--config.file ${mkFile (generateConfig cfg.extraLabels)} \
--web.listen-address "${cfg.listenAddress}:${toString cfg.port}" \
${concatStringsSep " \\\n " cfg.extraFlags}
'';

22
nixos/modules/virtualisation/containers.nix
View File

@ -48,6 +48,23 @@ in
description = "containers.conf configuration";
};
containersConf.cniPlugins = mkOption {
type = types.listOf types.package;
defaultText = ''
[
pkgs.cni-plugins
]
'';
example = lib.literalExample ''
[
pkgs.cniPlugins.dnsname
]
'';
description = ''
CNI plugins to install on the system.
'';
};
registries = {
search = mkOption {
type = types.listOf types.str;
@ -97,8 +114,11 @@ in
};
config = lib.mkIf cfg.enable {
virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ];
virtualisation.containers.containersConf.settings = {
network.cni_plugin_dirs = [ "${pkgs.cni-plugins}/bin/" ];
network.cni_plugin_dirs = map (p: "${lib.getBin p}/bin") cfg.containersConf.cniPlugins;
engine = {
init_path = "${pkgs.catatonit}/bin/catatonit";
} // lib.optionalAttrs cfg.ociSeccompBpfHook.enable {

36
nixos/modules/virtualisation/podman-dnsname.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkOption
mkIf
types
;
cfg = config.virtualisation.podman;
in
{
options = {
virtualisation.podman = {
defaultNetwork.dnsname.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable DNS resolution in the default podman network.
'';
};
};
};
config = {
virtualisation.containers.containersConf.cniPlugins = mkIf cfg.defaultNetwork.dnsname.enable [ pkgs.dnsname-cni ];
virtualisation.podman.defaultNetwork.extraPlugins =
lib.optional cfg.defaultNetwork.dnsname.enable {
type = "dnsname";
domainName = "dns.podman";
capabilities.aliases = true;
};
};
}

34
nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, lib, pkg, ... }:
let
inherit (lib)
mkOption
types
;
cfg = config.virtualisation.podman.networkSocket;
in
{
options.virtualisation.podman.networkSocket = {
server = mkOption {
type = types.enum [ "ghostunnel" ];
};
};
config = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") {
services.ghostunnel = {
enable = true;
servers."podman-socket" = {
inherit (cfg.tls) cert key cacert;
listen = "${cfg.listenAddress}:${toString cfg.port}";
target = "unix:/run/podman/podman.sock";
allowAll = lib.mkDefault true;
};
};
systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = ["podman"];
};
meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
}

91
nixos/modules/virtualisation/podman-network-socket.nix Normal file
View File

@ -0,0 +1,91 @@
{ config, lib, pkg, ... }:
let
inherit (lib)
mkOption
types
;
cfg = config.virtualisation.podman.networkSocket;
in
{
options.virtualisation.podman.networkSocket = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Make the Podman and Docker compatibility API available over the network
with TLS client certificate authentication.
This allows Docker clients to connect with the equivalents of the Docker
CLI <code>-H</code> and <code>--tls*</code> family of options.
For certificate setup, see https://docs.docker.com/engine/security/protect-access/
This option is independent of <xref linkend="opt-virtualisation.podman.dockerSocket.enable"/>.
'';
};
server = mkOption {
type = types.enum [];
description = ''
Choice of TLS proxy server.
'';
example = "ghostunnel";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the port in the firewall.
'';
};
tls.cacert = mkOption {
type = types.path;
description = ''
Path to CA certificate to use for client authentication.
'';
};
tls.cert = mkOption {
type = types.path;
description = ''
Path to certificate describing the server.
'';
};
tls.key = mkOption {
type = types.path;
description = ''
Path to the private key corresponding to the server certificate.
Use a string for this setting. Otherwise it will be copied to the Nix
store first, where it is readable by any system process.
'';
};
port = mkOption {
type = types.port;
default = 2376;
description = ''
TCP port number for receiving TLS connections.
'';
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
Interface address for receiving TLS connections.
'';
};
};
config = {
networking.firewall.allowedTCPPorts =
lib.optional (cfg.enable && cfg.openFirewall) cfg.port;
};
meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
}

65
nixos/modules/virtualisation/podman.nix
View File

@ -1,7 +1,8 @@
{ config, lib, pkgs, utils, ... }:
{ config, lib, pkgs, ... }:
let
cfg = config.virtualisation.podman;
toml = pkgs.formats.toml { };
json = pkgs.formats.json { };
inherit (lib) mkOption types;
@ -22,9 +23,24 @@ let
done
'';
net-conflist = pkgs.runCommand "87-podman-bridge.conflist" {
nativeBuildInputs = [ pkgs.jq ];
extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
jqScript = ''
. + { "plugins": (.plugins + $extraPlugins) }
'';
} ''
jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
--argjson extraPlugins "$extraPlugins" \
"$jqScript" \
>$out
'';
in
{
imports = [
./podman-dnsname.nix
./podman-network-socket.nix
(lib.mkRenamedOptionModule [ "virtualisation" "podman" "libpod" ] [ "virtualisation" "containers" "containersConf" ])
];
@ -46,6 +62,20 @@ in
'';
};
dockerSocket.enable = mkOption {
type = types.bool;
default = false;
description = ''
Make the Podman socket available in place of the Docker socket, so
Docker tools can find the Podman socket.
Podman implements the Docker API.
Users must be in the <code>podman</code> group in order to connect. As
with Docker, members of this group can gain root access.
'';
};
dockerCompat = mkOption {
type = types.bool;
default = false;
@ -84,6 +114,13 @@ in
'';
};
defaultNetwork.extraPlugins = lib.mkOption {
type = types.listOf json.type;
default = [];
description = ''
Extra CNI plugin configurations to add to podman's default network.
'';
};
};
@ -92,7 +129,7 @@ in
environment.systemPackages = [ cfg.package ]
++ lib.optional cfg.dockerCompat dockerCompat;
environment.etc."cni/net.d/87-podman-bridge.conflist".source = utils.copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist";
environment.etc."cni/net.d/87-podman-bridge.conflist".source = net-conflist;
virtualisation.containers = {
enable = true; # Enable common /etc/containers configuration
@ -111,14 +148,36 @@ in
};
systemd.sockets.podman.wantedBy = [ "sockets.target" ];
systemd.sockets.podman.socketConfig.SocketGroup = "podman";
systemd.tmpfiles.packages = [ cfg.package ];
systemd.tmpfiles.packages = [
# The /run/podman rule interferes with our podman group, so we remove
# it and let the systemd socket logic take care of it.
(pkgs.runCommand "podman-tmpfiles-nixos" { package = cfg.package; } ''
mkdir -p $out/lib/tmpfiles.d/
grep -v 'D! /run/podman 0700 root root' \
<$package/lib/tmpfiles.d/podman.conf \
>$out/lib/tmpfiles.d/podman.conf
'') ];
systemd.tmpfiles.rules =
lib.optionals cfg.dockerSocket.enable [
"L! /run/docker.sock - - - - /run/podman/podman.sock"
];
users.groups.podman = {};
assertions = [
{
assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable;
message = "Option dockerCompat conflicts with docker";
}
{
assertion = cfg.dockerSocket.enable -> !config.virtualisation.docker.enable;
message = ''
The options virtualisation.podman.dockerSocket.enable and virtualisation.docker.enable conflict, because only one can serve the socket.
'';
}
];
}
]);

2
nixos/tests/all-tests.nix
View File

@ -335,6 +335,8 @@ in
plotinus = handleTest ./plotinus.nix {};
podgrab = handleTest ./podgrab.nix {};
podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
podman-dnsname = handleTestOn ["x86_64-linux"] ./podman-dnsname.nix {};
podman-tls-ghostunnel = handleTestOn ["x86_64-linux"] ./podman-tls-ghostunnel.nix {};
pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
postfix = handleTest ./postfix.nix {};
postfix-raise-smtpd-tls-security-level = handleTest ./postfix-raise-smtpd-tls-security-level.nix {};

14
nixos/tests/docker-tools.nix
View File

@ -20,6 +20,20 @@ import ./make-test-python.nix ({ pkgs, ... }: {
docker.wait_for_unit("sockets.target")
with subtest("includeStorePath"):
with subtest("assumption"):
docker.succeed("${examples.helloOnRoot} | docker load")
docker.succeed("set -euo pipefail; docker run --rm hello | grep -i hello")
docker.succeed("docker image rm hello:latest")
with subtest("includeStorePath = false; breaks example"):
docker.succeed("${examples.helloOnRootNoStore} | docker load")
docker.fail("set -euo pipefail; docker run --rm hello | grep -i hello")
docker.succeed("docker image rm hello:latest")
with subtest("includeStorePath = false; works with mounted store"):
docker.succeed("${examples.helloOnRootNoStore} | docker load")
docker.succeed("set -euo pipefail; docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
docker.succeed("docker image rm hello:latest")
with subtest("Ensure Docker images use a stable date by default"):
docker.succeed(
"docker load --input='${examples.bash}'"

42
nixos/tests/podman-dnsname.nix Normal file
View File

@ -0,0 +1,42 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
let
inherit (pkgs) writeTextDir python3 curl;
webroot = writeTextDir "index.html" "<h1>Hi</h1>";
in
{
name = "podman-dnsname";
meta = {
maintainers = with lib.maintainers; [ roberth ] ++ lib.teams.podman.members;
};
nodes = {
podman = { pkgs, ... }: {
virtualisation.podman.enable = true;
virtualisation.podman.defaultNetwork.dnsname.enable = true;
};
};
testScript = ''
podman.wait_for_unit("sockets.target")
with subtest("DNS works"): # also tests inter-container tcp routing
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed(
"podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${webroot} scratchimg ${python3}/bin/python -m http.server 8000"
)
podman.succeed("podman ps | grep webserver")
podman.succeed("""
for i in `seq 0 120`; do
podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${curl}/bin/curl http://webserver:8000 >/dev/console \
&& exit 0
sleep 0.5
done
exit 1
""")
podman.succeed("podman stop webserver")
podman.succeed("podman rm webserver")
'';
}
)

150
nixos/tests/podman-tls-ghostunnel.nix Normal file
View File

@ -0,0 +1,150 @@
/*
This test runs podman as a backend for the Docker CLI.
*/
import ./make-test-python.nix (
{ pkgs, lib, ... }:
let gen-ca = pkgs.writeScript "gen-ca" ''
# Create CA
PATH="${pkgs.openssl}/bin:$PATH"
openssl genrsa -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca.pem
# Create service
openssl genrsa -out podman-key.pem 4096
openssl req -subj '/CN=podman' -sha256 -new -key podman-key.pem -out service.csr
echo subjectAltName = DNS:podman,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -in service.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out podman-cert.pem -extfile extfile.cnf
# Create client
openssl genrsa -out client-key.pem 4096
openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -extfile extfile-client.cnf
# Create CA 2
PATH="${pkgs.openssl}/bin:$PATH"
openssl genrsa -out ca-2-key.pem 4096
openssl req -new -x509 -days 365 -key ca-2-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca-2.pem
# Create client signed by CA 2
openssl genrsa -out client-2-key.pem 4096
openssl req -subj '/CN=client' -new -key client-2-key.pem -out client-2.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -in client-2.csr -CA ca-2.pem -CAkey ca-2-key.pem -CAcreateserial -out client-2-cert.pem -extfile extfile-client.cnf
'';
in
{
name = "podman-tls-ghostunnel";
meta = {
maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
};
nodes = {
podman =
{ pkgs, ... }:
{
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
virtualisation.podman.networkSocket = {
enable = true;
openFirewall = true;
server = "ghostunnel";
tls.cert = "/root/podman-cert.pem";
tls.key = "/root/podman-key.pem";
tls.cacert = "/root/ca.pem";
};
environment.systemPackages = [
pkgs.docker-client
];
users.users.alice = {
isNormalUser = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = ["podman"];
};
};
client = { ... }: {
environment.systemPackages = [
# Installs the docker _client_ only
# Normally, you'd want `virtualisation.docker.enable = true;`.
pkgs.docker-client
];
environment.variables.DOCKER_HOST = "podman:2376";
environment.variables.DOCKER_TLS_VERIFY = "1";
};
};
testScript = ''
import shlex
def su_cmd(user, cmd):
cmd = shlex.quote(cmd)
return f"su {user} -l -c {cmd}"
def cmd(command):
print(f"+{command}")
r = os.system(command)
if r != 0:
raise Exception(f"Command {command} failed with exit code {r}")
start_all()
cmd("${gen-ca}")
podman.copy_from_host("ca.pem", "/root/ca.pem")
podman.copy_from_host("podman-cert.pem", "/root/podman-cert.pem")
podman.copy_from_host("podman-key.pem", "/root/podman-key.pem")
client.copy_from_host("ca.pem", "/root/.docker/ca.pem")
# client.copy_from_host("podman-cert.pem", "/root/podman-cert.pem")
client.copy_from_host("client-cert.pem", "/root/.docker/cert.pem")
client.copy_from_host("client-key.pem", "/root/.docker/key.pem")
# TODO (ghostunnel): add file watchers so the restart isn't necessary
podman.succeed("systemctl reset-failed && systemctl restart ghostunnel-server-podman-socket.service")
podman.wait_for_unit("sockets.target")
podman.wait_for_unit("ghostunnel-server-podman-socket.service")
with subtest("Create default network"):
podman.succeed("docker network create default")
with subtest("Root docker cli also works"):
podman.succeed("docker version")
with subtest("A podman member can also still use the docker cli"):
podman.succeed(su_cmd("alice", "docker version"))
with subtest("Run container remotely via docker cli"):
client.succeed("docker version")
# via socket would be nicer
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
client.succeed(
"docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
client.succeed("docker ps | grep sleeping")
podman.succeed("docker ps | grep sleeping")
client.succeed("docker stop sleeping")
client.succeed("docker rm sleeping")
with subtest("Clients without cert will be denied"):
client.succeed("rm /root/.docker/{cert,key}.pem")
client.fail("docker version")
with subtest("Clients with wrong cert will be denied"):
client.copy_from_host("client-2-cert.pem", "/root/.docker/cert.pem")
client.copy_from_host("client-2-key.pem", "/root/.docker/key.pem")
client.fail("docker version")
'';
}
)

