diff --git a/doc/languages-frameworks/beam.section.md b/doc/languages-frameworks/beam.section.md
index 2a4753a1199..c8dd3f9ed11 100644
--- a/doc/languages-frameworks/beam.section.md
+++ b/doc/languages-frameworks/beam.section.md
@@ -8,9 +8,9 @@ In this document and related Nix expressions, we use the term, _BEAM_, to descri
All BEAM-related expressions are available via the top-level `beam` attribute, which includes:
-- `interpreters`: a set of compilers running on the BEAM, including multiple Erlang/OTP versions (`beam.interpreters.erlangR19`, etc), Elixir (`beam.interpreters.elixir`) and LFE (Lisp Flavoured Erlang) (`beam.interpreters.lfe`).
+- `interpreters`: a set of compilers running on the BEAM, including multiple Erlang/OTP versions (`beam.interpreters.erlangR22`, etc), Elixir (`beam.interpreters.elixir`) and LFE (Lisp Flavoured Erlang) (`beam.interpreters.lfe`).
-- `packages`: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. `beam.packages.erlangR19`.
+- `packages`: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. `beam.packages.erlang22`.
The default Erlang compiler, defined by `beam.interpreters.erlang`, is aliased as `erlang`. The default BEAM package set is defined by `beam.packages.erlang` and aliased at the top level as `beamPackages`.
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 202e166443a..e979e9efcf5 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -6587,6 +6587,16 @@
githubId = 1387206;
name = "Mike Sperber";
};
+ mikroskeem = {
+ email = "mikroskeem@mikroskeem.eu";
+ github = "mikroskeem";
+ githubId = 3490861;
+ name = "Mark Vainomaa";
+ keys = [{
+ longkeyid = "rsa4096/0xDA015B05B5A11B22";
+ fingerprint = "DB43 2895 CF68 F0CE D4B7 EF60 DA01 5B05 B5A1 1B22";
+ }];
+ };
milesbreslin = {
email = "milesbreslin@gmail.com";
github = "milesbreslin";
diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml
index 5a95436915f..32321deeddf 100644
--- a/nixos/doc/manual/development/writing-nixos-tests.xml
+++ b/nixos/doc/manual/development/writing-nixos-tests.xml
@@ -436,6 +436,18 @@ machine.systemctl("list-jobs --no-pager", "any-user") # spawns a shell for `any-
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <methodname>shell_interact</methodname>
+ </term>
+ <listitem>
+ <para>
+ Allows you to directly interact with the guest shell.
+ This should only be used during test development, not in production tests.
+ Killing the interactive session with <literal>Ctrl-d</literal> or <literal>Ctrl-c</literal> also ends the guest session.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</para>
diff --git a/nixos/doc/manual/installation/upgrading.xml b/nixos/doc/manual/installation/upgrading.xml
index 15ba5db9a37..960d4fa9a43 100644
--- a/nixos/doc/manual/installation/upgrading.xml
+++ b/nixos/doc/manual/installation/upgrading.xml
@@ -14,7 +14,7 @@
<para>
<emphasis>Stable channels</emphasis>, such as
<literal
- xlink:href="https://nixos.org/channels/nixos-20.09">nixos-20.09</literal>.
+ xlink:href="https://nixos.org/channels/nixos-21.05">nixos-21.05</literal>.
These only get conservative bug fixes and package upgrades. For instance,
a channel update may cause the Linux kernel on your system to be upgraded
from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@@ -38,7 +38,7 @@
<para>
<emphasis>Small channels</emphasis>, such as
<literal
- xlink:href="https://nixos.org/channels/nixos-20.09-small">nixos-20.09-small</literal>
+ xlink:href="https://nixos.org/channels/nixos-21.05-small">nixos-21.05-small</literal>
or
<literal
xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@@ -63,8 +63,8 @@
<para>
When you first install NixOS, you’re automatically subscribed to the NixOS
channel that corresponds to your installation source. For instance, if you
- installed from a 20.09 ISO, you will be subscribed to the
- <literal>nixos-20.09</literal> channel. To see which NixOS channel you’re
+ installed from a 21.05 ISO, you will be subscribed to the
+ <literal>nixos-21.05</literal> channel. To see which NixOS channel you’re
subscribed to, run the following as root:
<screen>
<prompt># </prompt>nix-channel --list | grep nixos
@@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
<prompt># </prompt>nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
</screen>
(Be sure to include the <literal>nixos</literal> parameter at the end.) For
- instance, to use the NixOS 20.09 stable channel:
+ instance, to use the NixOS 21.05 stable channel:
<screen>
-<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09 nixos
+<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05 nixos
</screen>
If you have a server, you may want to use the “small” channel instead:
<screen>
-<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09-small nixos
+<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05-small nixos
</screen>
And if you want to live on the bleeding edge:
<screen>
@@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable
kernel, initrd or kernel modules.
You can also specify a channel explicitly, e.g.
<programlisting>
-<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.09;
+<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-21.05;
</programlisting>
</para>
</section>
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 410d2432786..124ede12726 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -3,8 +3,11 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-21.05">
- <title>Release 21.05 (“Okapi”, 2021.05/??)</title>
+ <title>Release 21.05 (“Okapi”, 2021.05/31)</title>
+ <para>
+ Support is planned until the end of December 2021, handing over to 21.11.
+ </para>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
@@ -18,114 +21,81 @@
</para>
<itemizedlist>
+
<listitem>
<para>
- Support is planned until the end of December 2021, handing over to 21.11.
+ Core version changes:
</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ gcc: 9.3.0 -> 10.3.0
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glibc: 2.30 -> 2.32
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ default linux: 5.4 -> 5.10, all supported kernels available
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ mesa: 20.1.7 -> 21.0.1
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>
+ Desktop Environments:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ GNOME: 3.36 -> 40, see its <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">release notes</link>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Plasma5: 5.18.5 -> 5.21.3
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ kdeApplications: 20.08.1 -> 20.12.3
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ cinnamon: 4.6 -> 4.8.1
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
+ <para>
+ Programming Languages and Frameworks:
+ </para>
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Python optimizations were disabled again. Builds with optimizations enabled
+ are not reproducible. Optimizations can now be enabled with an option.
+ </para>
+ </listitem>
+
+ </itemizedlist>
</listitem>
<listitem>
- <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para>
<para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para>
</listitem>
- <listitem>
- <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
- </listitem>
- <listitem>
- <para>
- <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
- <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
- packaged, along with a rewrite to the Nix expressions, allowing users to
- override the features upstream supports selecting to compile or not to.
- Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
- now point to an externally wrapped by default derivations, that allow you to
- also add `extraPythonPackages` to the Python interpreter used by GNURadio.
- Missing environmental variables needed for operational GUI were also added
- (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
- </para>
- </listitem>
- <listitem>
- <para>
- <link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
- <code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
- function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
- <code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
- defined with <code>gnuradio.callPackage</code> and some packages that depend
- on gnuradio are defined with this as well.
- </para>
- </listitem>
- <listitem>
- <para>
- <link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
- to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
- Compared to the previous release, Privoxy has gained support for HTTPS
- inspection (still experimental), Brotli decompression, several new filters
- and lots of bug fixes, including security ones. In addition, the package
- is now built with compression and external filters support, which were
- previously disabled.
- </para>
- <para>
- Regarding the NixOS module, new options for HTTPS inspection have been added
- and <option>services.privoxy.extraConfig</option> has been replaced by the new
- <xref linkend="opt-services.privoxy.settings"/>
- (See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
- for the motivation).
- </para>
- </listitem>
- <listitem>
- <para>
- Python optimizations were disabled again. Builds with optimizations enabled
- are not reproducible. Optimizations can now be enabled with an option.
- </para>
- </listitem>
- <listitem>
- <para>
- <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
- the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
- further details.
- </para>
- </listitem>
- <listitem>
- <para>
- The <option>services.packagekit.backend</option> option has been removed as
- it only supported a single setting which would always be the default.
- Instead new <link
- xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
- 0042</link> compliant <xref linkend="opt-services.packagekit.settings"/>
- and <xref linkend="opt-services.packagekit.vendorSettings"/> options have
- been introduced.
- </para>
- </listitem>
- <listitem>
- <para>
- <link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
- Now nginx uses the zlib-ng library by default.
- </para>
- </listitem>
- <listitem>
- <para>
- KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
- <link xlink:href="https://kde.org/announcements/gear/21.04/">release
- notes</link> for details.
- </para>
- <para>
- The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
- in keeping with the new name. The old name remains for compatibility, but
- it is deprecated.
- </para>
- </listitem>
- <listitem>
- <para>
- <link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
- to version 4.4. The package now includes example configurations and manual
- pages by default. The NixOS module has been changed to use the upstream
- systemd units and write the configuration in the <literal>/etc/ipsec.d/
- </literal> directory. In addition, two new options have been added to
- specify connection policies
- (<xref linkend="opt-services.libreswan.policies"/>)
- and disable send/receive redirects
- (<xref linkend="opt-services.libreswan.disableRedirects"/>).
- </para>
- </listitem>
+
</itemizedlist>
</section>
@@ -141,6 +111,20 @@
</para>
<itemizedlist>
+ <listitem>
+ <para>
+ <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
+ <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
+ packaged, along with a rewrite to the Nix expressions, allowing users to
+ override the features upstream supports selecting to compile or not to.
+ Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
+ now point to an externally wrapped by default derivations, that allow you to
+ also add `extraPythonPackages` to the Python interpreter used by GNURadio.
+ Missing environmental variables needed for operational GUI were also added
+ (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
+ </para>
+ </listitem>
+
<listitem>
<para>
<link xlink:href="https://www.keycloak.org/">Keycloak</link>,
@@ -193,6 +177,10 @@
</para>
<itemizedlist>
+ <listitem>
+ <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
+ </listitem>
+
<listitem>
<para>
If you are using <option>services.udev.extraRules</option> to assign
@@ -591,7 +579,7 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e
<programlisting>
self: super:
{
- mpi = super.mpich;
+ mpi = super.mpich;
}
</programlisting>
</para>
@@ -795,6 +783,16 @@ environment.systemPackages = [
the deprecated <option>services.radicale.config</option> is used.