38
nixos/tests/podman.nix
View File

@ -13,10 +13,23 @@ import ./make-test-python.nix (
{
virtualisation.podman.enable = true;
# To test docker socket support
virtualisation.podman.dockerSocket.enable = true;
environment.systemPackages = [
pkgs.docker-client
];
users.users.alice = {
isNormalUser = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "podman" ];
};
users.users.mallory = {
isNormalUser = true;
home = "/home/mallory";
description = "Mallory Foobar";
};
};
@ -26,9 +39,9 @@ import ./make-test-python.nix (
import shlex
def su_cmd(cmd):
def su_cmd(cmd, user = "alice"):
cmd = shlex.quote(cmd)
return f"su alice -l -c {cmd}"
return f"su {user} -l -c {cmd}"
podman.wait_for_unit("sockets.target")
@ -105,6 +118,27 @@ import ./make-test-python.nix (
assert pid == "1"
pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip()
assert pid == "2"
with subtest("A podman member can use the docker cli"):
podman.succeed(su_cmd("docker version"))
with subtest("Run container via docker cli"):
podman.succeed("docker network create default")
podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
podman.succeed(
"docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
)
podman.succeed("docker ps | grep sleeping")
podman.succeed("podman ps | grep sleeping")
podman.succeed("docker stop sleeping")
podman.succeed("docker rm sleeping")
podman.succeed("docker network rm default")
with subtest("A podman non-member can not use the docker cli"):
podman.fail(su_cmd("docker version", user="mallory"))
# TODO: add docker-compose test
'';
}
)

2
pkgs/applications/audio/dr14_tmeter/default.nix
View File

@ -14,7 +14,7 @@ python3Packages.buildPythonApplication rec {
};
propagatedBuildInputs = with pkgs; [
python3Packages.numpy flac vorbis-tools ffmpeg_3 faad2 lame
python3Packages.numpy flac vorbis-tools ffmpeg faad2 lame
];
# There are no tests

20
pkgs/applications/audio/schismtracker/default.nix
View File

@ -1,19 +1,25 @@
{ lib, stdenv, fetchFromGitHub
{ lib
, stdenv
, fetchFromGitHub
, autoreconfHook
, alsaLib, python, SDL }:
, alsaLib
, python
, SDL
}:
stdenv.mkDerivation rec {
pname = "schismtracker";
version = "20200412";
version = "20210525";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
sha256 = "1n6cgjiw3vkv7a1h1nki5syyjxjb6icknr9s049w2jrag10bxssn";
sha256 = "06ybkbqry7f7lmzgwb9s7ipafshl5gdj98lcjsjkcbnywj8r9b3h";
};
configureFlags = [ "--enable-dependency-tracking" ];
configureFlags = [ "--enable-dependency-tracking" ]
++ lib.optional stdenv.isDarwin "--disable-sdltest";
nativeBuildInputs = [ autoreconfHook python ];
@ -22,8 +28,8 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Music tracker application, free reimplementation of Impulse Tracker";
homepage = "http://schismtracker.org/";
license = licenses.gpl2;
platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
license = licenses.gpl2Plus;
platforms = platforms.unix;
maintainers = with maintainers; [ ftrvxmtrx ];
};
}

26
pkgs/applications/graphics/antimony/default.nix
View File

@ -1,6 +1,7 @@
{ lib, stdenv, fetchFromGitHub, libpng, python3
, libGLU, libGL, qtbase, wrapQtAppsHook, ncurses
, cmake, flex, lemon
, makeDesktopItem, copyDesktopItems
}:
let
@ -27,12 +28,35 @@ in
sed -i "s,python3,${python3.executable}," CMakeLists.txt
'';
postInstall = lib.optionalString stdenv.isLinux ''
install -Dm644 $src/deploy/icon.svg $out/share/icons/hicolor/scalable/apps/antimony.svg
install -Dm644 ${./mimetype.xml} $out/share/mime/packages/antimony.xml
'';
buildInputs = [
libpng python3 python3.pkgs.boost
libGLU libGL qtbase ncurses
];
nativeBuildInputs = [ cmake flex lemon wrapQtAppsHook ];
nativeBuildInputs = [ cmake flex lemon wrapQtAppsHook copyDesktopItems ];
desktopItems = [
(makeDesktopItem {
name = "antimony";
desktopName = "Antimony";
comment="Tree-based Modeler";
genericName = "CAD Application";
exec = "antimony %f";
icon = "antimony";
terminal = "false";
categories = "Graphics;Science;Engineering";
mimeType = "application/x-extension-sb;application/x-antimony;";
extraEntries = ''
StartupWMClass=antimony
Version=1.0
'';
})
];
cmakeFlags= [
"-DGITREV=${gitRev}"

7
pkgs/applications/graphics/antimony/mimetype.xml Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
<mime-type type="application/x-antimony">
<comment xml:lang="en">Antimony model</comment>
<glob pattern="*.sb"/>
</mime-type>
</mime-info>

19
pkgs/applications/misc/blender/darwin.patch
View File

@ -1,5 +1,4 @@
diff --git a/build_files/cmake/platform/platform_apple.cmake b/build_files/cmake/platform/platform_apple.cmake
index 31da529..90308aa 100644
--- a/build_files/cmake/platform/platform_apple.cmake
+++ b/build_files/cmake/platform/platform_apple.cmake
@@ -77,7 +77,6 @@ else()
@ -10,7 +9,7 @@ index 31da529..90308aa 100644
endif()
# Prefer lib directory paths
@@ -113,10 +112,6 @@ if(WITH_CODEC_SNDFILE)
@@ -114,10 +113,6 @@ if(WITH_CODEC_SNDFILE)
find_library(_sndfile_VORBIS_LIBRARY NAMES vorbis HINTS ${LIBDIR}/ffmpeg/lib)
find_library(_sndfile_VORBISENC_LIBRARY NAMES vorbisenc HINTS ${LIBDIR}/ffmpeg/lib)
list(APPEND LIBSNDFILE_LIBRARIES
@ -21,16 +20,16 @@ index 31da529..90308aa 100644
)
print_found_status("SndFile libraries" "${LIBSNDFILE_LIBRARIES}")
@@ -133,7 +128,7 @@ if(WITH_PYTHON)
@@ -134,7 +129,7 @@ if(WITH_PYTHON)
# normally cached but not since we include them with blender
set(PYTHON_INCLUDE_DIR "${LIBDIR}/python/include/python${PYTHON_VERSION}m")
set(PYTHON_EXECUTABLE "${LIBDIR}/python/bin/python${PYTHON_VERSION}m")
- set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}m.a)
+ set(PYTHON_LIBRARY "${LIBDIR}/python/lib/libpython${PYTHON_VERSION}m.dylib")
set(PYTHON_INCLUDE_DIR "${LIBDIR}/python/include/python${PYTHON_VERSION}")
set(PYTHON_EXECUTABLE "${LIBDIR}/python/bin/python${PYTHON_VERSION}")
- set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}.a)
+ set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}.dylib)
set(PYTHON_LIBPATH "${LIBDIR}/python/lib/python${PYTHON_VERSION}")
# set(PYTHON_LINKFLAGS "-u _PyMac_Error") # won't build with this enabled
else()
@@ -174,9 +169,7 @@ endif()
@@ -175,9 +170,7 @@ endif()
if(WITH_CODEC_FFMPEG)
set(FFMPEG_FIND_COMPONENTS
avcodec avdevice avformat avutil
@ -41,7 +40,7 @@ index 31da529..90308aa 100644
find_package(FFmpeg)
endif()
@@ -267,7 +260,6 @@ if(WITH_BOOST)
@@ -275,7 +268,6 @@ if(WITH_BOOST)
endif()
if(WITH_INTERNATIONAL OR WITH_CODEC_FFMPEG)
@ -49,7 +48,7 @@ index 31da529..90308aa 100644
endif()
if(WITH_PUGIXML)
@@ -451,7 +443,7 @@ else()
@@ -476,7 +468,7 @@ else()
set(CMAKE_CXX_FLAGS_RELEASE "-O2 -mdynamic-no-pic")
endif()

22
pkgs/applications/misc/blender/default.nix
View File

@ -1,7 +1,7 @@
{ config, stdenv, lib, fetchurl, fetchzip, boost, cmake, ffmpeg, gettext, glew
, ilmbase, libXi, libX11, libXext, libXrender
, libjpeg, libpng, libsamplerate, libsndfile
, libtiff, libGLU, libGL, openal, opencolorio, openexr, openimagedenoise, openimageio2, openjpeg, python3Packages
, libtiff, libGLU, libGL, openal, opencolorio, openexr, openimagedenoise, openimageio2, openjpeg, python39Packages
, openvdb, libXxf86vm, tbb, alembic
, zlib, fftw, opensubdiv, freetype, jemalloc, ocl-icd, addOpenGLRunpath
, jackaudioSupport ? false, libjack2
@ -17,7 +17,7 @@
with lib;
let
python = python3Packages.python;
python = python39Packages.python;
optix = fetchzip {
url = "https://developer.download.nvidia.com/redist/optix/v7.0/OptiX-7.0.0-include.zip";
sha256 = "1b3ccd3197anya2bj3psxdrvrpfgiwva5zfv2xmyrl73nb2dvfr7";
@ -26,16 +26,16 @@ let
in
stdenv.mkDerivation rec {
pname = "blender";
version = "2.92.0";
version = "2.93.0";
src = fetchurl {
url = "https://download.blender.org/source/${pname}-${version}.tar.xz";
sha256 = "15a5vffn18a920286x0avbc2rap56k6y531wgibq68r90g2cz4g7";
sha256 = "0f2rpqa39sir6g90khd2d2fs4kss0zhk7vya1nscf5yp8r566fxs";
};
patches = lib.optional stdenv.isDarwin ./darwin.patch;
nativeBuildInputs = [ cmake makeWrapper python3Packages.wrapPython llvmPackages.llvm.dev ]
nativeBuildInputs = [ cmake makeWrapper python39Packages.wrapPython llvmPackages.llvm.dev ]
++ optionals cudaSupport [ addOpenGLRunpath ];
buildInputs =
[ boost ffmpeg gettext glew ilmbase
@ -64,7 +64,7 @@ stdenv.mkDerivation rec {
++ optional cudaSupport cudatoolkit
++ optional colladaSupport opencollada
++ optional spaceNavSupport libspnav;
pythonPath = with python3Packages; [ numpy requests ];
pythonPath = with python39Packages; [ numpy requests ];
postPatch = ''
# allow usage of dynamically linked embree
@ -78,16 +78,12 @@ stdenv.mkDerivation rec {
--replace '${"$"}{LIBDIR}/openmp' \
'${llvmPackages.openmp}'
substituteInPlace build_files/cmake/platform/platform_apple.cmake \
--replace 'set(PYTHON_VERSION 3.7)' \
'set(PYTHON_VERSION ${python.pythonVersion})' \
--replace '${"$"}{PYTHON_VERSION}m' \
'${"$"}{PYTHON_VERSION}' \
--replace '${"$"}{LIBDIR}/python' \
'${python}' \
--replace '${"$"}{LIBDIR}/opencollada' \
'${opencollada}' \
--replace '${"$"}{PYTHON_LIBPATH}/site-packages/numpy' \
'${python3Packages.numpy}/${python.sitePackages}/numpy'
'${python39Packages.numpy}/${python.sitePackages}/numpy'
'' else ''
substituteInPlace extern/clew/src/clew.c --replace '"libOpenCL.so"' '"${ocl-icd}/lib/libOpenCL.so"'
'');
@ -109,8 +105,8 @@ stdenv.mkDerivation rec {
"-DPYTHON_VERSION=${python.pythonVersion}"
"-DWITH_PYTHON_INSTALL=OFF"
"-DWITH_PYTHON_INSTALL_NUMPY=OFF"
"-DPYTHON_NUMPY_PATH=${python3Packages.numpy}/${python.sitePackages}"
"-DPYTHON_NUMPY_INCLUDE_DIRS=${python3Packages.numpy}/${python.sitePackages}/numpy/core/include"
"-DPYTHON_NUMPY_PATH=${python39Packages.numpy}/${python.sitePackages}"
"-DPYTHON_NUMPY_INCLUDE_DIRS=${python39Packages.numpy}/${python.sitePackages}/numpy/core/include"
"-DWITH_PYTHON_INSTALL_REQUESTS=OFF"
"-DWITH_OPENVDB=ON"
"-DWITH_TBB=ON"