</para>
</listitem>
+ <listitem>
+ <para>
+ In the <option>security.acme</option> module, use of <literal>--reuse-key</literal>
+ parameter for Lego has been removed. It was introduced for HKPK, but this security
+ feature is now deprecated. It is a better security practice to rotate key pairs
+ instead of always keeping the same. If you need to keep this parameter, you can add
+ it back using <literal>extraLegoRenewFlags</literal> as an option for the
+ appropriate certificate.
+ </para>
+ </listitem>
</itemizedlist>
</section>
@@ -814,6 +812,85 @@ environment.systemPackages = [
for details.
</para>
</listitem>
+
+ <listitem>
+ <para>
+ <link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
+ <code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
+ function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
+ <code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
+ defined with <code>gnuradio.callPackage</code> and some packages that depend
+ on gnuradio are defined with this as well.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
+ to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
+ Compared to the previous release, Privoxy has gained support for HTTPS
+ inspection (still experimental), Brotli decompression, several new filters
+ and lots of bug fixes, including security ones. In addition, the package
+ is now built with compression and external filters support, which were
+ previously disabled.
+ </para>
+ <para>
+ Regarding the NixOS module, new options for HTTPS inspection have been added
+ and <option>services.privoxy.extraConfig</option> has been replaced by the new
+ <xref linkend="opt-services.privoxy.settings"/>
+ (See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
+ for the motivation).
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
+ the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
+ further details.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <option>services.packagekit.backend</option> option has been removed as
+ it only supported a single setting which would always be the default.
+ Instead new <link
+ xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
+ 0042</link> compliant <xref linkend="opt-services.packagekit.settings"/>
+ and <xref linkend="opt-services.packagekit.vendorSettings"/> options have
+ been introduced.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
+ Now nginx uses the zlib-ng library by default.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
+ <link xlink:href="https://kde.org/announcements/gear/21.04/">release
+ notes</link> for details.
+ </para>
+ <para>
+ The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
+ in keeping with the new name. The old name remains for compatibility, but
+ it is deprecated.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
+ to version 4.4. The package now includes example configurations and manual
+ pages by default. The NixOS module has been changed to use the upstream
+ systemd units and write the configuration in the <literal>/etc/ipsec.d/
+ </literal> directory. In addition, two new options have been added to
+ specify connection policies
+ (<xref linkend="opt-services.libreswan.policies"/>)
+ and disable send/receive redirects
+ (<xref linkend="opt-services.libreswan.disableRedirects"/>).
+ </para>
+ </listitem>
+
<listitem>
<para>
The Mailman NixOS module (<literal>services.mailman</literal>) has a new
@@ -975,7 +1052,8 @@ environment.systemPackages = [
PulseAudio was upgraded to 14.0, with changes to the handling of default sinks.
See its <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release notes</link>.
</para>
-
+ </listitem>
+ <listitem>
<para>
GNOME users may wish to delete their <literal>~/.config/pulse</literal> due to the changes to stream routing
logic. See <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio bug 832</link>
@@ -1166,6 +1244,14 @@ environment.systemPackages = [
Nixpkgs now contains <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically packaged GNOME Shell extensions</link> from the <link xlink:href="https://extensions.gnome.org/">GNOME Extensions</link> portal. You can find them, filed by their UUID, under <literal>gnome38Extensions</literal> attribute for GNOME 3.38 and under <literal>gnome40Extensions</literal> for GNOME 40. Finally, the <literal>gnomeExtensions</literal> attribute contains extensions for the latest GNOME Shell version in Nixpkgs, listed under a more human-friendly name. The unqualified attribute scope also contains manually packaged extensions. Note that the automatically packaged extensions are provided for convenience and are not checked or guaranteed to work.
</para>
</listitem>
+ <listitem>
+ <para>
+ Erlang/OTP versions older than R21 got dropped. We also dropped the cuter package, as it was purely an example of how to build a package.
+ We also dropped <literal>lfe_1_2</literal> as it could not build with R21+.
+ Moving forward, we expect to only support 3 yearly releases of OTP.
+ </para>
+ </listitem>
+
</itemizedlist>
</section>
</section>
diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py
index e216e566f28..fd5b91e6e4d 100644
--- a/nixos/lib/test-driver/test-driver.py
+++ b/nixos/lib/test-driver/test-driver.py
@@ -21,6 +21,7 @@ import shutil
import socket
import subprocess
import sys
+import telnetlib
import tempfile
import time
import traceback
@@ -455,6 +456,16 @@ class Machine:
return (status_code, output)
output += chunk
+ def shell_interact(self) -> None:
+ """Allows you to interact with the guest shell
+
+ Should only be used during test development, not in the production test."""
+ self.connect()
+ self.log("Terminal is ready (there is no prompt):")
+ telnet = telnetlib.Telnet()
+ telnet.sock = self.shell # type: ignore
+ telnet.interact()
+
def succeed(self, *commands: str) -> str:
"""Execute each command and check that it succeeds."""
output = ""
diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index 324b38070e4..c2836b5a9a1 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -182,13 +182,29 @@ let
# Menu configuration
#
+ # Search using a "marker file"
+ search --set=root --file /EFI/nixos-installer-image
+
insmod gfxterm
insmod png
set gfxpayload=keep
+ set gfxmode=${concatStringsSep "," [
+ # GRUB will use the first valid mode listed here.
+ # `auto` will sometimes choose the smallest valid mode it detects.
+ # So instead we'll list a lot of possibly valid modes :/
+ #"3840x2160"
+ #"2560x1440"
+ "1920x1080"
+ "1366x768"
+ "1280x720"
+ "1024x768"
+ "800x600"
+ "auto"
+ ]}
# Fonts can be loaded?
# (This font is assumed to always be provided as a fallback by NixOS)
- if loadfont /EFI/boot/unicode.pf2; then
+ if loadfont (\$root)/EFI/boot/unicode.pf2; then
set with_fonts=true
fi
if [ "\$textmode" != "true" -a "\$with_fonts" == "true" ]; then
@@ -212,11 +228,11 @@ let
${ # When there is a theme configured, use it, otherwise use the background image.
if config.isoImage.grubTheme != null then ''
# Sets theme.
- set theme=/EFI/boot/grub-theme/theme.txt
+ set theme=(\$root)/EFI/boot/grub-theme/theme.txt
# Load theme fonts
- $(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont /EFI/boot/grub-theme/%P\n")
+ $(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont (\$root)/EFI/boot/grub-theme/%P\n")
'' else ''
- if background_image /EFI/boot/efi-background.png; then
+ if background_image (\$root)/EFI/boot/efi-background.png; then
# Black background means transparent background when there
# is a background image set... This seems undocumented :(
set color_normal=black/black
@@ -239,6 +255,9 @@ let
} ''
mkdir -p $out/EFI/boot/
+ # Add a marker so GRUB can find the filesystem.
+ touch $out/EFI/nixos-installer-image
+
# ALWAYS required modules.
MODULES="fat iso9660 part_gpt part_msdos \
normal boot linux configfile loopback chain halt \
@@ -294,12 +313,12 @@ let
${grubMenuCfg}
hiddenentry 'Text mode' --hotkey 't' {
- loadfont /EFI/boot/unicode.pf2
+ loadfont (\$root)/EFI/boot/unicode.pf2
set textmode=true
terminal_output gfxterm console
}
hiddenentry 'GUI mode' --hotkey 'g' {
- $(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont /EFI/boot/grub-theme/%P\n")
+ $(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont (\$root)/EFI/boot/grub-theme/%P\n")
set textmode=false
terminal_output gfxterm
}
@@ -370,8 +389,10 @@ let
${lib.optionalString (refindBinary != null) ''
# GRUB apparently cannot do "chainloader" operations on "CD".
if [ "\$root" != "cd0" ]; then
+ # Force root to be the FAT partition
+ # Otherwise it breaks rEFInd's boot
+ search --set=root --no-floppy --fs-uuid 1234-5678
menuentry 'rEFInd' --class refind {
- # \$root defaults to the drive the EFI is found on.
chainloader (\$root)/EFI/boot/${refindBinary}
}
fi
@@ -403,7 +424,9 @@ let
mkdir ./boot
cp -p "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}" \
"${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}" ./boot/
- touch --date=@0 ./EFI ./boot
+
+ # Rewrite dates for everything in the FS
+ find . -exec touch --date=2000-01-01 {} +
usage_size=$(du -sb --apparent-size . | tr -cd '[:digit:]')
# Make the image 110% as big as the files need to make up for FAT overhead
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 7a0a90f4bd2..326428b95c3 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1111,6 +1111,7 @@
./virtualisation/openvswitch.nix
./virtualisation/parallels-guest.nix
./virtualisation/podman.nix
+ ./virtualisation/podman-network-socket-ghostunnel.nix
./virtualisation/qemu-guest-agent.nix
./virtualisation/railcar.nix
./virtualisation/spice-usb-redirection.nix
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index eb3599b924d..c0250171109 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -152,7 +152,7 @@ let
);
renewOpts = escapeShellArgs (
commonOpts
- ++ [ "renew" "--reuse-key" ]
+ ++ [ "renew" ]
++ optionals data.ocspMustStaple [ "--must-staple" ]
++ data.extraLegoRenewFlags
);
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix b/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix
index aba3533e439..472652fe8a7 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix
@@ -35,13 +35,28 @@ in
{
<xref linkend="opt-services.prometheus.exporters.dovecot.enable" /> = true;
<xref linkend="opt-services.prometheus.exporters.dovecot.socketPath" /> = "/var/run/dovecot2/old-stats";
+ <xref linkend="opt-services.dovecot2.mailPlugins.globally.enable" /> = [ "old_stats" ];
<xref linkend="opt-services.dovecot2.extraConfig" /> = '''
- mail_plugins = $mail_plugins old_stats
service old-stats {
unix_listener old-stats {
user = dovecot-exporter
group = dovecot-exporter
+ mode = 0660
}
+ fifo_listener old-stats-mail {
+ mode = 0660
+ user = dovecot
+ group = dovecot
+ }
+ fifo_listener old-stats-user {
+ mode = 0660
+ user = dovecot
+ group = dovecot
+ }
+ }
+ plugin {
+ old_stats_refresh = 30 secs
+ old_stats_track_cmds = yes
}
''';
}
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/mail.nix b/nixos/modules/services/monitoring/prometheus/exporters/mail.nix
index 18c5c4dd162..7e196149fbb 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/mail.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/mail.nix
@@ -112,6 +112,24 @@ let
'';
description = ''
List of servers that should be probed.
+
+ <emphasis>Note:</emphasis> if your mailserver has <citerefentry>
+ <refentrytitle>rspamd</refentrytitle><manvolnum>8</manvolnum></citerefentry> configured,
+ it can happen that emails from this exporter are marked as spam.
+
+ It's possible to work around the issue with a config like this:
+ <programlisting>
+ {
+ <link linkend="opt-services.rspamd.locals._name_.text">services.rspamd.locals."multimap.conf".text</link> = '''
+ ALLOWLIST_PROMETHEUS {
+ filter = "email:domain:tld";
+ type = "from";
+ map = "''${pkgs.writeText "allowmap" "domain.tld"}";
+ score = -100.0;
+ }
+ ''';
+ }
+ </programlisting>
'';
};
};
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix b/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
index d95e5ed9e83..994670a376e 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
@@ -5,21 +5,19 @@ with lib;
let
cfg = config.services.prometheus.exporters.rspamd;
- prettyJSON = conf:
- pkgs.runCommand "rspamd-exporter-config.yml" { } ''
- echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq '.' > $out
- '';
+ mkFile = conf:
+ pkgs.writeText "rspamd-exporter-config.yml" (builtins.toJSON conf);
generateConfig = extraLabels: {
metrics = (map (path: {
- name = "rspamd_${replaceStrings [ "." " " ] [ "_" "_" ] path}";
+ name = "rspamd_${replaceStrings [ "[" "." " " "]" "\\" "'" ] [ "_" "_" "_" "" "" "" ] path}";
path = "{ .${path} }";
labels = extraLabels;
}) [
- "actions.'add header'"
- "actions.'no action'"
- "actions.'rewrite subject'"
- "actions.'soft reject'"
+ "actions['add\\ header']"
+ "actions['no\\ action']"
+ "actions['rewrite\\ subject']"
+ "actions['soft\\ reject']"
"actions.greylist"
"actions.reject"
"bytes_allocated"
@@ -40,18 +38,18 @@ let
]) ++ [{
name = "rspamd_statfiles";
type = "object";
- path = "$.statfiles[*]";
+ path = "{.statfiles[*]}";
labels = recursiveUpdate {
- symbol = "$.symbol";
- type = "$.type";
+ symbol = "{.symbol}";
+ type = "{.type}";
} extraLabels;
values = {
- revision = "$.revision";
- size = "$.size";
- total = "$.total";
- used = "$.used";
- languages = "$.languages";
- users = "$.users";
+ revision = "{.revision}";
+ size = "{.size}";
+ total = "{.total}";
+ used = "{.used}";
+ languages = "{.languages}";
+ users = "{.users}";
};
}];
};
@@ -76,7 +74,7 @@ in
};
serviceOpts.serviceConfig.ExecStart = ''
${pkgs.prometheus-json-exporter}/bin/json_exporter \
- --config.file ${prettyJSON (generateConfig cfg.extraLabels)} \
+ --config.file ${mkFile (generateConfig cfg.extraLabels)} \
--web.listen-address "${cfg.listenAddress}:${toString cfg.port}" \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 3974caf2233..45d4f877ae5 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -48,6 +48,23 @@ in
description = "containers.conf configuration";
};
+ containersConf.cniPlugins = mkOption {
+ type = types.listOf types.package;
+ defaultText = ''
+ [
+ pkgs.cni-plugins
+ ]
+ '';
+ example = lib.literalExample ''
+ [
+ pkgs.cniPlugins.dnsname
+ ]
+ '';
+ description = ''
+ CNI plugins to install on the system.
+ '';
+ };
+
registries = {
search = mkOption {
type = types.listOf types.str;
@@ -97,8 +114,11 @@ in
};
config = lib.mkIf cfg.enable {
+
+ virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ];
+
virtualisation.containers.containersConf.settings = {
- network.cni_plugin_dirs = [ "${pkgs.cni-plugins}/bin/" ];
+ network.cni_plugin_dirs = map (p: "${lib.getBin p}/bin") cfg.containersConf.cniPlugins;
engine = {
init_path = "${pkgs.catatonit}/bin/catatonit";
} // lib.optionalAttrs cfg.ociSeccompBpfHook.enable {
diff --git a/nixos/modules/virtualisation/podman-dnsname.nix b/nixos/modules/virtualisation/podman-dnsname.nix
new file mode 100644
index 00000000000..beef1975507
--- /dev/null
+++ b/nixos/modules/virtualisation/podman-dnsname.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+let
+ inherit (lib)
+ mkOption
+ mkIf
+ types
+ ;
+
+ cfg = config.virtualisation.podman;
+
+in
+{
+ options = {
+ virtualisation.podman = {
+
+ defaultNetwork.dnsname.enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Enable DNS resolution in the default podman network.
+ '';
+ };
+
+ };
+ };
+
+ config = {
+ virtualisation.containers.containersConf.cniPlugins = mkIf cfg.defaultNetwork.dnsname.enable [ pkgs.dnsname-cni ];
+ virtualisation.podman.defaultNetwork.extraPlugins =
+ lib.optional cfg.defaultNetwork.dnsname.enable {
+ type = "dnsname";
+ domainName = "dns.podman";
+ capabilities.aliases = true;
+ };
+ };
+}
diff --git a/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix b/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix
new file mode 100644
index 00000000000..a0e7e433164
--- /dev/null
+++ b/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkg, ... }:
+let
+ inherit (lib)
+ mkOption
+ types
+ ;
+
+ cfg = config.virtualisation.podman.networkSocket;
+
+in
+{
+ options.virtualisation.podman.networkSocket = {
+ server = mkOption {
+ type = types.enum [ "ghostunnel" ];
+ };
+ };
+
+ config = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") {
+
+ services.ghostunnel = {
+ enable = true;
+ servers."podman-socket" = {
+ inherit (cfg.tls) cert key cacert;
+ listen = "${cfg.listenAddress}:${toString cfg.port}";
+ target = "unix:/run/podman/podman.sock";
+ allowAll = lib.mkDefault true;
+ };
+ };
+ systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = ["podman"];
+
+ };
+
+ meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
+}
diff --git a/nixos/modules/virtualisation/podman-network-socket.nix b/nixos/modules/virtualisation/podman-network-socket.nix
new file mode 100644
index 00000000000..1429164630b
--- /dev/null
+++ b/nixos/modules/virtualisation/podman-network-socket.nix
@@ -0,0 +1,91 @@
+{ config, lib, pkg, ... }:
+let
+ inherit (lib)
+ mkOption
+ types
+ ;
+
+ cfg = config.virtualisation.podman.networkSocket;
+
+in
+{
+ options.virtualisation.podman.networkSocket = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Make the Podman and Docker compatibility API available over the network
+ with TLS client certificate authentication.
+
+ This allows Docker clients to connect with the equivalents of the Docker
+ CLI <code>-H</code> and <code>--tls*</code> family of options.
+
+ For certificate setup, see https://docs.docker.com/engine/security/protect-access/
+
+ This option is independent of <xref linkend="opt-virtualisation.podman.dockerSocket.enable"/>.
+ '';
+ };
+
+ server = mkOption {
+ type = types.enum [];
+ description = ''
+ Choice of TLS proxy server.
+ '';
+ example = "ghostunnel";
+ };
+
+ openFirewall = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Whether to open the port in the firewall.
+ '';
+ };
+
+ tls.cacert = mkOption {
+ type = types.path;
+ description = ''
+ Path to CA certificate to use for client authentication.
+ '';
+ };
+
+ tls.cert = mkOption {
+ type = types.path;
+ description = ''
+ Path to certificate describing the server.
+ '';
+ };
+
+ tls.key = mkOption {
+ type = types.path;
+ description = ''
+ Path to the private key corresponding to the server certificate.
+
+ Use a string for this setting. Otherwise it will be copied to the Nix
+ store first, where it is readable by any system process.
+ '';
+ };
+
+ port = mkOption {
+ type = types.port;
+ default = 2376;
+ description = ''
+ TCP port number for receiving TLS connections.
+ '';
+ };
+ listenAddress = mkOption {
+ type = types.str;
+ default = "0.0.0.0";
+ description = ''
+ Interface address for receiving TLS connections.
+ '';
+ };
+ };
+
+ config = {
+ networking.firewall.allowedTCPPorts =
+ lib.optional (cfg.enable && cfg.openFirewall) cfg.port;
+ };
+
+ meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
+}
diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix
index d6421d488b8..e245004e04a 100644
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@@ -1,7 +1,8 @@
-{ config, lib, pkgs, utils, ... }:
+{ config, lib, pkgs, ... }:
let
cfg = config.virtualisation.podman;
toml = pkgs.formats.toml { };
+ json = pkgs.formats.json { };
inherit (lib) mkOption types;
@@ -22,9 +23,24 @@ let
done
'';
+ net-conflist = pkgs.runCommand "87-podman-bridge.conflist" {
+ nativeBuildInputs = [ pkgs.jq ];
+ extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
+ jqScript = ''
+ . + { "plugins": (.plugins + $extraPlugins) }
+ '';
+ } ''
+ jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
+ --argjson extraPlugins "$extraPlugins" \
+ "$jqScript" \
+ >$out
+ '';
+
in
{
imports = [
+ ./podman-dnsname.nix
+ ./podman-network-socket.nix
(lib.mkRenamedOptionModule [ "virtualisation" "podman" "libpod" ] [ "virtualisation" "containers" "containersConf" ])
];
@@ -46,6 +62,20 @@ in
'';
};
+ dockerSocket.enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Make the Podman socket available in place of the Docker socket, so
+ Docker tools can find the Podman socket.