7
pkgs/applications/networking/browsers/chromium/common.nix
View File

@ -165,14 +165,10 @@ let
./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
# Fix the build by adding a missing dependency (s. https://crbug.com/1197837):
./patches/fix-missing-atspi2-dependency.patch
] ++ optionals (chromiumVersionAtLeast "91") [
./patches/closure_compiler-Use-the-Java-binary-from-the-system.patch
];
postPatch = lib.optionalString (chromiumVersionAtLeast "91") ''
# Required for patchShebangs (unsupported):
chmod -x third_party/webgpu-cts/src/tools/deno
'' + ''
postPatch = ''
# remove unused third-party
for lib in ${toString gnSystemLibraries}; do
if [ -d "third_party/$lib" ]; then
@ -191,6 +187,7 @@ let
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
fi
chmod -x third_party/webgpu-cts/src/tools/deno
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \

16
pkgs/applications/networking/browsers/chromium/upstream-info.json
View File

@ -44,19 +44,19 @@
}
},
"ungoogled-chromium": {
"version": "90.0.4430.212",
"sha256": "17nmhrkl81qqvzbh861k2mmifncx4wg1mv1fmn52f8gzn461vqdb",
"sha256bin64": "1y33c5829s22yfj0qmsj8fpcxnjhcm3fsxz7744csfsa9cy4fjr7",
"version": "91.0.4472.77",
"sha256": "0c8vj3gq3nmb7ssiwj6875g0a8hcprss1a4gqw9h7llqywza9ma5",
"sha256bin64": "0caf47xam5igdnbhipal1iyicnxxvadhi61k199rwysrvyv5sdad",
"deps": {
"gn": {
"version": "2021-02-09",
"version": "2021-04-06",
"url": "https://gn.googlesource.com/gn",
"rev": "dfcbc6fed0a8352696f92d67ccad54048ad182b3",
"sha256": "1941bzg37c4dpsk3sh6ga3696gpq6vjzpcw9rsnf6kdr9mcgdxvn"
"rev": "dba01723a441c358d843a575cb7720d54ddcdf92",
"sha256": "199xkks67qrn0xa5fhp24waq2vk8qb78a96cb3kdd8v1hgacgb8x"
},
"ungoogled-patches": {
"rev": "90.0.4430.212-1",
"sha256": "05jh05a4g50ws7pr18dl5pwi95knygh6xywp7kyydir7wy1pbin8"
"rev": "91.0.4472.77-1",
"sha256": "1jfmmkw1y4rcjfgsm7b4v2lrgd3sks5qpajvq0djflbhkpsqxfk0"
}
}
}

8
pkgs/applications/networking/browsers/firefox/common.nix
View File

@ -16,6 +16,10 @@
### optionals
## backported libraries
, rust-cbindgen_latest
## optional libraries
, alsaSupport ? stdenv.isLinux, alsaLib
@ -90,6 +94,8 @@ let
then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
else "/bin";
rust-cbindgen_pkg = if lib.versionAtLeast ffversion "89" then rust-cbindgen_latest else rust-cbindgen;
# 78 ESR won't build with rustc 1.47
inherit (if lib.versionAtLeast ffversion "82" then rustPackages else rustPackages_1_45)
rustc cargo;
@ -226,7 +232,7 @@ buildStdenv.mkDerivation ({
perl
pkg-config
python3
rust-cbindgen
rust-cbindgen_pkg
rustc
which
unzip

8
pkgs/applications/networking/browsers/firefox/packages.nix
View File

@ -7,10 +7,10 @@ in
rec {
firefox = common rec {
pname = "firefox";
ffversion = "88.0.1";
ffversion = "89.0";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
sha512 = "e2d7fc950ba49f225c83ee1d799d6318fcf16c33a3b7f40b85c49d5b7865f7e632c703e5fd227a303b56e2565d0796283ebb12d7fd1a02781dcaa45e84cea934";
sha512 = "5089720feda15d054d0aa4c3bdeb84760314dadd6381d7360e688d8e396154868220c6315add650d8d2a42652cb8a9bfeb833885812ef0bd70a74ee58ad18aa3";
};
meta = {
@ -32,10 +32,10 @@ rec {
firefox-esr-78 = common rec {
pname = "firefox-esr";
ffversion = "78.10.1esr";
ffversion = "78.11.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
sha512 = "a22773d9b3f0dca253805257f358a906769d23f15115e3a8851024f701e27dee45f056f7d34ebf1fcde0a3f91ec299639c2a12556e938a232cdea9e59835fde1";
sha512 = "d02fc2eda587155b1c54ca12a6c5cde220a29f41f154f1c9b71ae8f966d8cc9439201a5b241e03fc0795b74e2479f7aa5d6b69f70b7639432e5382f321f7a6f4";
};
meta = {

4
pkgs/applications/networking/browsers/qutebrowser/default.nix
View File

@ -31,12 +31,12 @@ let
in mkDerivationWith python3Packages.buildPythonApplication rec {
pname = "qutebrowser";
version = "2.2.2";
version = "2.2.3";
# the release tarballs are different from the git checkout!
src = fetchurl {
url = "https://github.com/qutebrowser/qutebrowser/releases/download/v${version}/${pname}-${version}.tar.gz";
sha256 = "11vjp20gzmdjj09b7wxzn7ar6viih0bk76y618yqsyqqkffylmbq";
sha256 = "sha256-BoP168jxj94nvkrcgC83fPw/TPRsI2PbCooqzWNF62I=";
};
# Needs tox

42
pkgs/applications/networking/cluster/dnsname-cni/default.nix Normal file
View File

@ -0,0 +1,42 @@
{
buildGoModule,
dnsmasq,
fetchFromGitHub,
lib,
nixosTests,
makeWrapper,
}:
buildGoModule rec {
pname = "cni-plugin-dnsname";
version = "1.1.1";
src = fetchFromGitHub {
owner = "containers";
repo = "dnsname";
rev = "v${version}";
sha256 = "090kpq2ppan9ayajdk5vwbvww30nphylgajn2p3441d4jg2nvsm3";
};
nativeBuildInputs = [ makeWrapper ];
postInstall = ''
wrapProgram $out/bin/dnsname --prefix PATH : ${lib.makeBinPath [ dnsmasq ]}
'';
vendorSha256 = null;
subPackages = [ "plugins/meta/dnsname" ];
doCheck = false; # NOTE: requires root privileges
passthru.tests = {
inherit (nixosTests) podman-dnsname;
};
meta = with lib; {
description = "DNS name resolution for containers";
homepage = "https://github.com/containers/dnsname";
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ mikroskeem ];
};
}

4
pkgs/applications/networking/cluster/tilt/default.nix
View File

@ -5,13 +5,13 @@ buildGoModule rec {
/* Do not use "dev" as a version. If you do, Tilt will consider itself
running in development environment and try to serve assets from the
source tree, which is not there once build completes. */
version = "0.18.10";
version = "0.20.5";
src = fetchFromGitHub {
owner = "tilt-dev";
repo = pname;
rev = "v${version}";
sha256 = "sha256-SvvvHGR3UPyV61MaoFB68SaZKUT3ItYOPT1a7AddxlY=";
sha256 = "sha256-pUKKHrShED7yp5WSmHSbS+eiYs22Nm2/ouc2a8WYc38=";
};
vendorSha256 = null;

6
pkgs/applications/networking/instant-messengers/discord/base.nix
View File

@ -23,7 +23,7 @@ in stdenv.mkDerivation rec {
libXScrnSaver
libXtst
libxcb
mesa.drivers
mesa
nss
wrapGAppsHook
];
@ -31,7 +31,7 @@ in stdenv.mkDerivation rec {
dontWrapGApps = true;
libPath = lib.makeLibraryPath [
libcxx systemd libpulseaudio
libcxx systemd libpulseaudio libdrm mesa
stdenv.cc.cc alsaLib atk at-spi2-atk at-spi2-core cairo cups dbus expat fontconfig freetype
gdk-pixbuf glib gtk3 libnotify libX11 libXcomposite libuuid
libXcursor libXdamage libXext libXfixes libXi libXrandr libXrender
@ -50,7 +50,7 @@ in stdenv.mkDerivation rec {
wrapProgram $out/opt/${binaryName}/${binaryName} \
"''${gappsWrapperArgs[@]}" \
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \
--prefix LD_LIBRARY_PATH : ${libPath}
--prefix LD_LIBRARY_PATH : ${libPath}:$out/opt/${binaryName}
ln -s $out/opt/${binaryName}/${binaryName} $out/bin/
ln -s $out/opt/${binaryName}/discord.png $out/share/pixmaps/${pname}.png

12
pkgs/applications/networking/instant-messengers/discord/default.nix
View File

@ -7,30 +7,30 @@ in {
pname = "discord";
binaryName = "Discord";
desktopName = "Discord";
version = "0.0.14";
version = "0.0.15";
src = fetchurl {
url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
sha256 = "1rq490fdl5pinhxk8lkfcfmfq7apj79jzf3m14yql1rc9gpilrf2";
sha256 = "0pn2qczim79hqk2limgh88fsn93sa8wvana74mpdk5n6x5afkvdd";
};
};
ptb = callPackage ./base.nix rec {
pname = "discord-ptb";
binaryName = "DiscordPTB";
desktopName = "Discord PTB";
version = "0.0.23";
version = "0.0.25";
src = fetchurl {
url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz";
sha256 = "0vxz68vldrbmmw1alpwl7blfcy6byd6zg9m0851dm0p0ldyhsp5j";
sha256 = "082ygmsycicddpkv5s03vw3rjkrk4lgprq29z8b1hdjifvw93b21";
};
};
canary = callPackage ./base.nix rec {
pname = "discord-canary";
binaryName = "DiscordCanary";
desktopName = "Discord Canary";
version = "0.0.122";
version = "0.0.123";
src = fetchurl {
url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz";
sha256 = "0ph7gp77wzjpr7nhv13fg64j97dxjwmivshr56ly3kjhmvvanj7k";
sha256 = "0bijwfsd9s4awqkgxd9c2cxh7y5r06vix98qjp0dkv63r6jig8ch";
};
};
}.${branch}

30
pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
View File

@ -2,11 +2,11 @@
, pkg-config, cmake, ninja, python3, wrapGAppsHook, wrapQtAppsHook, removeReferencesTo
, qtbase, qtimageformats, gtk3, libsForQt5, enchant2, lz4, xxHash
, dee, ffmpeg, openalSoft, minizip, libopus, alsaLib, libpulseaudio, range-v3
, tl-expected, hunspell, glibmm, webkitgtk
, tl-expected, hunspell, glibmm, webkitgtk, libtgvoip
# Transitive dependencies:
, pcre, xorg, util-linux, libselinux, libsepol, epoxy
, at-spi2-core, libXtst, libthai, libdatrie
, xdg-utils
, xdg-utils, libsysprof-capture, libpsl, brotli
}:
with lib;
@ -20,27 +20,33 @@ with lib;
let
tg_owt = callPackage ./tg_owt.nix {};
webviewPatch = fetchpatch {
url = "https://raw.githubusercontent.com/archlinux/svntogit-community/013eff77a13b6c2629a04e07a4d09dbe60c8ca48/trunk/fix-webview-includes.patch";
sha256 = "0112zaysf3f02dd4bgqc5hwg66h1bfj8r4yjzb06sfi0pl9vl96l";
};
in mkDerivation rec {
pname = "telegram-desktop";
version = "2.7.4";
version = "2.7.5";
# Telegram-Desktop with submodules
src = fetchurl {
url = "https://github.com/telegramdesktop/tdesktop/releases/download/v${version}/tdesktop-${version}-full.tar.gz";
sha256 = "1cigqvxa8lp79y7sp2w2izmmikxaxzrq9bh5ns3cy16z985nyllp";
sha256 = "sha256-9GxBw5ii9Musjq7D3KMf/P5BA4h690EgXRbhynHwO98=";
};
patches = [
# fixes issue with ffmpeg>=4.4 crashes, hasn't been upstreamed yet
(fetchpatch {
url = "https://raw.githubusercontent.com/gentoo/gentoo/1c91884873968997be4b0c954169d04dc839f1db/net-im/telegram-desktop/files/tdesktop-2.7.4-voice-crash.patch";
sha256 = "sha256-inLXcP70yJlkkmdeXlc3HRL7Vt+Sf00LLJG33gwBKdY=";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/gentoo/gentoo/1c91884873968997be4b0c954169d04dc839f1db/net-im/telegram-desktop/files/tdesktop-2.7.4-voice-ffmpeg44.patch";
sha256 = "sha256-p57LipNf7BDhVvNKRuicVqx0vU6IBL/Cvr5BAfLF4Hs=";
})
];
postPatch = ''
substituteInPlace Telegram/lib_spellcheck/spellcheck/platform/linux/linux_enchant.cpp \
--replace '"libenchant-2.so.2"' '"${enchant2}/lib/libenchant-2.so.2"'
substituteInPlace Telegram/CMakeLists.txt \
--replace '"''${TDESKTOP_LAUNCHER_BASENAME}.appdata.xml"' '"''${TDESKTOP_LAUNCHER_BASENAME}.metainfo.xml"'
patch -d Telegram/lib_webview -p1 < "${webviewPatch}"
'';
# We want to run wrapProgram manually (with additional parameters)
@ -53,10 +59,10 @@ in mkDerivation rec {
qtbase qtimageformats gtk3 libsForQt5.kwayland libsForQt5.libdbusmenu enchant2 lz4 xxHash
dee ffmpeg openalSoft minizip libopus alsaLib libpulseaudio range-v3
tl-expected hunspell glibmm webkitgtk
tg_owt
tg_owt libtgvoip
# Transitive dependencies:
pcre xorg.libpthreadstubs xorg.libXdmcp util-linux libselinux libsepol epoxy
at-spi2-core libXtst libthai libdatrie
at-spi2-core libXtst libthai libdatrie libsysprof-capture libpsl brotli
];
cmakeFlags = [