+
+ Podman implements the Docker API.
+
+ Users must be in the <code>podman</code> group in order to connect. As
+ with Docker, members of this group can gain root access.
+ '';
+ };
+
dockerCompat = mkOption {
type = types.bool;
default = false;
@@ -84,6 +114,13 @@ in
'';
};
+ defaultNetwork.extraPlugins = lib.mkOption {
+ type = types.listOf json.type;
+ default = [];
+ description = ''
+ Extra CNI plugin configurations to add to podman's default network.
+ '';
+ };
};
@@ -92,7 +129,7 @@ in
environment.systemPackages = [ cfg.package ]
++ lib.optional cfg.dockerCompat dockerCompat;
- environment.etc."cni/net.d/87-podman-bridge.conflist".source = utils.copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist";
+ environment.etc."cni/net.d/87-podman-bridge.conflist".source = net-conflist;
virtualisation.containers = {
enable = true; # Enable common /etc/containers configuration
@@ -111,14 +148,36 @@ in
};
systemd.sockets.podman.wantedBy = [ "sockets.target" ];
+ systemd.sockets.podman.socketConfig.SocketGroup = "podman";
- systemd.tmpfiles.packages = [ cfg.package ];
+ systemd.tmpfiles.packages = [
+ # The /run/podman rule interferes with our podman group, so we remove
+ # it and let the systemd socket logic take care of it.
+ (pkgs.runCommand "podman-tmpfiles-nixos" { package = cfg.package; } ''
+ mkdir -p $out/lib/tmpfiles.d/
+ grep -v 'D! /run/podman 0700 root root' \
+ <$package/lib/tmpfiles.d/podman.conf \
+ >$out/lib/tmpfiles.d/podman.conf
+ '') ];
+
+ systemd.tmpfiles.rules =
+ lib.optionals cfg.dockerSocket.enable [
+ "L! /run/docker.sock - - - - /run/podman/podman.sock"
+ ];
+
+ users.groups.podman = {};
assertions = [
{
assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable;
message = "Option dockerCompat conflicts with docker";
}
+ {
+ assertion = cfg.dockerSocket.enable -> !config.virtualisation.docker.enable;
+ message = ''
+ The options virtualisation.podman.dockerSocket.enable and virtualisation.docker.enable conflict, because only one can serve the socket.
+ '';
+ }
];
}
]);
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 1b8bf7a7b70..e7cf1fbbda4 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -335,6 +335,8 @@ in
plotinus = handleTest ./plotinus.nix {};
podgrab = handleTest ./podgrab.nix {};
podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
+ podman-dnsname = handleTestOn ["x86_64-linux"] ./podman-dnsname.nix {};
+ podman-tls-ghostunnel = handleTestOn ["x86_64-linux"] ./podman-tls-ghostunnel.nix {};
pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
postfix = handleTest ./postfix.nix {};
postfix-raise-smtpd-tls-security-level = handleTest ./postfix-raise-smtpd-tls-security-level.nix {};
diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix
index 39b97b4cb99..831ef2fb77a 100644
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@@ -20,6 +20,20 @@ import ./make-test-python.nix ({ pkgs, ... }: {
docker.wait_for_unit("sockets.target")
+ with subtest("includeStorePath"):
+ with subtest("assumption"):
+ docker.succeed("${examples.helloOnRoot} | docker load")
+ docker.succeed("set -euo pipefail; docker run --rm hello | grep -i hello")
+ docker.succeed("docker image rm hello:latest")
+ with subtest("includeStorePath = false; breaks example"):
+ docker.succeed("${examples.helloOnRootNoStore} | docker load")
+ docker.fail("set -euo pipefail; docker run --rm hello | grep -i hello")
+ docker.succeed("docker image rm hello:latest")
+ with subtest("includeStorePath = false; works with mounted store"):
+ docker.succeed("${examples.helloOnRootNoStore} | docker load")
+ docker.succeed("set -euo pipefail; docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
+ docker.succeed("docker image rm hello:latest")
+
with subtest("Ensure Docker images use a stable date by default"):
docker.succeed(
"docker load --input='${examples.bash}'"
diff --git a/nixos/tests/podman-dnsname.nix b/nixos/tests/podman-dnsname.nix
new file mode 100644
index 00000000000..dd352f754dc
--- /dev/null
+++ b/nixos/tests/podman-dnsname.nix
@@ -0,0 +1,42 @@
+import ./make-test-python.nix (
+ { pkgs, lib, ... }:
+ let
+ inherit (pkgs) writeTextDir python3 curl;
+ webroot = writeTextDir "index.html" "<h1>Hi</h1>";
+ in
+ {
+ name = "podman-dnsname";
+ meta = {
+ maintainers = with lib.maintainers; [ roberth ] ++ lib.teams.podman.members;
+ };
+
+ nodes = {
+ podman = { pkgs, ... }: {
+ virtualisation.podman.enable = true;
+ virtualisation.podman.defaultNetwork.dnsname.enable = true;
+ };
+ };
+
+ testScript = ''
+ podman.wait_for_unit("sockets.target")
+
+ with subtest("DNS works"): # also tests inter-container tcp routing
+ podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
+ podman.succeed(
+ "podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${webroot} scratchimg ${python3}/bin/python -m http.server 8000"
+ )
+ podman.succeed("podman ps | grep webserver")
+ podman.succeed("""
+ for i in `seq 0 120`; do
+ podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${curl}/bin/curl http://webserver:8000 >/dev/console \
+ && exit 0
+ sleep 0.5
+ done
+ exit 1
+ """)
+ podman.succeed("podman stop webserver")
+ podman.succeed("podman rm webserver")
+
+ '';
+ }
+)
diff --git a/nixos/tests/podman-tls-ghostunnel.nix b/nixos/tests/podman-tls-ghostunnel.nix
new file mode 100644
index 00000000000..0e687b199b2
--- /dev/null
+++ b/nixos/tests/podman-tls-ghostunnel.nix
@@ -0,0 +1,150 @@
+/*
+ This test runs podman as a backend for the Docker CLI.
+ */
+import ./make-test-python.nix (
+ { pkgs, lib, ... }:
+
+ let gen-ca = pkgs.writeScript "gen-ca" ''
+ # Create CA
+ PATH="${pkgs.openssl}/bin:$PATH"
+ openssl genrsa -out ca-key.pem 4096
+ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca.pem
+
+ # Create service
+ openssl genrsa -out podman-key.pem 4096
+ openssl req -subj '/CN=podman' -sha256 -new -key podman-key.pem -out service.csr
+ echo subjectAltName = DNS:podman,IP:127.0.0.1 >> extfile.cnf
+ echo extendedKeyUsage = serverAuth >> extfile.cnf
+ openssl x509 -req -days 365 -sha256 -in service.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out podman-cert.pem -extfile extfile.cnf
+
+ # Create client
+ openssl genrsa -out client-key.pem 4096
+ openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
+ echo extendedKeyUsage = clientAuth > extfile-client.cnf
+ openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -extfile extfile-client.cnf
+
+ # Create CA 2
+ PATH="${pkgs.openssl}/bin:$PATH"
+ openssl genrsa -out ca-2-key.pem 4096
+ openssl req -new -x509 -days 365 -key ca-2-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca-2.pem
+
+ # Create client signed by CA 2
+ openssl genrsa -out client-2-key.pem 4096
+ openssl req -subj '/CN=client' -new -key client-2-key.pem -out client-2.csr
+ echo extendedKeyUsage = clientAuth > extfile-client.cnf
+ openssl x509 -req -days 365 -sha256 -in client-2.csr -CA ca-2.pem -CAkey ca-2-key.pem -CAcreateserial -out client-2-cert.pem -extfile extfile-client.cnf
+
+ '';
+ in
+ {
+ name = "podman-tls-ghostunnel";
+ meta = {
+ maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
+ };
+
+ nodes = {
+ podman =
+ { pkgs, ... }:
+ {
+ virtualisation.podman.enable = true;
+ virtualisation.podman.dockerSocket.enable = true;
+ virtualisation.podman.networkSocket = {
+ enable = true;
+ openFirewall = true;
+ server = "ghostunnel";
+ tls.cert = "/root/podman-cert.pem";
+ tls.key = "/root/podman-key.pem";
+ tls.cacert = "/root/ca.pem";
+ };
+
+ environment.systemPackages = [
+ pkgs.docker-client
+ ];
+
+ users.users.alice = {
+ isNormalUser = true;
+ home = "/home/alice";
+ description = "Alice Foobar";
+ extraGroups = ["podman"];
+ };
+
+ };
+
+ client = { ... }: {
+ environment.systemPackages = [
+ # Installs the docker _client_ only
+ # Normally, you'd want `virtualisation.docker.enable = true;`.
+ pkgs.docker-client
+ ];
+ environment.variables.DOCKER_HOST = "podman:2376";
+ environment.variables.DOCKER_TLS_VERIFY = "1";
+ };
+ };
+
+ testScript = ''
+ import shlex
+
+
+ def su_cmd(user, cmd):
+ cmd = shlex.quote(cmd)
+ return f"su {user} -l -c {cmd}"
+
+ def cmd(command):
+ print(f"+{command}")
+ r = os.system(command)
+ if r != 0:
+ raise Exception(f"Command {command} failed with exit code {r}")
+
+ start_all()
+ cmd("${gen-ca}")
+
+ podman.copy_from_host("ca.pem", "/root/ca.pem")
+ podman.copy_from_host("podman-cert.pem", "/root/podman-cert.pem")
+ podman.copy_from_host("podman-key.pem", "/root/podman-key.pem")
+
+ client.copy_from_host("ca.pem", "/root/.docker/ca.pem")
+ # client.copy_from_host("podman-cert.pem", "/root/podman-cert.pem")
+ client.copy_from_host("client-cert.pem", "/root/.docker/cert.pem")
+ client.copy_from_host("client-key.pem", "/root/.docker/key.pem")
+
+ # TODO (ghostunnel): add file watchers so the restart isn't necessary
+ podman.succeed("systemctl reset-failed && systemctl restart ghostunnel-server-podman-socket.service")
+
+ podman.wait_for_unit("sockets.target")
+ podman.wait_for_unit("ghostunnel-server-podman-socket.service")
+
+ with subtest("Create default network"):
+ podman.succeed("docker network create default")
+
+ with subtest("Root docker cli also works"):
+ podman.succeed("docker version")
+
+ with subtest("A podman member can also still use the docker cli"):
+ podman.succeed(su_cmd("alice", "docker version"))
+
+ with subtest("Run container remotely via docker cli"):
+ client.succeed("docker version")
+
+ # via socket would be nicer
+ podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
+
+ client.succeed(
+ "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
+ )
+ client.succeed("docker ps | grep sleeping")
+ podman.succeed("docker ps | grep sleeping")
+ client.succeed("docker stop sleeping")
+ client.succeed("docker rm sleeping")
+
+ with subtest("Clients without cert will be denied"):
+ client.succeed("rm /root/.docker/{cert,key}.pem")
+ client.fail("docker version")
+
+ with subtest("Clients with wrong cert will be denied"):
+ client.copy_from_host("client-2-cert.pem", "/root/.docker/cert.pem")
+ client.copy_from_host("client-2-key.pem", "/root/.docker/key.pem")
+ client.fail("docker version")
+
+ '';
+ }
+)
diff --git a/nixos/tests/podman.nix b/nixos/tests/podman.nix
index 6078a936ede..7eae575fd7f 100644
--- a/nixos/tests/podman.nix
+++ b/nixos/tests/podman.nix
@@ -13,10 +13,23 @@ import ./make-test-python.nix (
{
virtualisation.podman.enable = true;
+ # To test docker socket support
+ virtualisation.podman.dockerSocket.enable = true;
+ environment.systemPackages = [
+ pkgs.docker-client
+ ];
+
users.users.alice = {
isNormalUser = true;
home = "/home/alice";
description = "Alice Foobar";
+ extraGroups = [ "podman" ];
+ };
+
+ users.users.mallory = {
+ isNormalUser = true;
+ home = "/home/mallory";
+ description = "Mallory Foobar";
};
};
@@ -26,9 +39,9 @@ import ./make-test-python.nix (
import shlex
- def su_cmd(cmd):
+ def su_cmd(cmd, user = "alice"):
cmd = shlex.quote(cmd)
- return f"su alice -l -c {cmd}"
+ return f"su {user} -l -c {cmd}"
podman.wait_for_unit("sockets.target")
@@ -105,6 +118,27 @@ import ./make-test-python.nix (
assert pid == "1"
pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip()
assert pid == "2"
+
+ with subtest("A podman member can use the docker cli"):
+ podman.succeed(su_cmd("docker version"))
+
+ with subtest("Run container via docker cli"):
+ podman.succeed("docker network create default")
+ podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
+ podman.succeed(
+ "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
+ )
+ podman.succeed("docker ps | grep sleeping")
+ podman.succeed("podman ps | grep sleeping")
+ podman.succeed("docker stop sleeping")
+ podman.succeed("docker rm sleeping")
+ podman.succeed("docker network rm default")
+
+ with subtest("A podman non-member can not use the docker cli"):
+ podman.fail(su_cmd("docker version", user="mallory"))
+
+ # TODO: add docker-compose test
+
'';
}
)
diff --git a/pkgs/applications/audio/dr14_tmeter/default.nix b/pkgs/applications/audio/dr14_tmeter/default.nix
index 80b2cff3ce0..649c0f39097 100644
--- a/pkgs/applications/audio/dr14_tmeter/default.nix
+++ b/pkgs/applications/audio/dr14_tmeter/default.nix
@@ -14,7 +14,7 @@ python3Packages.buildPythonApplication rec {
};
propagatedBuildInputs = with pkgs; [
- python3Packages.numpy flac vorbis-tools ffmpeg_3 faad2 lame
+ python3Packages.numpy flac vorbis-tools ffmpeg faad2 lame
];
# There are no tests
diff --git a/pkgs/applications/audio/schismtracker/default.nix b/pkgs/applications/audio/schismtracker/default.nix
index 3b5708529e0..7e276e07224 100644
--- a/pkgs/applications/audio/schismtracker/default.nix
+++ b/pkgs/applications/audio/schismtracker/default.nix
@@ -1,19 +1,25 @@
-{ lib, stdenv, fetchFromGitHub
+{ lib
+, stdenv
+, fetchFromGitHub
, autoreconfHook
-, alsaLib, python, SDL }:
+, alsaLib
+, python
+, SDL
+}:
stdenv.mkDerivation rec {
pname = "schismtracker";
- version = "20200412";
+ version = "20210525";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = version;
- sha256 = "1n6cgjiw3vkv7a1h1nki5syyjxjb6icknr9s049w2jrag10bxssn";
+ sha256 = "06ybkbqry7f7lmzgwb9s7ipafshl5gdj98lcjsjkcbnywj8r9b3h";
};
- configureFlags = [ "--enable-dependency-tracking" ];
+ configureFlags = [ "--enable-dependency-tracking" ]
+ ++ lib.optional stdenv.isDarwin "--disable-sdltest";
nativeBuildInputs = [ autoreconfHook python ];
@@ -22,8 +28,8 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Music tracker application, free reimplementation of Impulse Tracker";
homepage = "http://schismtracker.org/";
- license = licenses.gpl2;
- platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
+ license = licenses.gpl2Plus;
+ platforms = platforms.unix;
maintainers = with maintainers; [ ftrvxmtrx ];
};
}
diff --git a/pkgs/applications/graphics/antimony/default.nix b/pkgs/applications/graphics/antimony/default.nix
index d92ad9998f2..8b482626c91 100644
--- a/pkgs/applications/graphics/antimony/default.nix
+++ b/pkgs/applications/graphics/antimony/default.nix
@@ -1,6 +1,7 @@
{ lib, stdenv, fetchFromGitHub, libpng, python3
, libGLU, libGL, qtbase, wrapQtAppsHook, ncurses
, cmake, flex, lemon
+, makeDesktopItem, copyDesktopItems
}:
let
@@ -27,12 +28,35 @@ in
sed -i "s,python3,${python3.executable}," CMakeLists.txt
'';
+ postInstall = lib.optionalString stdenv.isLinux ''
+ install -Dm644 $src/deploy/icon.svg $out/share/icons/hicolor/scalable/apps/antimony.svg
+ install -Dm644 ${./mimetype.xml} $out/share/mime/packages/antimony.xml
+ '';
+
buildInputs = [
libpng python3 python3.pkgs.boost
libGLU libGL qtbase ncurses
];
- nativeBuildInputs = [ cmake flex lemon wrapQtAppsHook ];
+ nativeBuildInputs = [ cmake flex lemon wrapQtAppsHook copyDesktopItems ];
+
+ desktopItems = [
+ (makeDesktopItem {
+ name = "antimony";
+ desktopName = "Antimony";
+ comment="Tree-based Modeler";
+ genericName = "CAD Application";
+ exec = "antimony %f";
+ icon = "antimony";
+ terminal = "false";
+ categories = "Graphics;Science;Engineering";
+ mimeType = "application/x-extension-sb;application/x-antimony;";
+ extraEntries = ''
+ StartupWMClass=antimony
+ Version=1.0
+ '';
+ })
+ ];
cmakeFlags= [
"-DGITREV=${gitRev}"
diff --git a/pkgs/applications/graphics/antimony/mimetype.xml b/pkgs/applications/graphics/antimony/mimetype.xml
new file mode 100644
index 00000000000..c6960fba9ab
--- /dev/null
+++ b/pkgs/applications/graphics/antimony/mimetype.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
+ <mime-type type="application/x-antimony">
+ <comment xml:lang="en">Antimony model</comment>
+ <glob pattern="*.sb"/>
+ </mime-type>
+</mime-info>
diff --git a/pkgs/applications/misc/blender/darwin.patch b/pkgs/applications/misc/blender/darwin.patch
index da2d6fa4a3d..72db7924594 100644
--- a/pkgs/applications/misc/blender/darwin.patch
+++ b/pkgs/applications/misc/blender/darwin.patch
@@ -1,5 +1,4 @@
diff --git a/build_files/cmake/platform/platform_apple.cmake b/build_files/cmake/platform/platform_apple.cmake
-index 31da529..90308aa 100644
--- a/build_files/cmake/platform/platform_apple.cmake
+++ b/build_files/cmake/platform/platform_apple.cmake
@@ -77,7 +77,6 @@ else()
@@ -10,7 +9,7 @@ index 31da529..90308aa 100644
endif()
# Prefer lib directory paths
-@@ -113,10 +112,6 @@ if(WITH_CODEC_SNDFILE)
+@@ -114,10 +113,6 @@ if(WITH_CODEC_SNDFILE)
find_library(_sndfile_VORBIS_LIBRARY NAMES vorbis HINTS ${LIBDIR}/ffmpeg/lib)
find_library(_sndfile_VORBISENC_LIBRARY NAMES vorbisenc HINTS ${LIBDIR}/ffmpeg/lib)
list(APPEND LIBSNDFILE_LIBRARIES
@@ -21,16 +20,16 @@ index 31da529..90308aa 100644
)
print_found_status("SndFile libraries" "${LIBSNDFILE_LIBRARIES}")
-@@ -133,7 +128,7 @@ if(WITH_PYTHON)
+@@ -134,7 +129,7 @@ if(WITH_PYTHON)
# normally cached but not since we include them with blender
- set(PYTHON_INCLUDE_DIR "${LIBDIR}/python/include/python${PYTHON_VERSION}m")