35
pkgs/applications/networking/irc/weechat/scripts/wee-slack/0001-hardcode-json-file-path.patch
View File

@ -1,35 +0,0 @@
From 5dd2593369645b11a9dc03e1930617d2f5dbd039 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 11 Nov 2020 11:48:49 +0100
Subject: [PATCH] hardcode json file path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
---
wee_slack.py | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/wee_slack.py b/wee_slack.py
index a3d779c..5942289 100644
--- a/wee_slack.py
+++ b/wee_slack.py
@@ -5136,13 +5136,7 @@ def create_slack_debug_buffer():
def load_emoji():
try:
- weechat_dir = w.info_get('weechat_dir', '')
- weechat_sharedir = w.info_get('weechat_sharedir', '')
- local_weemoji, global_weemoji = ('{}/weemoji.json'.format(path)
- for path in (weechat_dir, weechat_sharedir))
- path = (global_weemoji if os.path.exists(global_weemoji) and
- not os.path.exists(local_weemoji) else local_weemoji)
- with open(path, 'r') as ef:
+ with open('@out@/share/wee-slack/weemoji.json', 'r') as ef:
emojis = json.loads(ef.read())
if 'emoji' in emojis:
print_error('The weemoji.json file is in an old format. Please update it.')
--
2.29.0

11
pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "wee-slack";
version = "2.7.0";
version = "2.8.0";
src = fetchFromGitHub {
repo = "wee-slack";
owner = "wee-slack";
rev = "v${version}";
sha256 = "sha256-6Z/H15bKe0PKpNe9PCgc5mLOii3CILCAVon7EgzIkx8=";
sha256 = "0xfklr0gsc9jgxfyrrb2j756lclz9g8imcb0pk0xgyj8mhsw23zk";
};
patches = [
@ -16,10 +16,13 @@ stdenv.mkDerivation rec {
src = ./libpath.patch;
env = "${buildEnv {
name = "wee-slack-env";
paths = with python3Packages; [ websocket_client six ];
paths = with python3Packages; [
websocket_client
six
];
}}/${python3Packages.python.sitePackages}";
})
./0001-hardcode-json-file-path.patch
./load_weemoji_path.patch
];
postPatch = ''

14
pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch
View File

@ -1,13 +1,13 @@
diff --git a/wee_slack.py b/wee_slack.py
index dbe6446..d1b7546 100644
index e4716b4..f673b7c 100644
--- a/wee_slack.py
+++ b/wee_slack.py
@@ -25,6 +25,8 @@ import random
import socket
import string
@@ -31,6 +31,8 @@ import string
# See https://github.com/numpy/numpy/issues/11925
sys.modules["numpy"] = None
+sys.path.append('@env@')
+
from websocket import ABNF, create_connection, WebSocketConnectionClosedException
try:
from websocket import ( # noqa: E402
ABNF,
create_connection,

25
pkgs/applications/networking/irc/weechat/scripts/wee-slack/load_weemoji_path.patch Normal file
View File

@ -0,0 +1,25 @@
diff --git a/wee_slack.py b/wee_slack.py
index e4716b4..ffd122d 100644
--- a/wee_slack.py
+++ b/wee_slack.py
@@ -6092,19 +6092,7 @@ def create_slack_debug_buffer():
def load_emoji():
try:
- weechat_dir = w.info_get("weechat_data_dir", "") or w.info_get(
- "weechat_dir", ""
- )
- weechat_sharedir = w.info_get("weechat_sharedir", "")
- local_weemoji, global_weemoji = (
- "{}/weemoji.json".format(path) for path in (weechat_dir, weechat_sharedir)
- )
- path = (
- global_weemoji
- if os.path.exists(global_weemoji) and not os.path.exists(local_weemoji)
- else local_weemoji
- )
- with open(path, "r") as ef:
+ with open("@out@/share/wee-slack/weemoji.json", "r") as ef:
emojis = json.loads(ef.read())
if "emoji" in emojis:
print_error(

24
pkgs/applications/networking/mailreaders/mblaze/default.nix
View File

@ -1,10 +1,12 @@
{ stdenv, lib, fetchFromGitHub, installShellFiles, libiconv, ruby ? null }:
{ coreutils, fetchFromGitHub, fetchpatch, file, gawk, gnugrep, gnused
, installShellFiles, less, lib, libiconv, makeWrapper, nano, stdenv, ruby
}:
stdenv.mkDerivation rec {
pname = "mblaze";
version = "1.1";
nativeBuildInputs = [ installShellFiles ];
nativeBuildInputs = [ installShellFiles makeWrapper ];
buildInputs = [ ruby ] ++ lib.optionals stdenv.isDarwin [ libiconv ];
src = fetchFromGitHub {
@ -22,6 +24,24 @@ stdenv.mkDerivation rec {
installShellCompletion contrib/_mblaze
'' + lib.optionalString (ruby != null) ''
install -Dt $out/bin contrib/msuck contrib/mblow
# The following wrappings are used to preserve the executable
# names (the value of $0 in a script). The script mcom is
# designed to be run directly or via symlinks such as mrep. Using
# symlinks changes the value of $0 in the script, and makes it
# behave differently. When using the wrapProgram tool, the resulting
# wrapper breaks this behaviour. The following wrappers preserve it.
mkdir -p $out/wrapped
for x in mcom mbnc mfwd mrep; do
mv $out/bin/$x $out/wrapped
makeWrapper $out/wrapped/$x $out/bin/$x \
--argv0 $out/bin/$x \
--prefix PATH : $out/bin \
--prefix PATH : ${lib.makeBinPath [
coreutils file gawk gnugrep gnused
]}
done
'';
meta = with lib; {

10
pkgs/applications/networking/mailreaders/neomutt/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, gettext, makeWrapper, tcl, which
{ lib, stdenv, fetchFromGitHub, gettext, makeWrapper, tcl, which, fetchpatch
, ncurses, perl , cyrus_sasl, gss, gpgme, libkrb5, libidn, libxml2, notmuch, openssl
, lmdb, libxslt, docbook_xsl, docbook_xml_dtd_42, w3m, mailcap, sqlite, zlib
}:
@ -14,6 +14,14 @@ stdenv.mkDerivation rec {
sha256 = "sha256-ADg/+gmndOiuQHsncOzS5K4chthXeUFz6RRJsrZNeZY=";
};
patches = [
(fetchpatch {
name = "CVE-2021-32055.patch";
url = "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc.patch";
sha256 = "0bb7gisjynq3w7hhl6vxa469h609bcz6fkdi8vf740pqrwhk68yn";
})
];
buildInputs = [
cyrus_sasl gss gpgme libkrb5 libidn ncurses
notmuch openssl perl lmdb

2
pkgs/applications/science/math/sage/sagedoc.nix
View File

@ -76,7 +76,7 @@ stdenv.mkDerivation rec {
mv html/en/_static{,.tmp}
for _dir in `find -name _static` ; do
rm -r $_dir
ln -s html/en/_static $_dir
ln -rs html/en/_static $_dir
done
mv html/en/_static{.tmp,}
'';

5
pkgs/applications/science/physics/xfitter/default.nix
View File

@ -16,9 +16,6 @@ stdenv.mkDerivation rec {
./undefined_behavior.patch
];
# patch needs to updated due to version bump
#CXXFLAGS = "-Werror=return-type";
preConfigure =
# Fix F77LD to workaround for a following build error:
#
@ -48,8 +45,6 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
hardeningDisable = [ "format" ];
NIX_CFLAGS_COMPILE = lib.optional (stdenv.hostPlatform.libc == "glibc") "-I${libtirpc.dev}/include/tirpc";
NIX_LDFLAGS = lib.optional (stdenv.hostPlatform.libc == "glibc") "-ltirpc";

10
pkgs/applications/version-management/gitlab/data.json
View File

@ -1,13 +1,13 @@
{
"version": "13.12.0",
"repo_hash": "060bmfvpqh6zdrwdh4lx4xr1nbg0f7hcp8zh6k9qplv48szhj8m9",
"version": "13.12.2",
"repo_hash": "1wzbjw21pan5cfiz1jd03c3w9sgyvmn35f6dm2sr2k54acsw034p",
"owner": "gitlab-org",
"repo": "gitlab",
"rev": "v13.12.0-ee",
"rev": "v13.12.2-ee",
"passthru": {
"GITALY_SERVER_VERSION": "13.12.0",
"GITALY_SERVER_VERSION": "13.12.2",
"GITLAB_PAGES_VERSION": "1.39.0",
"GITLAB_SHELL_VERSION": "13.18.0",
"GITLAB_WORKHORSE_VERSION": "13.12.0"
"GITLAB_WORKHORSE_VERSION": "13.12.2"
}
}

4
pkgs/applications/version-management/gitlab/gitaly/default.nix
View File

@ -21,14 +21,14 @@ let
};
};
in buildGoModule rec {
version = "13.12.0";
version = "13.12.2";
pname = "gitaly";
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
sha256 = "sha256-MGK0WjAeqApf2xUsbF1mtyzYMhJHC5LFtj8LSb0NQKI=";
sha256 = "sha256-jZg/OlecYlGjDxlxsayAuqzptil1OPtyPjOe1WYT0HY=";
};
vendorSha256 = "sha256-drS0L0olEFHYJVC0VYwEZeNYa8fjwrfxlhrEQa4pqzY=";

2
pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
View File

@ -5,7 +5,7 @@ in
buildGoModule rec {
pname = "gitlab-workhorse";
version = "13.12.0";
version = "13.12.2";
src = fetchFromGitLab {
owner = data.owner;

2
pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
View File

@ -139,7 +139,7 @@ GEM
coderay (>= 1.0.0)
erubi (>= 1.0.0)
rack (>= 0.9.0)
bindata (2.4.8)
bindata (2.4.10)
binding_ninja (0.2.3)
bootsnap (1.4.6)
msgpack (~> 1.0)

4
pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
View File

@ -557,10 +557,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1bmlqjb5h1ry6wm2d903d6yxibpqzzxwqczvlicsqv0vilaca5ic";
sha256 = "06lqi4svq5qls9f7nnvd2zmjdqmi2sf82sq78ci5d78fq0z5x2vr";
type = "gem";
};
version = "2.4.8";
version = "2.4.10";
};
binding_ninja = {
groups = ["default" "development" "test"];

27
pkgs/applications/virtualization/arion/arion-compose.nix Normal file
View File

@ -0,0 +1,27 @@
{ mkDerivation, aeson, aeson-pretty, async, base, bytestring
, directory, hspec, lens, lens-aeson, lib, optparse-applicative
, process, protolude, QuickCheck, temporary, text, unix
}:
mkDerivation {
pname = "arion-compose";
version = "0.1.3.0";
sha256 = "9e18448f8489303f0d9fee020ad1ceb896f4e71eedb537c0c0ef0f1f3ade80df";
isLibrary = true;
isExecutable = true;
enableSeparateDataOutput = true;
libraryHaskellDepends = [
aeson aeson-pretty async base bytestring directory lens lens-aeson
process protolude temporary text unix
];
executableHaskellDepends = [
aeson aeson-pretty async base bytestring directory lens lens-aeson
optparse-applicative process protolude temporary text unix
];
testHaskellDepends = [
aeson aeson-pretty async base bytestring directory hspec lens
lens-aeson process protolude QuickCheck temporary text unix
];
homepage = "https://github.com/hercules-ci/arion#readme";
description = "Run docker-compose with help from Nix/NixOS";
license = lib.licenses.asl20;
}