- set(PYTHON_EXECUTABLE "${LIBDIR}/python/bin/python${PYTHON_VERSION}m")
-- set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}m.a)
-+ set(PYTHON_LIBRARY "${LIBDIR}/python/lib/libpython${PYTHON_VERSION}m.dylib")
+ set(PYTHON_INCLUDE_DIR "${LIBDIR}/python/include/python${PYTHON_VERSION}")
+ set(PYTHON_EXECUTABLE "${LIBDIR}/python/bin/python${PYTHON_VERSION}")
+- set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}.a)
++ set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}.dylib)
set(PYTHON_LIBPATH "${LIBDIR}/python/lib/python${PYTHON_VERSION}")
# set(PYTHON_LINKFLAGS "-u _PyMac_Error") # won't build with this enabled
else()
-@@ -174,9 +169,7 @@ endif()
+@@ -175,9 +170,7 @@ endif()
if(WITH_CODEC_FFMPEG)
set(FFMPEG_FIND_COMPONENTS
avcodec avdevice avformat avutil
@@ -41,7 +40,7 @@ index 31da529..90308aa 100644
find_package(FFmpeg)
endif()
-@@ -267,7 +260,6 @@ if(WITH_BOOST)
+@@ -275,7 +268,6 @@ if(WITH_BOOST)
endif()
if(WITH_INTERNATIONAL OR WITH_CODEC_FFMPEG)
@@ -49,7 +48,7 @@ index 31da529..90308aa 100644
endif()
if(WITH_PUGIXML)
-@@ -451,7 +443,7 @@ else()
+@@ -476,7 +468,7 @@ else()
set(CMAKE_CXX_FLAGS_RELEASE "-O2 -mdynamic-no-pic")
endif()
diff --git a/pkgs/applications/misc/blender/default.nix b/pkgs/applications/misc/blender/default.nix
index 8d345cdefe0..cf5ede1c7fe 100644
--- a/pkgs/applications/misc/blender/default.nix
+++ b/pkgs/applications/misc/blender/default.nix
@@ -1,7 +1,7 @@
{ config, stdenv, lib, fetchurl, fetchzip, boost, cmake, ffmpeg, gettext, glew
, ilmbase, libXi, libX11, libXext, libXrender
, libjpeg, libpng, libsamplerate, libsndfile
-, libtiff, libGLU, libGL, openal, opencolorio, openexr, openimagedenoise, openimageio2, openjpeg, python3Packages
+, libtiff, libGLU, libGL, openal, opencolorio, openexr, openimagedenoise, openimageio2, openjpeg, python39Packages
, openvdb, libXxf86vm, tbb, alembic
, zlib, fftw, opensubdiv, freetype, jemalloc, ocl-icd, addOpenGLRunpath
, jackaudioSupport ? false, libjack2
@@ -17,7 +17,7 @@
with lib;
let
- python = python3Packages.python;
+ python = python39Packages.python;
optix = fetchzip {
url = "https://developer.download.nvidia.com/redist/optix/v7.0/OptiX-7.0.0-include.zip";
sha256 = "1b3ccd3197anya2bj3psxdrvrpfgiwva5zfv2xmyrl73nb2dvfr7";
@@ -26,16 +26,16 @@ let
in
stdenv.mkDerivation rec {
pname = "blender";
- version = "2.92.0";
+ version = "2.93.0";
src = fetchurl {
url = "https://download.blender.org/source/${pname}-${version}.tar.xz";
- sha256 = "15a5vffn18a920286x0avbc2rap56k6y531wgibq68r90g2cz4g7";
+ sha256 = "0f2rpqa39sir6g90khd2d2fs4kss0zhk7vya1nscf5yp8r566fxs";
};
patches = lib.optional stdenv.isDarwin ./darwin.patch;
- nativeBuildInputs = [ cmake makeWrapper python3Packages.wrapPython llvmPackages.llvm.dev ]
+ nativeBuildInputs = [ cmake makeWrapper python39Packages.wrapPython llvmPackages.llvm.dev ]
++ optionals cudaSupport [ addOpenGLRunpath ];
buildInputs =
[ boost ffmpeg gettext glew ilmbase
@@ -64,7 +64,7 @@ stdenv.mkDerivation rec {
++ optional cudaSupport cudatoolkit
++ optional colladaSupport opencollada
++ optional spaceNavSupport libspnav;
- pythonPath = with python3Packages; [ numpy requests ];
+ pythonPath = with python39Packages; [ numpy requests ];
postPatch = ''
# allow usage of dynamically linked embree
@@ -78,16 +78,12 @@ stdenv.mkDerivation rec {
--replace '${"$"}{LIBDIR}/openmp' \
'${llvmPackages.openmp}'
substituteInPlace build_files/cmake/platform/platform_apple.cmake \
- --replace 'set(PYTHON_VERSION 3.7)' \
- 'set(PYTHON_VERSION ${python.pythonVersion})' \
- --replace '${"$"}{PYTHON_VERSION}m' \
- '${"$"}{PYTHON_VERSION}' \
--replace '${"$"}{LIBDIR}/python' \
'${python}' \
--replace '${"$"}{LIBDIR}/opencollada' \
'${opencollada}' \
--replace '${"$"}{PYTHON_LIBPATH}/site-packages/numpy' \
- '${python3Packages.numpy}/${python.sitePackages}/numpy'
+ '${python39Packages.numpy}/${python.sitePackages}/numpy'
'' else ''
substituteInPlace extern/clew/src/clew.c --replace '"libOpenCL.so"' '"${ocl-icd}/lib/libOpenCL.so"'
'');
@@ -109,8 +105,8 @@ stdenv.mkDerivation rec {
"-DPYTHON_VERSION=${python.pythonVersion}"
"-DWITH_PYTHON_INSTALL=OFF"
"-DWITH_PYTHON_INSTALL_NUMPY=OFF"
- "-DPYTHON_NUMPY_PATH=${python3Packages.numpy}/${python.sitePackages}"
- "-DPYTHON_NUMPY_INCLUDE_DIRS=${python3Packages.numpy}/${python.sitePackages}/numpy/core/include"
+ "-DPYTHON_NUMPY_PATH=${python39Packages.numpy}/${python.sitePackages}"
+ "-DPYTHON_NUMPY_INCLUDE_DIRS=${python39Packages.numpy}/${python.sitePackages}/numpy/core/include"
"-DWITH_PYTHON_INSTALL_REQUESTS=OFF"
"-DWITH_OPENVDB=ON"
"-DWITH_TBB=ON"
diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
index 2cf3556e7ea..7e95da747d1 100644
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -165,14 +165,10 @@ let
./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
# Fix the build by adding a missing dependency (s. https://crbug.com/1197837):
./patches/fix-missing-atspi2-dependency.patch
- ] ++ optionals (chromiumVersionAtLeast "91") [
./patches/closure_compiler-Use-the-Java-binary-from-the-system.patch
];
- postPatch = lib.optionalString (chromiumVersionAtLeast "91") ''
- # Required for patchShebangs (unsupported):
- chmod -x third_party/webgpu-cts/src/tools/deno
- '' + ''
+ postPatch = ''
# remove unused third-party
for lib in ${toString gnSystemLibraries}; do
if [ -d "third_party/$lib" ]; then
@@ -191,6 +187,7 @@ let
substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
--replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
fi
+ chmod -x third_party/webgpu-cts/src/tools/deno
# We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json
index af288536fb7..ab0afd9b54e 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.json
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json
@@ -44,19 +44,19 @@
}
},
"ungoogled-chromium": {
- "version": "90.0.4430.212",
- "sha256": "17nmhrkl81qqvzbh861k2mmifncx4wg1mv1fmn52f8gzn461vqdb",
- "sha256bin64": "1y33c5829s22yfj0qmsj8fpcxnjhcm3fsxz7744csfsa9cy4fjr7",
+ "version": "91.0.4472.77",
+ "sha256": "0c8vj3gq3nmb7ssiwj6875g0a8hcprss1a4gqw9h7llqywza9ma5",
+ "sha256bin64": "0caf47xam5igdnbhipal1iyicnxxvadhi61k199rwysrvyv5sdad",
"deps": {
"gn": {
- "version": "2021-02-09",
+ "version": "2021-04-06",
"url": "https://gn.googlesource.com/gn",
- "rev": "dfcbc6fed0a8352696f92d67ccad54048ad182b3",
- "sha256": "1941bzg37c4dpsk3sh6ga3696gpq6vjzpcw9rsnf6kdr9mcgdxvn"
+ "rev": "dba01723a441c358d843a575cb7720d54ddcdf92",
+ "sha256": "199xkks67qrn0xa5fhp24waq2vk8qb78a96cb3kdd8v1hgacgb8x"
},
"ungoogled-patches": {
- "rev": "90.0.4430.212-1",
- "sha256": "05jh05a4g50ws7pr18dl5pwi95knygh6xywp7kyydir7wy1pbin8"
+ "rev": "91.0.4472.77-1",
+ "sha256": "1jfmmkw1y4rcjfgsm7b4v2lrgd3sks5qpajvq0djflbhkpsqxfk0"
}
}
}
diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index e35fd6ca701..62e641280b6 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -16,6 +16,10 @@
### optionals
+## backported libraries
+
+, rust-cbindgen_latest
+
## optional libraries
, alsaSupport ? stdenv.isLinux, alsaLib
@@ -90,6 +94,8 @@ let
then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
else "/bin";
+ rust-cbindgen_pkg = if lib.versionAtLeast ffversion "89" then rust-cbindgen_latest else rust-cbindgen;
+
# 78 ESR won't build with rustc 1.47
inherit (if lib.versionAtLeast ffversion "82" then rustPackages else rustPackages_1_45)
rustc cargo;
@@ -226,7 +232,7 @@ buildStdenv.mkDerivation ({
perl
pkg-config
python3
- rust-cbindgen
+ rust-cbindgen_pkg
rustc
which
unzip
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 05f2524f949..1362844c37b 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -7,10 +7,10 @@ in
rec {
firefox = common rec {
pname = "firefox";
- ffversion = "88.0.1";
+ ffversion = "89.0";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
- sha512 = "e2d7fc950ba49f225c83ee1d799d6318fcf16c33a3b7f40b85c49d5b7865f7e632c703e5fd227a303b56e2565d0796283ebb12d7fd1a02781dcaa45e84cea934";
+ sha512 = "5089720feda15d054d0aa4c3bdeb84760314dadd6381d7360e688d8e396154868220c6315add650d8d2a42652cb8a9bfeb833885812ef0bd70a74ee58ad18aa3";
};
meta = {
@@ -32,10 +32,10 @@ rec {
firefox-esr-78 = common rec {
pname = "firefox-esr";
- ffversion = "78.10.1esr";
+ ffversion = "78.11.0esr";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
- sha512 = "a22773d9b3f0dca253805257f358a906769d23f15115e3a8851024f701e27dee45f056f7d34ebf1fcde0a3f91ec299639c2a12556e938a232cdea9e59835fde1";
+ sha512 = "d02fc2eda587155b1c54ca12a6c5cde220a29f41f154f1c9b71ae8f966d8cc9439201a5b241e03fc0795b74e2479f7aa5d6b69f70b7639432e5382f321f7a6f4";
};
meta = {
diff --git a/pkgs/applications/networking/browsers/qutebrowser/default.nix b/pkgs/applications/networking/browsers/qutebrowser/default.nix
index 15e759c8b62..1f03184eeed 100644
--- a/pkgs/applications/networking/browsers/qutebrowser/default.nix
+++ b/pkgs/applications/networking/browsers/qutebrowser/default.nix
@@ -31,12 +31,12 @@ let
in mkDerivationWith python3Packages.buildPythonApplication rec {
pname = "qutebrowser";
- version = "2.2.2";
+ version = "2.2.3";