2
pkgs/applications/virtualization/containerd/default.nix
View File

@ -16,7 +16,7 @@ buildGoPackage rec {
owner = "containerd";
repo = "containerd";
rev = "v${version}";
sha256 = "sha256-1u+H/gJaQhltf/pq7uaAPEUlQ5R6ZByall2neNkon8s=";
sha256 = "sha256-jVyg+fyMuDnV/TM0Z2t+Cr17a6XBv11aWijhsqMnA5s=";
};
goPackagePath = "github.com/containerd/containerd";

9
pkgs/applications/virtualization/docker/default.nix
View File

@ -17,6 +17,7 @@ rec {
, btrfs-progs, iptables, e2fsprogs, xz, util-linux, xfsprogs, git
, procps, libseccomp
, nixosTests
, clientOnly ? !stdenv.isLinux
}:
let
docker-runc = runc.overrideAttrs (oldAttrs: {
@ -116,7 +117,7 @@ rec {
++ optional (libseccomp != null) "seccomp";
});
in
buildGoPackage ((optionalAttrs (stdenv.isLinux) {
buildGoPackage ((optionalAttrs (!clientOnly) {
inherit docker-runc docker-containerd docker-proxy docker-tini moby;
@ -137,7 +138,7 @@ rec {
nativeBuildInputs = [
makeWrapper pkg-config go-md2man go libtool installShellFiles
];
buildInputs = optionals (stdenv.isLinux) [
buildInputs = optionals (!clientOnly) [
sqlite lvm2 btrfs-progs systemd libseccomp
] ++ optionals (buildxSupport) [ docker-buildx ];
@ -177,7 +178,7 @@ rec {
makeWrapper $out/libexec/docker/docker $out/bin/docker \
--prefix PATH : "$out/libexec/docker:$extraPath"
'' + optionalString (stdenv.isLinux) ''
'' + optionalString (!clientOnly) ''
# symlink docker daemon to docker cli derivation
ln -s ${moby}/bin/dockerd $out/bin/dockerd
@ -204,7 +205,7 @@ rec {
installManPage man/*/*.[1-9]
'';
passthru.tests = { inherit (nixosTests) docker; };
passthru.tests = lib.optionals (!clientOnly) { inherit (nixosTests) docker; };
meta = {
homepage = "https://www.docker.com/";

10
pkgs/applications/virtualization/driver/win-spice/default.nix
View File

@ -36,15 +36,15 @@ stdenv.mkDerivation {
buildPhase = ''
mkdir -p usbdk/x86 usbdk/amd64
(cd usbdk/x86; ${p7zip}/bin/7z x ${src_usbdk_x86})
(cd usbdk/amd64; ${p7zip}/bin/7z x ${src_usbdk_amd64})
(cd usbdk/x86; ${p7zip}/bin/7z x -y ${src_usbdk_x86})
(cd usbdk/amd64; ${p7zip}/bin/7z x -y ${src_usbdk_amd64})
mkdir -p vdagent/x86 vdagent/amd64
(cd vdagent/x86; ${p7zip}/bin/7z x ${src_vdagent_x86}; mv vdagent_0_7_3_x86/* .; rm -r vdagent_0_7_3_x86)
(cd vdagent/amd64; ${p7zip}/bin/7z x ${src_vdagent_amd64}; mv vdagent_0_7_3_x64/* .; rm -r vdagent_0_7_3_x64)
(cd vdagent/x86; ${p7zip}/bin/7z x -y ${src_vdagent_x86}; mv vdagent_0_7_3_x86/* .; rm -r vdagent_0_7_3_x86)
(cd vdagent/amd64; ${p7zip}/bin/7z x -y ${src_vdagent_amd64}; mv vdagent_0_7_3_x64/* .; rm -r vdagent_0_7_3_x64)
mkdir -p qxlwddm
(cd qxlwddm; ${p7zip}/bin/7z x ${src_qxlwddm}; mv Win8 w8.1; cd w8.1; mv x64 amd64)
(cd qxlwddm; ${p7zip}/bin/7z x -y ${src_qxlwddm}; mv Win8 w8.1; cd w8.1; mv x64 amd64)
'';
installPhase =

15
pkgs/applications/virtualization/podman/default.nix
View File

@ -69,13 +69,26 @@ buildGoModule rec {
installShellCompletion --zsh completions/zsh/*
MANDIR=$man/share/man make install.man-nobuild
'' + lib.optionalString stdenv.isLinux ''
install -Dm644 cni/87-podman-bridge.conflist -t $out/etc/cni/net.d
install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
install -Dm644 contrib/systemd/system/podman.{socket,service} -t $out/lib/systemd/system
'' + ''
runHook postInstall
'';
passthru.tests = { inherit (nixosTests) podman; };
postFixup = lib.optionalString stdenv.isLinux ''
RPATH=$(patchelf --print-rpath $out/bin/podman)
patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman
'';
passthru.tests = {
inherit (nixosTests) podman;
# related modules
inherit (nixosTests)
podman-tls-ghostunnel
podman-dnsname
;
};
meta = with lib; {
homepage = "https://podman.io/";

3
pkgs/applications/virtualization/podman/wrapper.nix
View File

@ -12,6 +12,7 @@
, util-linux # nsenter
, cni-plugins # not added to path
, iptables
, iproute2
}:
let
@ -25,6 +26,7 @@ let
fuse-overlayfs
util-linux
iptables
iproute2
] ++ extraPackages);
in runCommand podman.name {
@ -48,6 +50,7 @@ in runCommand podman.name {
ln -s ${podman.man} $man
mkdir -p $out/bin
ln -s ${podman-unwrapped}/etc $out/etc
ln -s ${podman-unwrapped}/lib $out/lib
ln -s ${podman-unwrapped}/share $out/share
makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \

1
pkgs/build-support/build-pecl.nix
View File

@ -33,4 +33,5 @@ stdenv.mkDerivation (args // {
(dep: "mkdir -p ext; ln -s ${dep.dev}/include ext/${dep.extensionName}")
internalDeps}
'';
checkPhase = "NO_INTERACTON=yes make test";
})

16
pkgs/build-support/docker/default.nix
View File

@ -37,6 +37,10 @@
let
inherit (lib)
optionals
;
mkDbExtraCommand = contents: let
contentsList = if builtins.isList contents then contents else [ contents ];
in ''
@ -532,7 +536,7 @@ rec {
passthru.layer = layer;
passthru.imageTag =
if tag != null
then lib.toLower tag
then tag
else
lib.head (lib.strings.splitString "-" (baseNameOf result.outPath));
# Docker can't be made to run darwin binaries
@ -786,7 +790,11 @@ rec {
fakeRootCommands ? "",
# We pick 100 to ensure there is plenty of room for extension. I
# believe the actual maximum is 128.
maxLayers ? 100
maxLayers ? 100,
# Whether to include store paths in the image. You generally want to leave
# this on, but tooling may disable this to insert the store paths more
# efficiently via other means, such as bind mounting the host store.
includeStorePaths ? true,
}:
assert
(lib.assertMsg (maxLayers > 1)
@ -834,7 +842,9 @@ rec {
'';
};
closureRoots = [ baseJson ] ++ contentsList;
closureRoots = optionals includeStorePaths /* normally true */ (
[ baseJson ] ++ contentsList
);
overallClosure = writeText "closure" (lib.concatStringsSep " " closureRoots);
# These derivations are only created as implementation details of docker-tools,

25
pkgs/build-support/docker/examples.nix
View File

@ -516,4 +516,29 @@ rec {
bash
layeredImageWithFakeRootCommands
];
helloOnRoot = pkgs.dockerTools.streamLayeredImage {
name = "hello";
tag = "latest";
contents = [
(pkgs.buildEnv {
name = "hello-root";
paths = [ pkgs.hello ];
})
];
config.Cmd = [ "hello" ];
};
helloOnRootNoStore = pkgs.dockerTools.streamLayeredImage {
name = "hello";
tag = "latest";
contents = [
(pkgs.buildEnv {
name = "hello-root";
paths = [ pkgs.hello ];
})
];
config.Cmd = [ "hello" ];
includeStorePaths = false;
};
}

159
pkgs/build-support/vm/default.nix
View File

@ -822,45 +822,6 @@ rec {
/* The set of supported Dpkg-based distributions. */
debDistros = {
# Interestingly, the SHA-256 hashes provided by Ubuntu in
# http://nl.archive.ubuntu.com/ubuntu/dists/{gutsy,hardy}/Release are
# wrong, but the SHA-1 and MD5 hashes are correct. Intrepid is fine.
ubuntu1204i386 = {
name = "ubuntu-12.04-precise-i386";
fullName = "Ubuntu 12.04 Precise (i386)";
packagesLists =
[ (fetchurl {
url = "mirror://ubuntu/dists/precise/main/binary-i386/Packages.bz2";
sha256 = "18ns9h4qhvjfcip9z55grzi371racxavgqkp6b5kfkdq2wwwax2d";
})
(fetchurl {
url = "mirror://ubuntu/dists/precise/universe/binary-i386/Packages.bz2";
sha256 = "085lkzbnzkc74kfdmwdc32sfqyfz8dr0rbiifk8kx9jih3xjw2jk";
})
];
urlPrefix = "mirror://ubuntu";
packages = commonDebPackages ++ [ "diffutils" ];
};
ubuntu1204x86_64 = {
name = "ubuntu-12.04-precise-amd64";
fullName = "Ubuntu 12.04 Precise (amd64)";
packagesLists =
[ (fetchurl {
url = "mirror://ubuntu/dists/precise/main/binary-amd64/Packages.bz2";
sha256 = "1aabpn0hdih6cbabyn87yvhccqj44q9k03mqmjsb920iqlckl3fc";
})
(fetchurl {
url = "mirror://ubuntu/dists/precise/universe/binary-amd64/Packages.bz2";
sha256 = "0x4hz5aplximgb7gnpvrhkw8m7a40s80rkm5b8hil0afblwlg4vr";
})
];
urlPrefix = "mirror://ubuntu";
packages = commonDebPackages ++ [ "diffutils" ];
};
ubuntu1404i386 = {
name = "ubuntu-14.04-trusty-i386";
fullName = "Ubuntu 14.04 Trusty (i386)";
@ -929,40 +890,6 @@ rec {
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1710i386 = {
name = "ubuntu-17.10-artful-i386";
fullName = "Ubuntu 17.10 Artful (i386)";
packagesLists =
[ (fetchurl {
url = "mirror://ubuntu/dists/artful/main/binary-i386/Packages.xz";
sha256 = "18yrj4kqdzm39q0527m97h5ing58hkm9yq9iyj636zh2rclym3c8";
})
(fetchurl {
url = "mirror://ubuntu/dists/artful/universe/binary-i386/Packages.xz";
sha256 = "1v0njw2w80xfmxi7by76cs8hyxlla5h3gqajlpdw5srjgx2qrm2g";
})
];
urlPrefix = "mirror://ubuntu";
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1710x86_64 = {
name = "ubuntu-17.10-artful-amd64";
fullName = "Ubuntu 17.10 Artful (amd64)";
packagesLists =
[ (fetchurl {
url = "mirror://ubuntu/dists/artful/main/binary-amd64/Packages.xz";
sha256 = "104g57j1l3vi8wb5f7rgjvjhf82ccs0vwhc59jfc4ynd51z7fqjk";
})
(fetchurl {
url = "mirror://ubuntu/dists/artful/universe/binary-amd64/Packages.xz";
sha256 = "1qzs95wfy9inaskfx9cf1l5yd3aaqwzy72zzi9xyvkxi75k5gcn4";
})
];
urlPrefix = "mirror://ubuntu";
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
ubuntu1804i386 = {
name = "ubuntu-18.04-bionic-i386";
fullName = "Ubuntu 18.04 Bionic (i386)";
@ -997,51 +924,83 @@ rec {
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
debian8i386 = {
name = "debian-8.11-jessie-i386";
fullName = "Debian 8.11 Jessie (i386)";
packagesList = fetchurl {
url = "mirror://debian/dists/jessie/main/binary-i386/Packages.xz";
sha256 = "0adblarhx50yga900il6m25ng0csa81i3wid1dxxmydbdmri7v7d";
};
urlPrefix = "mirror://debian";
packages = commonDebianPackages;
ubuntu2004i386 = {
name = "ubuntu-20.04-focal-i386";
fullName = "Ubuntu 20.04 Focal (i386)";
packagesLists =
[ (fetchurl {
url = "mirror://ubuntu/dists/focal/main/binary-i386/Packages.xz";
sha256 = "sha256-7RAYURoN3RKYQAHpwBS9TIV6vCmpURpphyMJQmV4wLc=";
})
(fetchurl {
url = "mirror://ubuntu/dists/focal/universe/binary-i386/Packages.xz";
sha256 = "sha256-oA551xVE80volUPgkMyvzpQ1d+GhuZd4DAe7dXZnULM=";
})
];
urlPrefix = "mirror://ubuntu";
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
debian8x86_64 = {
name = "debian-8.11-jessie-amd64";
fullName = "Debian 8.11 Jessie (amd64)";
packagesList = fetchurl {
url = "mirror://debian/dists/jessie/main/binary-amd64/Packages.xz";
sha256 = "09y1mv4kqllhxpk1ibjsyl5jig5bp0qxw6pp4sn56rglrpygmn5x";
};
urlPrefix = "mirror://debian";
packages = commonDebianPackages;
ubuntu2004x86_64 = {
name = "ubuntu-20.04-focal-amd64";
fullName = "Ubuntu 20.04 Focal (amd64)";
packagesLists =
[ (fetchurl {
url = "mirror://ubuntu/dists/focal/main/binary-amd64/Packages.xz";
sha256 = "sha256-d1eSH/j+7Zw5NKDJk21EG6SiOL7j6myMHfXLzUP8mGE=";
})
(fetchurl {
url = "mirror://ubuntu/dists/focal/universe/binary-amd64/Packages.xz";
sha256 = "sha256-RqdG2seJvZU3rKVNsWgLnf9RwkgVMRE1A4IZnX2WudE=";
})
];
urlPrefix = "mirror://ubuntu";
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
debian9i386 = {
name = "debian-9.8-stretch-i386";
fullName = "Debian 9.8 Stretch (i386)";
name = "debian-9.13-stretch-i386";
fullName = "Debian 9.13 Stretch (i386)";
packagesList = fetchurl {
url = "http://snapshot.debian.org/archive/debian/20200301T030401Z/dists/stretch/main/binary-i386/Packages.xz";
sha256 = "1jglr1d1jys3xddp8f7w9j05db39fah8xy4gfkpqbd1b5d2caslz";
url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/stretch/main/binary-i386/Packages.xz";
sha256 = "sha256-fFRumd20wuVaYxzw0VPkAw5mQo8kIg+eXII15VSz9wA=";
};
urlPrefix = "mirror://debian";
packages = commonDebianPackages;
};
debian9x86_64 = {
name = "debian-9.8-stretch-amd64";
fullName = "Debian 9.8 Stretch (amd64)";
name = "debian-9.13-stretch-amd64";
fullName = "Debian 9.13 Stretch (amd64)";
packagesList = fetchurl {
url = "http://snapshot.debian.org/archive/debian/20190503T090946Z/dists/stretch/main/binary-amd64/Packages.xz";
sha256 = "01q00nl47p12n7wx0xclx59wf3zlkzrgj3zxpshyvb91xdnw5sh6";
url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/stretch/main/binary-amd64/Packages.xz";
sha256 = "sha256-1p4DEVpTGlBE3PtbQ90kYw4QNHkW0F4rna/Xz+ncMhw=";
};
urlPrefix = "mirror://debian";
packages = commonDebianPackages;
};
debian10i386 = {
name = "debian-10.9-buster-i386";
fullName = "Debian 10.9 Buster (i386)";
packagesList = fetchurl {
url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/buster/main/binary-i386/Packages.xz";
sha256 = "sha256-zlkbKV+IGBCyWKD4v4LFM/EUA4TYS9fkLBPuF6MgUDo=";
};
urlPrefix = "mirror://debian";
packages = commonDebianPackages;
};
debian10x86_64 = {
name = "debian-10.9-buster-amd64";
fullName = "Debian 10.9 Buster (amd64)";
packagesList = fetchurl {
url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/buster/main/binary-amd64/Packages.xz";
sha256 = "sha256-k13toY1b3CX7GBPQ7Jm24OMqCEsgPlGK8M99x57o69o=";
};
urlPrefix = "mirror://debian";
packages = commonDebianPackages;
};
};
@ -1168,7 +1127,7 @@ rec {
"passwd"
];
commonDebianPackages = commonDebPackages ++ [ "sysvinit" "diff" "mktemp" ];
commonDebianPackages = commonDebPackages ++ [ "sysvinit" "diff" ];
/* A set of functions that build the Linux distributions specified

4
pkgs/development/beam-modules/default.nix
View File

@ -73,7 +73,6 @@ let
# https://hexdocs.pm/elixir/compatibility-and-deprecations.html
lfe = lfe_1_3;
lfe_1_2 = lib'.callLFE ../interpreters/lfe/1.2.nix { inherit erlang buildRebar3 buildHex; };
lfe_1_3 = lib'.callLFE ../interpreters/lfe/1.3.nix { inherit erlang buildRebar3 buildHex; };
# Non hex packages. Examples how to build Rebar/Mix packages with and
@ -81,9 +80,6 @@ let
hex = callPackage ./hex { };
webdriver = callPackage ./webdriver { };
relxExe = callPackage ../tools/erlang/relx-exe { };
# An example of Erlang/C++ package.
cuter = callPackage ../tools/erlang/cuter { };
};
in
makeExtensible packages

12
pkgs/development/compilers/halide/default.nix
View File

@ -41,7 +41,17 @@ llvmPackages.stdenv.mkDerivation rec {
# Note: only openblas and not atlas part of this Nix expression
# see pkgs/development/libraries/science/math/liblapack/3.5.0.nix
# to get a hint howto setup atlas instead of openblas
buildInputs = [ llvmPackages.llvm libpng libjpeg mesa eigen openblas ];
buildInputs = [
llvmPackages.llvm
llvmPackages.lld
llvmPackages.openmp
llvmPackages.libclang
libpng
libjpeg
mesa
eigen
openblas
];
nativeBuildInputs = [ cmake ];

6
pkgs/development/haskell-modules/cabal2nix-unstable.nix
View File

@ -8,10 +8,10 @@
}:
mkDerivation {
pname = "cabal2nix";
version = "unstable-2021-05-06";
version = "unstable-2021-05-28";
src = fetchzip {
url = "https://github.com/NixOS/cabal2nix/archive/b598bc4682b0827554b5780acdd6f948d320283b.tar.gz";
sha256 = "04afm56cyhj2l41cvq4z11k92jjchr21a8vg9pjaz438pma7jgw1";
url = "https://github.com/NixOS/cabal2nix/archive/5fb325e094af91328e02cc2ecfd211feaeb135a7.tar.gz";
sha256 = "1zbd336s99rgk24yjqlp012d0f66s5nf190sjmsl7mfhqx9j2y4l";
};
isLibrary = true;
isExecutable = true;

29
pkgs/development/haskell-modules/configuration-common.nix
View File

@ -1156,6 +1156,23 @@ self: super: {
# Therefore we jailbreak it.
hakyll-contrib-hyphenation = doJailbreak super.hakyll-contrib-hyphenation;
# Jailbreak due to bounds on multiple dependencies,
# bound on pandoc needs to be patched since it is conditional
hakyll = doJailbreak (overrideCabal super.hakyll (drv: {
patches = [
# Remove when Hakyll > 4.14.0.0
(pkgs.fetchpatch {
url = "https://github.com/jaspervdj/hakyll/commit/0dc6127d81ff688e27c36ce469230320eee60246.patch";
sha256 = "sha256-YyRz3bAmIBODTEeS5kGl2J2x31SjiPoLzUZUlo3nHvQ=";
})
# Remove when Hakyll > 4.14.0.0
(pkgs.fetchpatch {
url = "https://github.com/jaspervdj/hakyll/commit/af9e29b5456c105dc948bc46c93e989a650b5ed1.patch";
sha256 = "sha256-ghc0V5L9OybNHWKmM0vhjRBN2rIvDlp+ClcK/aQst44=";
})
];
}));
# 2020-06-22: NOTE: > 0.4.0 => rm Jailbreak: https://github.com/serokell/nixfmt/issues/71
nixfmt = doJailbreak super.nixfmt;
@ -1207,14 +1224,10 @@ self: super: {
hasql-notifications = dontCheck super.hasql-notifications;
hasql-pool = dontCheck super.hasql-pool;
# This bumps optparse-applicative to <0.16 in the cabal file, as otherwise
# the version bounds are not satisfied. This can be removed if the PR at
# https://github.com/ananthakumaran/webify/pull/27 is merged and a new
# release of webify is published.
webify = appendPatch super.webify (pkgs.fetchpatch {
url = "https://github.com/ananthakumaran/webify/pull/27/commits/6d653e7bdc1ffda75ead46851b5db45e87cb2aa0.patch";
sha256 = "0xbfhzhzg94b4r5qy5dg1c40liswwpqarrc2chcwgfbfnrmwkfc2";
});
# We jailbreak webify, as optparse-applicative evolved past the version bound
# and the corresponding (and outdated) PR was not merged for a year.
# https://github.com/ananthakumaran/webify/pull/27
webify = doJailbreak super.webify;
# hasnt bumped upper bounds
# upstream: https://github.com/obsidiansystems/which/pull/6

3
pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
View File

@ -1675,7 +1675,6 @@ broken-packages:
- grasp
- gray-code
- greencard
- greenclip
- greg-client
- gremlin-haskell
- Grempa
@ -1745,7 +1744,6 @@ broken-packages:
- hakismet
- hakka
- hako
- hakyll
- hakyll-shortcode
- HaLeX
- halfs
@ -5026,7 +5024,6 @@ broken-packages:
- web-encodings
- WeberLogic
- webfinger-client
- webify
- webkit-javascriptcore
- webmention
- web-output

22
pkgs/development/haskell-modules/hackage-packages.nix generated
View File

@ -41557,7 +41557,7 @@ self: {
license = lib.licenses.bsd3;
hydraPlatforms = lib.platforms.none;
broken = true;
}) {wlc = null;};
}) {inherit (pkgs) wlc;};
"bindings-yices" = callPackage
({ mkDerivation, base, gmp, yices }:
@ -110752,9 +110752,9 @@ self: {
"greenclip" = callPackage
({ mkDerivation, base, binary, bytestring, directory, exceptions
, hashable, libXau, microlens, microlens-mtl, protolude, text
, tomland, unix, vector, wordexp, X11, xcb, xdmcp, xlibsWrapper
, xscrnsaver
, hashable, libXau, libXScrnSaver, microlens, microlens-mtl
, protolude, text, tomland, unix, vector, wordexp, X11, xcb, xdmcp
, xlibsWrapper
}:
mkDerivation {
pname = "greenclip";
@ -110767,14 +110767,12 @@ self: {
microlens-mtl protolude text tomland unix vector wordexp X11
];
executablePkgconfigDepends = [
libXau xcb xdmcp xlibsWrapper xscrnsaver
libXau libXScrnSaver xcb xdmcp xlibsWrapper
];
description = "Simple clipboard manager to be integrated with rofi";
license = lib.licenses.bsd3;
hydraPlatforms = lib.platforms.none;
broken = true;
}) {inherit (pkgs.xorg) libXau; xcb = null; xdmcp = null;
inherit (pkgs) xlibsWrapper; xscrnsaver = null;};
}) {inherit (pkgs.xorg) libXScrnSaver; inherit (pkgs.xorg) libXau;
xcb = null; xdmcp = null; inherit (pkgs) xlibsWrapper;};
"greg-client" = callPackage
({ mkDerivation, base, binary, bytestring, clock, hostname, network
@ -114775,8 +114773,6 @@ self: {
testToolDepends = [ utillinux ];
description = "A static website compiler library";
license = lib.licenses.bsd3;
hydraPlatforms = lib.platforms.none;
broken = true;
}) {inherit (pkgs) utillinux;};
"hakyll-R" = callPackage
@ -278699,8 +278695,6 @@ self: {
];
description = "webfont generator";
license = lib.licenses.mit;
hydraPlatforms = lib.platforms.none;
broken = true;
}) {};
"webkit" = callPackage
@ -280226,7 +280220,7 @@ self: {
description = "Haskell bindings for the wlc library";
license = lib.licenses.isc;
hydraPlatforms = lib.platforms.none;
}) {wlc = null;};
}) {inherit (pkgs) wlc;};
"wobsurv" = callPackage
({ mkDerivation, aeson, attoparsec, base-prelude, bytestring

12
pkgs/development/haskell-modules/non-hackage-packages.nix
View File

@ -36,4 +36,16 @@ self: super: {
# Unofficial fork until PRs are merged https://github.com/pcapriotti/optparse-applicative/pulls/roberth
# cabal2nix --maintainer roberth https://github.com/hercules-ci/optparse-applicative.git > pkgs/development/misc/haskell/hercules-ci-optparse-applicative.nix
hercules-ci-optparse-applicative = self.callPackage ../misc/haskell/hercules-ci-optparse-applicative.nix {};
#
# Backports
#
# This file overrides packages in `hackage-packages.nix`.
# Backport arion, to support Podman instead of Docker, for those who need NixOS-based containers.
# Generated with:
# nix-shell -I nixpkgs=$PWD -p cabal-install -p cabal2nix --run 'cabal update; cabal2nix cabal://arion-compose > pkgs/applications/virtualization/arion/arion-compose.nix'
arion-compose = self.callPackage ../../applications/virtualization/arion/arion-compose.nix {};
}