# the release tarballs are different from the git checkout!
src = fetchurl {
url = "https://github.com/qutebrowser/qutebrowser/releases/download/v${version}/${pname}-${version}.tar.gz";
- sha256 = "11vjp20gzmdjj09b7wxzn7ar6viih0bk76y618yqsyqqkffylmbq";
+ sha256 = "sha256-BoP168jxj94nvkrcgC83fPw/TPRsI2PbCooqzWNF62I=";
};
# Needs tox
diff --git a/pkgs/applications/networking/cluster/dnsname-cni/default.nix b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
new file mode 100644
index 00000000000..27b37fdee0c
--- /dev/null
+++ b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
@@ -0,0 +1,42 @@
+{
+ buildGoModule,
+ dnsmasq,
+ fetchFromGitHub,
+ lib,
+ nixosTests,
+ makeWrapper,
+}:
+
+buildGoModule rec {
+ pname = "cni-plugin-dnsname";
+ version = "1.1.1";
+
+ src = fetchFromGitHub {
+ owner = "containers";
+ repo = "dnsname";
+ rev = "v${version}";
+ sha256 = "090kpq2ppan9ayajdk5vwbvww30nphylgajn2p3441d4jg2nvsm3";
+ };
+
+ nativeBuildInputs = [ makeWrapper ];
+ postInstall = ''
+ wrapProgram $out/bin/dnsname --prefix PATH : ${lib.makeBinPath [ dnsmasq ]}
+ '';
+
+ vendorSha256 = null;
+ subPackages = [ "plugins/meta/dnsname" ];
+
+ doCheck = false; # NOTE: requires root privileges
+
+ passthru.tests = {
+ inherit (nixosTests) podman-dnsname;
+ };
+
+ meta = with lib; {
+ description = "DNS name resolution for containers";
+ homepage = "https://github.com/containers/dnsname";
+ license = licenses.asl20;
+ platforms = platforms.linux;
+ maintainers = with maintainers; [ mikroskeem ];
+ };
+}
diff --git a/pkgs/applications/networking/cluster/tilt/default.nix b/pkgs/applications/networking/cluster/tilt/default.nix
index ccbe9d9a7ac..d717bd42652 100644
--- a/pkgs/applications/networking/cluster/tilt/default.nix
+++ b/pkgs/applications/networking/cluster/tilt/default.nix
@@ -5,13 +5,13 @@ buildGoModule rec {
/* Do not use "dev" as a version. If you do, Tilt will consider itself
running in development environment and try to serve assets from the
source tree, which is not there once build completes. */
- version = "0.18.10";
+ version = "0.20.5";
src = fetchFromGitHub {
owner = "tilt-dev";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-SvvvHGR3UPyV61MaoFB68SaZKUT3ItYOPT1a7AddxlY=";
+ sha256 = "sha256-pUKKHrShED7yp5WSmHSbS+eiYs22Nm2/ouc2a8WYc38=";
};
vendorSha256 = null;
diff --git a/pkgs/applications/networking/instant-messengers/discord/base.nix b/pkgs/applications/networking/instant-messengers/discord/base.nix
index 841c979e97f..a61ab254348 100644
--- a/pkgs/applications/networking/instant-messengers/discord/base.nix
+++ b/pkgs/applications/networking/instant-messengers/discord/base.nix
@@ -23,7 +23,7 @@ in stdenv.mkDerivation rec {
libXScrnSaver
libXtst
libxcb
- mesa.drivers
+ mesa
nss
wrapGAppsHook
];
@@ -31,7 +31,7 @@ in stdenv.mkDerivation rec {
dontWrapGApps = true;
libPath = lib.makeLibraryPath [
- libcxx systemd libpulseaudio
+ libcxx systemd libpulseaudio libdrm mesa
stdenv.cc.cc alsaLib atk at-spi2-atk at-spi2-core cairo cups dbus expat fontconfig freetype
gdk-pixbuf glib gtk3 libnotify libX11 libXcomposite libuuid
libXcursor libXdamage libXext libXfixes libXi libXrandr libXrender
@@ -50,7 +50,7 @@ in stdenv.mkDerivation rec {
wrapProgram $out/opt/${binaryName}/${binaryName} \
"''${gappsWrapperArgs[@]}" \
--prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \
- --prefix LD_LIBRARY_PATH : ${libPath}
+ --prefix LD_LIBRARY_PATH : ${libPath}:$out/opt/${binaryName}
ln -s $out/opt/${binaryName}/${binaryName} $out/bin/
ln -s $out/opt/${binaryName}/discord.png $out/share/pixmaps/${pname}.png
diff --git a/pkgs/applications/networking/instant-messengers/discord/default.nix b/pkgs/applications/networking/instant-messengers/discord/default.nix
index 4a0bc23be2f..0d75b374792 100644
--- a/pkgs/applications/networking/instant-messengers/discord/default.nix
+++ b/pkgs/applications/networking/instant-messengers/discord/default.nix
@@ -7,30 +7,30 @@ in {
pname = "discord";
binaryName = "Discord";
desktopName = "Discord";
- version = "0.0.14";
+ version = "0.0.15";
src = fetchurl {
url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
- sha256 = "1rq490fdl5pinhxk8lkfcfmfq7apj79jzf3m14yql1rc9gpilrf2";
+ sha256 = "0pn2qczim79hqk2limgh88fsn93sa8wvana74mpdk5n6x5afkvdd";
};
};
ptb = callPackage ./base.nix rec {
pname = "discord-ptb";
binaryName = "DiscordPTB";
desktopName = "Discord PTB";
- version = "0.0.23";
+ version = "0.0.25";
src = fetchurl {
url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz";
- sha256 = "0vxz68vldrbmmw1alpwl7blfcy6byd6zg9m0851dm0p0ldyhsp5j";
+ sha256 = "082ygmsycicddpkv5s03vw3rjkrk4lgprq29z8b1hdjifvw93b21";
};
};
canary = callPackage ./base.nix rec {
pname = "discord-canary";
binaryName = "DiscordCanary";
desktopName = "Discord Canary";
- version = "0.0.122";
+ version = "0.0.123";
src = fetchurl {
url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz";
- sha256 = "0ph7gp77wzjpr7nhv13fg64j97dxjwmivshr56ly3kjhmvvanj7k";
+ sha256 = "0bijwfsd9s4awqkgxd9c2cxh7y5r06vix98qjp0dkv63r6jig8ch";
};
};
}.${branch}
diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
index 372c00196a2..27af9698788 100644
--- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
@@ -2,11 +2,11 @@
, pkg-config, cmake, ninja, python3, wrapGAppsHook, wrapQtAppsHook, removeReferencesTo
, qtbase, qtimageformats, gtk3, libsForQt5, enchant2, lz4, xxHash
, dee, ffmpeg, openalSoft, minizip, libopus, alsaLib, libpulseaudio, range-v3
-, tl-expected, hunspell, glibmm, webkitgtk
+, tl-expected, hunspell, glibmm, webkitgtk, libtgvoip
# Transitive dependencies:
, pcre, xorg, util-linux, libselinux, libsepol, epoxy
, at-spi2-core, libXtst, libthai, libdatrie
-, xdg-utils
+, xdg-utils, libsysprof-capture, libpsl, brotli
}:
with lib;
@@ -20,27 +20,33 @@ with lib;
let
tg_owt = callPackage ./tg_owt.nix {};
- webviewPatch = fetchpatch {
- url = "https://raw.githubusercontent.com/archlinux/svntogit-community/013eff77a13b6c2629a04e07a4d09dbe60c8ca48/trunk/fix-webview-includes.patch";
- sha256 = "0112zaysf3f02dd4bgqc5hwg66h1bfj8r4yjzb06sfi0pl9vl96l";
- };
-
in mkDerivation rec {
pname = "telegram-desktop";
- version = "2.7.4";
+ version = "2.7.5";
# Telegram-Desktop with submodules
src = fetchurl {
url = "https://github.com/telegramdesktop/tdesktop/releases/download/v${version}/tdesktop-${version}-full.tar.gz";
- sha256 = "1cigqvxa8lp79y7sp2w2izmmikxaxzrq9bh5ns3cy16z985nyllp";
+ sha256 = "sha256-9GxBw5ii9Musjq7D3KMf/P5BA4h690EgXRbhynHwO98=";
};
+ patches = [
+ # fixes issue with ffmpeg>=4.4 crashes, hasn't been upstreamed yet
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/gentoo/gentoo/1c91884873968997be4b0c954169d04dc839f1db/net-im/telegram-desktop/files/tdesktop-2.7.4-voice-crash.patch";
+ sha256 = "sha256-inLXcP70yJlkkmdeXlc3HRL7Vt+Sf00LLJG33gwBKdY=";
+ })
+ (fetchpatch {
+ url = "https://raw.githubusercontent.com/gentoo/gentoo/1c91884873968997be4b0c954169d04dc839f1db/net-im/telegram-desktop/files/tdesktop-2.7.4-voice-ffmpeg44.patch";
+ sha256 = "sha256-p57LipNf7BDhVvNKRuicVqx0vU6IBL/Cvr5BAfLF4Hs=";
+ })
+ ];
+
postPatch = ''
substituteInPlace Telegram/lib_spellcheck/spellcheck/platform/linux/linux_enchant.cpp \
--replace '"libenchant-2.so.2"' '"${enchant2}/lib/libenchant-2.so.2"'