34
pkgs/development/interpreters/erlang/R18.nix
View File

@ -1,34 +0,0 @@
{ mkDerivation, fetchpatch }:
let
rmAndPwdPatch = fetchpatch {
url = "https://github.com/erlang/otp/commit/98b8650d22e94a5ff839170833f691294f6276d0.patch";
sha256 = "0zjs7as83prgq4d5gaw2cmnajnsprdk8cjl5kklknx0pc2b3hfg5";
};
envAndCpPatch = fetchpatch {
url = "https://github.com/erlang/otp/commit/9f9841eb7327c9fe73e84e197fd2965a97b639cf.patch";
sha256 = "00fx5wc88ki3z71z5q4xzi9h3whhjw1zblpn09w995ygn07m9qhm";
};
makeOrderingPatch = fetchpatch {
url = "https://github.com/erlang/otp/commit/2f1a37f1011ff9d129bc35a6efa0ab937a2aa0e9.patch";
sha256 = "0xfa6hzxh9d7qllkyidcgh57xrrx11w65y7s1hyg52alm06l6b9n";
};
makeParallelInstallPatch = fetchpatch {
url ="https://github.com/erlang/otp/commit/de8fe86f67591dd992bae33f7451523dab36e5bd.patch";
sha256 = "1cj9fjhdng6yllajjm3gkk04ag9bwyb3n70hrb5nk6c292v8a45c";
};
in mkDerivation {
version = "18.3.4.11";
sha256 = "190xbv77v5x2g8xkzdg9bpwa1ylkc18d03ag2a0frcwcv76x53k1";
patches = [
rmAndPwdPatch
envAndCpPatch
makeOrderingPatch
makeParallelInstallPatch
];
}

19
pkgs/development/interpreters/erlang/R19.nix
View File

@ -1,19 +0,0 @@
{ mkDerivation, fetchpatch }:
mkDerivation {
version = "19.3.6.13";
sha256 = "1zbg54p7pdr8bjyrxvi7vs41vgamqa8lsynnm6ac6845q0xwpwid";
patches = [
# macOS 10.13 crypto fix from OTP-20.1.2
(fetchpatch {
name = "darwin-crypto.patch";
url = "https://github.com/erlang/otp/commit/882c90f72ba4e298aa5a7796661c28053c540a96.patch";
sha256 = "1gggzpm8ssamz6975z7px0g8qq5i4jqw81j846ikg49c5cxvi0hi";
})
];
prePatch = ''
substituteInPlace configure.in --replace '`sw_vers -productVersion`' "''${MACOSX_DEPLOYMENT_TARGET:-10.12}"
'';
}

10
pkgs/development/interpreters/erlang/R20.nix
View File

@ -1,10 +0,0 @@
{ mkDerivation }:
mkDerivation {
version = "20.3.8.26";
sha256 = "062405s59hkdkmw2dryq0qc1k03jsncj7yqisgj35x9sqpzm4w7a";
prePatch = ''
substituteInPlace configure.in --replace '`sw_vers -productVersion`' "''${MACOSX_DEPLOYMENT_TARGET:-10.12}"
'';
}

4
pkgs/development/interpreters/lua-5/default.nix
View File

@ -3,8 +3,8 @@
rec {
lua5_4 = callPackage ./interpreter.nix {
sourceVersion = { major = "5"; minor = "4"; patch = "2"; };
hash = "0ksj5zpj74n0jkamy3di1p6l10v4gjnd2zjnb453qc6px6bhsmqi";
sourceVersion = { major = "5"; minor = "4"; patch = "3"; };
hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq";
patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch;
};

12
pkgs/development/libraries/arrow-cpp/default.nix
View File

@ -22,12 +22,12 @@ let
in stdenv.mkDerivation rec {
pname = "arrow-cpp";
version = "4.0.0";
version = "4.0.1";
src = fetchurl {
url =
"mirror://apache/arrow/arrow-${version}/apache-arrow-${version}.tar.gz";
sha256 = "1bj9jr0pgq9f2nyzqiyj3cl0hcx3c83z2ym6rpdkp59ff2zx0caa";
sha256 = "0vl926i6jvsvj5vigdgqzp9v1i1h5zzj1abqr6qwc9drfsibzk3m";
};
sourceRoot = "apache-arrow-${version}/cpp";
@ -146,11 +146,11 @@ in stdenv.mkDerivation rec {
--exclude-regex '^(${builtins.concatStringsSep "|" excludedTests})$'
'';
meta = {
meta = with lib; {
description = "A cross-language development platform for in-memory data";
homepage = "https://arrow.apache.org/";
license = lib.licenses.asl20;
platforms = lib.platforms.unix;
maintainers = with lib.maintainers; [ tobim veprbl ];
license = licenses.asl20;
platforms = platforms.unix;
maintainers = with maintainers; [ tobim veprbl ];
};
}

10
pkgs/development/libraries/lasso/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, autoconf, automake, autoreconfHook, fetchurl, glib, gobject-introspection, gtk-doc, libtool, libxml2, libxslt, openssl, pkg-config, python27Packages, xmlsec, zlib }:
{ lib, stdenv, autoconf, automake, autoreconfHook, fetchurl, fetchpatch, glib, gobject-introspection, gtk-doc, libtool, libxml2, libxslt, openssl, pkg-config, python27Packages, xmlsec, zlib }:
stdenv.mkDerivation rec {
@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
};
patches = [
(fetchpatch {
name = "CVE-2021-28091.patch";
url = "https://git.entrouvert.org/lasso.git/patch/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a";
sha256 = "0070x01pir30hsb21mp69pf9pxingadl3y4w0afw07a5c57drhn4";
})
];
nativeBuildInputs = [ autoreconfHook pkg-config ];
buildInputs = [ autoconf automake glib gobject-introspection gtk-doc libtool libxml2 libxslt openssl python27Packages.six xmlsec zlib ];

11
pkgs/development/libraries/libccd/default.nix
View File

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, cmake }:
{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake }:
stdenv.mkDerivation rec {
pname = "libccd";
@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
sha256 = "0sfmn5pd7k5kyhbxnd689xmsa5v843r7sska96dlysqpljd691jc";
};
patches = [
# Fix pkgconfig file with absolute CMAKE_INSTALL_*DIR
# https://github.com/danfis/libccd/pull/76
(fetchpatch {
url = "https://github.com/danfis/libccd/commit/cd16c4f168ae308e4c77db66ac97a2eaf47e059e.patch";
sha256 = "02wj21c185kwf8bn4qi4cnna0ypzqm481xw9rr8jy1i0cb1r9idg";
})
];
nativeBuildInputs = [ cmake ];
meta = with lib; {

13
pkgs/development/libraries/libiio/cmake-fix-libxml2-find-package.patch Normal file
View File

@ -0,0 +1,13 @@
diff --color -ur a/CMakeLists.txt b/CMakeLists.txt
--- a/CMakeLists.txt 2021-05-30 13:46:22.256040282 +0200
+++ b/CMakeLists.txt 2021-05-30 14:15:42.530181216 +0200
@@ -333,7 +333,7 @@
# So, try first to find the CMake module provided by libxml2 package, then fallback
# on the CMake's FindLibXml2.cmake module (which can lack some definition, especially
# in static build case).
-find_package(LibXml2 QUIET NO_MODULE)
+find_package(LibXml2 QUIET MODULE)
if(DEFINED LIBXML2_VERSION_STRING)
set(LIBXML2_FOUND ON)
set(LIBXML2_INCLUDE_DIR ${LIBXML2_INCLUDE_DIRS})
Seulement dans b: good.patch

4
pkgs/development/libraries/libiio/default.nix
View File

@ -23,6 +23,10 @@ stdenv.mkDerivation rec {
sha256 = "0psw67mzysdb8fkh8xpcwicm7z94k8plkcc8ymxyvl6inshq0mc7";
};
# Revert after https://github.com/NixOS/nixpkgs/issues/125008 is
# fixed properly
patches = [ ./cmake-fix-libxml2-find-package.patch ];
nativeBuildInputs = [
cmake
flex

2
pkgs/development/libraries/libraspberrypi/default.nix
View File

@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
patches = [
(fetchpatch {
# https://github.com/raspberrypi/userland/pull/670
url = "https://github.com/raspberrypi/userland/pull/670/commits/37cb44f314ab1209fe2a0a2449ef78893b1e5f62.patch";
url = "https://github.com/raspberrypi/userland/commit/37cb44f314ab1209fe2a0a2449ef78893b1e5f62.patch";
sha256 = "1fbrbkpc4cc010ji8z4ll63g17n6jl67kdy62m74bhlxn72gg9rw";
})
];

4
pkgs/development/libraries/libxlsxwriter/default.nix
View File

@ -8,13 +8,13 @@
stdenv.mkDerivation rec {
pname = "libxlsxwriter";
version = "1.0.5";
version = "1.0.6";
src = fetchFromGitHub {
owner = "jmcnamara";
repo = "libxlsxwriter";
rev = "RELEASE_${version}";
sha256 = "1jjmwg1mk7pvf36q30rng42qphgz6qdjvn96agrym2q0hhwxc99v";
sha256 = "03fdcbm0xnkxwv6fir4yy4x9q2p5h08j099w9xh5gc2ni7ygjlyx";
};
nativeBuildInputs = [

7
pkgs/development/libraries/polkit/default.nix
View File

@ -34,6 +34,13 @@ stdenv.mkDerivation rec {
url = "https://gitlab.freedesktop.org/polkit/polkit/commit/5dd4e22efd05d55833c4634b56e473812b5acbf2.patch";
sha256 = "17lv7xj5ksa27iv4zpm4zwd4iy8zbwjj4ximslfq3sasiz9kxhlp";
})
(fetchpatch {
# https://www.openwall.com/lists/oss-security/2021/06/03/1
# https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/79
name = "CVE-2021-3560.patch";
url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81.patch";
sha256 = "157ddsizgr290jsb8fpafrc37gc1qw5pdvl351vnn3pzhqs7n6f4";
})
] ++ lib.optionals stdenv.hostPlatform.isMusl [
# Make netgroup support optional (musl does not have it)
# Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10

6
pkgs/development/ocaml-modules/tyxml/default.nix
View File

@ -2,13 +2,13 @@
buildDunePackage rec {
pname = "tyxml";
version = "4.4.0";
version = "4.5.0";
useDune2 = true;
src = fetchurl {
url = "https://github.com/ocsigen/tyxml/releases/download/${version}/tyxml-${version}.tbz";
sha256 = "0c150h2f4c4id73ickkdqkir3jya66m6c7f5jxlp4caw9bfr8qsi";
sha256 = "0s30f72m457c3gbdmdwbx7ls9zg806nvm83aiz9qkpglbppwr6n6";
};
propagatedBuildInputs = [ uutf re ];
@ -19,7 +19,7 @@ buildDunePackage rec {
license = licenses.lgpl21;
maintainers = with maintainers; [
gal_bolle vbgl
];
];
};
}

5
pkgs/development/python-modules/adblock/default.nix
View File

@ -8,6 +8,7 @@
, openssl
, publicsuffix-list
, isPy27
, libiconv
, CoreFoundation
, Security
}:
@ -37,7 +38,7 @@ buildPythonPackage rec {
++ (with rustPlatform; [ cargoSetupHook maturinBuildHook ]);
buildInputs = [ openssl ]
++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
++ lib.optionals stdenv.isDarwin [ libiconv CoreFoundation Security ];
PSL_PATH = "${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat";
@ -49,7 +50,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Python wrapper for Brave's adblocking library, which is written in Rust";
homepage = "https://github.com/ArniDagur/python-adblock/";
maintainers = with maintainers; [ petabyteboy ];
maintainers = with maintainers; [ petabyteboy dotlambda ];
license = with licenses; [ asl20 mit ];
};
}

47
pkgs/development/python-modules/click-option-group/default.nix Normal file
View File

@ -0,0 +1,47 @@
{ lib
, buildPythonPackage
, pythonOlder
, fetchFromGitHub
, click
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "click-option-group";
version = "0.5.3";
format = "setuptools";
disabled = pythonOlder "3.6";
src = fetchFromGitHub {
owner = "click-contrib";
repo = pname;
rev = "v${version}";
sha256 = "1w0692s8fabncpggpwl2d4dfqjjlmcia271rrb8hcz0r6nvw98ak";
};
propagatedBuildInputs = [
click
];
checkInputs = [
pytestCheckHook
];
pythonImportsCheck = [
"click_option_group"
];
meta = with lib; {
description = "Option groups missing in Click";
longDescription = ''
Option groups are convenient mechanism for logical structuring
CLI, also it allows you to set the specific behavior and set the
relationship among grouped options (mutually exclusive options
for example). Moreover, argparse stdlib package contains this
functionality out of the box.
'';
homepage = "https://github.com/click-contrib/click-option-group";
license = licenses.bsd3;
maintainers = with maintainers; [ hexa ];
};
}

5
pkgs/development/python-modules/drf-jwt/default.nix
View File

@ -3,18 +3,17 @@
, fetchFromGitHub
, pyjwt
, djangorestframework
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "drf-jwt";
version = "1.19.0";
version = "1.19.1";
src = fetchFromGitHub {
owner = "Styria-Digital";
repo = "django-rest-framework-jwt";
rev = version;
sha256 = "012rmm25w5gvkzi4lyyhn47y1n6g68q9gasga2mkv9i6mn8n4kp7";
sha256 = "sha256-++8rFXVsA5WMTt+aC4di3Rpa0BAW285/qM087i9uQ0g=";
};
propagatedBuildInputs = [

2
pkgs/development/python-modules/hdbscan/default.nix
View File

@ -40,6 +40,8 @@ buildPythonPackage rec {
"test_mem_vec_diff_clusters"
"test_all_points_mem_vec_diff_clusters"
"test_approx_predict_diff_clusters"
# another flaky test https://github.com/scikit-learn-contrib/hdbscan/issues/421
"test_hdbscan_boruvka_balltree_matches"
];
meta = with lib; {

5
pkgs/development/python-modules/pywemo/default.nix
View File

@ -47,11 +47,6 @@ buildPythonPackage rec {
pytestCheckHook
];
disabledTests = [
# https://github.com/NixOS/nixpkgs/issues/124165
"test_bridge_getdevicestatus"
];
pythonImportsCheck = [ "pywemo" ];
meta = with lib; {

4
pkgs/development/tools/analysis/radare2/default.nix
View File

@ -28,13 +28,13 @@
stdenv.mkDerivation rec {
pname = "radare2";
version = "5.2.1";
version = "5.3.0";
src = fetchFromGitHub {
owner = "radare";
repo = "radare2";
rev = version;
sha256 = "0n3k190qjhdlj10fjqijx6ismz0g7fk28i83j0480cxdqgmmlbxc";
sha256 = "sha256-xndnRVlqTB/NH1ROo7xkftLP7DufsJu4CCA9MCOEeng=";
};
postInstall = ''

12
pkgs/development/tools/delve/default.nix
View File

@ -1,4 +1,4 @@
{ lib, buildGoPackage, fetchFromGitHub }:
{ lib, buildGoPackage, fetchFromGitHub, makeWrapper }:
buildGoPackage rec {
pname = "delve";
@ -14,6 +14,16 @@ buildGoPackage rec {
sha256 = "sha256-bTVCasemE8Vyjcs8wZBiiXEsW3UBndjpPQ5bi+4vQkw=";
};
subPackages = [ "cmd/dlv" ];
nativeBuildInputs = [ makeWrapper ];
postInstall = ''
# fortify source breaks build since delve compiles with -O0
wrapProgram $out/bin/dlv \
--prefix disableHardening " " fortify
'';
meta = with lib; {
description = "debugger for the Go programming language";
homepage = "https://github.com/derekparker/delve";

46
pkgs/development/tools/erlang/cuter/default.nix
View File

@ -1,46 +0,0 @@
{ lib, stdenv, autoreconfHook, which, writeText, makeWrapper, fetchFromGitHub, erlang
, z3, python }:
stdenv.mkDerivation rec {
pname = "cuter";
version = "0.1";
src = fetchFromGitHub {
owner = "aggelgian";
repo = "cuter";
rev = "v${version}";
sha256 = "1ax1pj6ji4w2mg3p0nh2lzmg3n9mgfxk4cf07pll51yrcfpfrnfv";
};
setupHook = writeText "setupHook.sh" ''
addToSearchPath ERL_LIBS "$1/lib/erlang/lib/"
'';
nativeBuildInputs = [ autoreconfHook makeWrapper which ];
buildInputs = [ python python.pkgs.setuptools z3.python erlang ];
buildFlags = [ "PWD=$(out)/lib/erlang/lib/cuter-${version}" "cuter_target" ];
configurePhase = ''
autoconf
./configure --prefix $out
'';
installPhase = ''
mkdir -p "$out/lib/erlang/lib/cuter-${version}"
mkdir -p "$out/bin"
cp -r * "$out/lib/erlang/lib/cuter-${version}"
cp cuter "$out/bin/cuter"
wrapProgram $out/bin/cuter \
--prefix PATH : "${python}/bin" \
--suffix PYTHONPATH : "${z3}/${python.sitePackages}" \
--suffix ERL_LIBS : "$out/lib/erlang/lib"
'';
meta = {
description = "A concolic testing tool for the Erlang functional programming language";
license = lib.licenses.gpl3;
homepage = "https://github.com/aggelgian/cuter";
maintainers = with lib.maintainers; [ ericbmerritt ];
platforms = with lib.platforms; unix;
};
}

6
pkgs/development/tools/ijq/default.nix
View File

@ -2,15 +2,15 @@
buildGoModule rec {
pname = "ijq";
version = "0.2.3";
version = "0.3.4";
src = fetchgit {
url = "https://git.sr.ht/~gpanders/ijq";
rev = "v${version}";
sha256 = "14n54jh5387jf97zhc7aidn7w60zp5624xbvq4jdbsh96apg3bk1";
sha256 = "ZKxEK6SPxEC0S5yXSzITPn0HhpJa4Bcf9X8/N+ZZAeA=";
};
vendorSha256 = "0xbni6lk6y3ig7pj2234fv7ra6b8qv0k8m3bvh59wwans8xpihzb";
vendorSha256 = "04KlXE2I8ZVDbyo9tBnFskLB6fo5W5/lPzSpo8KGqUU=";
nativeBuildInputs = [ makeWrapper ];

38
pkgs/development/tools/rust/cbindgen/latest.nix Normal file
View File

@ -0,0 +1,38 @@
{ lib, stdenv, fetchFromGitHub, rustPlatform, python3Packages, Security }:
rustPlatform.buildRustPackage rec {
pname = "rust-cbindgen";
version = "0.19.0";
src = fetchFromGitHub {
owner = "eqrion";
repo = "cbindgen";
rev = "v${version}";
sha256 = "0753dklr5lm1dmk6hy5khh8k3xyr5srfsq11l07685h71j7z0r00";
};
cargoSha256 = "0qyw0iqin7i31kk23ddsmywk7z0xxpd5n4q6dr6mf44y35a8krm8";
buildInputs = lib.optional stdenv.isDarwin Security;
checkInputs = [
python3Packages.cython
];
checkFlags = [
# Disable tests that require rust unstable features
# https://github.com/eqrion/cbindgen/issues/338
"--skip test_expand"
"--skip test_bitfield"
"--skip lib_default_uses_debug_build"
"--skip lib_explicit_debug_build"
"--skip lib_explicit_release_build"
];
meta = with lib; {
description = "A project for generating C bindings from Rust code";
homepage = "https://github.com/eqrion/cbindgen";
license = licenses.mpl20;
maintainers = with maintainers; [ jtojnar ];
};
}

4
pkgs/development/tools/stagit/default.nix
View File

@ -2,12 +2,12 @@
stdenv.mkDerivation rec {
pname = "stagit";
version = "0.9.5";
version = "0.9.6";
src = fetchgit {
url = "git://git.codemadness.org/stagit";
rev = version;
sha256 = "1wlx5k0v464fr1ifjv04v7ccwb559s54xpsbxdda4whyx1v0fbq4";
sha256 = "sha256-0vkdxtKZv7LyEHKGPrB4uOI2lD74+haelEanq2sOjkE=";
};
makeFlags = [ "PREFIX=$(out)" ];

6
pkgs/development/web/deno/default.nix
View File

@ -17,15 +17,15 @@
rustPlatform.buildRustPackage rec {
pname = "deno";
version = "1.10.2";
version = "1.10.3";
src = fetchFromGitHub {
owner = "denoland";
repo = pname;
rev = "v${version}";
sha256 = "sha256-uePCEYcYahsxcgA+GDcloqqo+dr7Y2N/9nps6Y79D58=";
sha256 = "sha256-25FfxGtPZ+KQCmXur6pwrb1l/xjCWgw69CMLPihnhAU=";
};
cargoSha256 = "sha256-6fm1RWuTVWCE6nKgkC/SRQYRXGf9SGv7kAXWNqsdQS8=";
cargoSha256 = "sha256-CopfdjafWAhpbrdYSHJjKHKCLw94TSaiSAH4CVFOHi8=";
# Install completions post-install
nativeBuildInputs = [ installShellFiles ];

4
pkgs/games/warzone2100/default.nix
View File

@ -3,7 +3,7 @@
, fetchurl
, cmake
, ninja
, zip
, p7zip
, pkg-config
, asciidoctor
, gettext
@ -68,7 +68,7 @@ stdenv.mkDerivation rec {
pkg-config
cmake
ninja
zip
p7zip
asciidoctor
gettext
shaderc

3
pkgs/servers/dns/pdns-recursor/default.nix
View File

@ -33,6 +33,9 @@ stdenv.mkDerivation rec {
description = "A recursive DNS server";
homepage = "https://www.powerdns.com/";
platforms = platforms.linux;
badPlatforms = [
"i686-linux" # a 64-bit time_t is needed
];
license = licenses.gpl2;
maintainers = with maintainers; [ rnhmjoj ];
};

14
pkgs/servers/matrix-synapse/default.nix
View File

@ -12,11 +12,11 @@ let
in
buildPythonApplication rec {
pname = "matrix-synapse";
version = "1.34.0";
version = "1.35.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-lXVJfhcH9lKOCHn5f4Lc/OjgEYa5IpauKRhBsFXNWLw=";
sha256 = "sha256-MJ3RG60rWbcfQxhj34k99AFg8TsPd3ECEw/x2+xU1js=";
};
patches = [
@ -27,12 +27,13 @@ buildPythonApplication rec {
buildInputs = [ openssl ];
propagatedBuildInputs = [
setuptools
authlib
bcrypt
bleach
canonicaljson
daemonize
frozendict
ijson
jinja2
jsonschema
lxml
@ -44,20 +45,20 @@ buildPythonApplication rec {
psutil
psycopg2
pyasn1
pyjwt
pymacaroons
pynacl
pyopenssl
pysaml2
pyyaml
requests
setuptools
signedjson
sortedcontainers
treq
twisted
unpaddedbase64
typing-extensions
authlib
pyjwt
unpaddedbase64
] ++ lib.optional enableSystemd systemd
++ lib.optional enableRedis hiredis;
@ -66,7 +67,6 @@ buildPythonApplication rec {
doCheck = !stdenv.isDarwin;
checkPhase = ''
${lib.optionalString (!enableRedis) "rm -r tests/replication # these tests need the optional dependency 'hiredis'"}
PYTHONPATH=".:$PYTHONPATH" ${python3.interpreter} -m twisted.trial tests
'';

2
pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
View File

@ -10,6 +10,8 @@ let
};
in
ourNodePackages."${packageName}".override {
pname = "matrix-appservice-irc";
nativeBuildInputs = [ makeWrapper nodePackages.node-gyp-build ];
postInstall = ''

2
pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix
View File

@ -13,6 +13,8 @@ let
};
in
nodePackages.package.override {
pname = "matrix-appservice-slack";
inherit src;
nativeBuildInputs = [ pkgs.makeWrapper ];

2
pkgs/servers/matrix-synapse/tools/default.nix
View File

@ -1,4 +1,6 @@
{ callPackage }:
{
rust-synapse-compress-state = callPackage ./rust-synapse-compress-state.nix { };
synadm = callPackage ./synadm.nix { };
}

41
pkgs/servers/matrix-synapse/tools/synadm.nix Normal file
View File

@ -0,0 +1,41 @@
{ lib
, python3Packages
}:
with python3Packages; buildPythonApplication rec {
pname = "synadm";
version = "0.29";
format = "setuptools";
src = fetchPypi {
inherit pname version;
sha256 = "1vy30nwsns4jnv0s5i9jpyplxpclgwyw0gldpywv4z3fljs0lzik";
};
propagatedBuildInputs = [
click
click-option-group
tabulate
pyyaml
requests
];
checkPhase = ''
runHook preCheck
export HOME=$TMPDIR
$out/bin/synadm -h > /dev/null
runHook postCheck
'';
meta = with lib; {
description = "Command line admin tool for Synapse";
longDescription = ''
A CLI tool to help admins of Matrix Synapse homeservers
conveniently issue commands available via its admin API's
(matrix-org/synapse@master/docs/admin_api)
'';
homepage = "https://github.com/JOJ0/synadm";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ hexa ];
};
}

Some files were not shown because too many files have changed in this diff Show More