substituteInPlace Telegram/CMakeLists.txt \
--replace '"''${TDESKTOP_LAUNCHER_BASENAME}.appdata.xml"' '"''${TDESKTOP_LAUNCHER_BASENAME}.metainfo.xml"'
- patch -d Telegram/lib_webview -p1 < "${webviewPatch}"
'';
# We want to run wrapProgram manually (with additional parameters)
@@ -53,10 +59,10 @@ in mkDerivation rec {
qtbase qtimageformats gtk3 libsForQt5.kwayland libsForQt5.libdbusmenu enchant2 lz4 xxHash
dee ffmpeg openalSoft minizip libopus alsaLib libpulseaudio range-v3
tl-expected hunspell glibmm webkitgtk
- tg_owt
+ tg_owt libtgvoip
# Transitive dependencies:
pcre xorg.libpthreadstubs xorg.libXdmcp util-linux libselinux libsepol epoxy
- at-spi2-core libXtst libthai libdatrie
+ at-spi2-core libXtst libthai libdatrie libsysprof-capture libpsl brotli
];
cmakeFlags = [
diff --git a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/0001-hardcode-json-file-path.patch b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/0001-hardcode-json-file-path.patch
deleted file mode 100644
index 45e620db258..00000000000
--- a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/0001-hardcode-json-file-path.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 5dd2593369645b11a9dc03e1930617d2f5dbd039 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
-Date: Wed, 11 Nov 2020 11:48:49 +0100
-Subject: [PATCH] hardcode json file path
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
----
- wee_slack.py | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/wee_slack.py b/wee_slack.py
-index a3d779c..5942289 100644
---- a/wee_slack.py
-+++ b/wee_slack.py
-@@ -5136,13 +5136,7 @@ def create_slack_debug_buffer():
-
- def load_emoji():
- try:
-- weechat_dir = w.info_get('weechat_dir', '')
-- weechat_sharedir = w.info_get('weechat_sharedir', '')
-- local_weemoji, global_weemoji = ('{}/weemoji.json'.format(path)
-- for path in (weechat_dir, weechat_sharedir))
-- path = (global_weemoji if os.path.exists(global_weemoji) and
-- not os.path.exists(local_weemoji) else local_weemoji)
-- with open(path, 'r') as ef:
-+ with open('@out@/share/wee-slack/weemoji.json', 'r') as ef:
- emojis = json.loads(ef.read())
- if 'emoji' in emojis:
- print_error('The weemoji.json file is in an old format. Please update it.')
---
-2.29.0
-
diff --git a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix
index 679e278c8a0..698ee80edf6 100644
--- a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix
+++ b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "wee-slack";
- version = "2.7.0";
+ version = "2.8.0";
src = fetchFromGitHub {
repo = "wee-slack";
owner = "wee-slack";
rev = "v${version}";
- sha256 = "sha256-6Z/H15bKe0PKpNe9PCgc5mLOii3CILCAVon7EgzIkx8=";
+ sha256 = "0xfklr0gsc9jgxfyrrb2j756lclz9g8imcb0pk0xgyj8mhsw23zk";
};
patches = [
@@ -16,10 +16,13 @@ stdenv.mkDerivation rec {
src = ./libpath.patch;
env = "${buildEnv {
name = "wee-slack-env";
- paths = with python3Packages; [ websocket_client six ];
+ paths = with python3Packages; [
+ websocket_client
+ six
+ ];
}}/${python3Packages.python.sitePackages}";
})
- ./0001-hardcode-json-file-path.patch
+ ./load_weemoji_path.patch
];
postPatch = ''
diff --git a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch
index af2dd36b41c..a6e38c16fb1 100644
--- a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch
+++ b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch
@@ -1,13 +1,13 @@
diff --git a/wee_slack.py b/wee_slack.py
-index dbe6446..d1b7546 100644
+index e4716b4..f673b7c 100644
--- a/wee_slack.py
+++ b/wee_slack.py
-@@ -25,6 +25,8 @@ import random
- import socket
- import string
+@@ -31,6 +31,8 @@ import string
+ # See https://github.com/numpy/numpy/issues/11925
+ sys.modules["numpy"] = None
+sys.path.append('@env@')
+
- from websocket import ABNF, create_connection, WebSocketConnectionClosedException
-
- try:
+ from websocket import ( # noqa: E402
+ ABNF,
+ create_connection,
diff --git a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/load_weemoji_path.patch b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/load_weemoji_path.patch
new file mode 100644
index 00000000000..1e97dc32fa6
--- /dev/null
+++ b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/load_weemoji_path.patch
@@ -0,0 +1,25 @@
+diff --git a/wee_slack.py b/wee_slack.py
+index e4716b4..ffd122d 100644
+--- a/wee_slack.py
++++ b/wee_slack.py
+@@ -6092,19 +6092,7 @@ def create_slack_debug_buffer():
+
+ def load_emoji():
+ try:
+- weechat_dir = w.info_get("weechat_data_dir", "") or w.info_get(
+- "weechat_dir", ""
+- )
+- weechat_sharedir = w.info_get("weechat_sharedir", "")
+- local_weemoji, global_weemoji = (
+- "{}/weemoji.json".format(path) for path in (weechat_dir, weechat_sharedir)
+- )
+- path = (
+- global_weemoji
+- if os.path.exists(global_weemoji) and not os.path.exists(local_weemoji)
+- else local_weemoji
+- )
+- with open(path, "r") as ef:
++ with open("@out@/share/wee-slack/weemoji.json", "r") as ef:
+ emojis = json.loads(ef.read())
+ if "emoji" in emojis:
+ print_error(
diff --git a/pkgs/applications/networking/mailreaders/mblaze/default.nix b/pkgs/applications/networking/mailreaders/mblaze/default.nix
index 278561e0e5f..f24ed3a51df 100644
--- a/pkgs/applications/networking/mailreaders/mblaze/default.nix
+++ b/pkgs/applications/networking/mailreaders/mblaze/default.nix
@@ -1,10 +1,12 @@
-{ stdenv, lib, fetchFromGitHub, installShellFiles, libiconv, ruby ? null }:
+{ coreutils, fetchFromGitHub, fetchpatch, file, gawk, gnugrep, gnused
+, installShellFiles, less, lib, libiconv, makeWrapper, nano, stdenv, ruby
+}:
stdenv.mkDerivation rec {
pname = "mblaze";
version = "1.1";
- nativeBuildInputs = [ installShellFiles ];
+ nativeBuildInputs = [ installShellFiles makeWrapper ];
buildInputs = [ ruby ] ++ lib.optionals stdenv.isDarwin [ libiconv ];
src = fetchFromGitHub {
@@ -22,6 +24,24 @@ stdenv.mkDerivation rec {
installShellCompletion contrib/_mblaze
'' + lib.optionalString (ruby != null) ''
install -Dt $out/bin contrib/msuck contrib/mblow
+
+ # The following wrappings are used to preserve the executable
+ # names (the value of $0 in a script). The script mcom is
+ # designed to be run directly or via symlinks such as mrep. Using
+ # symlinks changes the value of $0 in the script, and makes it
+ # behave differently. When using the wrapProgram tool, the resulting
+ # wrapper breaks this behaviour. The following wrappers preserve it.
+
+ mkdir -p $out/wrapped
+ for x in mcom mbnc mfwd mrep; do
+ mv $out/bin/$x $out/wrapped
+ makeWrapper $out/wrapped/$x $out/bin/$x \
+ --argv0 $out/bin/$x \
+ --prefix PATH : $out/bin \
+ --prefix PATH : ${lib.makeBinPath [
+ coreutils file gawk gnugrep gnused
+ ]}
+ done
'';
meta = with lib; {
diff --git a/pkgs/applications/networking/mailreaders/neomutt/default.nix b/pkgs/applications/networking/mailreaders/neomutt/default.nix
index b2187371f29..50b3b66f15d 100644
--- a/pkgs/applications/networking/mailreaders/neomutt/default.nix
+++ b/pkgs/applications/networking/mailreaders/neomutt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, gettext, makeWrapper, tcl, which
+{ lib, stdenv, fetchFromGitHub, gettext, makeWrapper, tcl, which, fetchpatch
, ncurses, perl , cyrus_sasl, gss, gpgme, libkrb5, libidn, libxml2, notmuch, openssl
, lmdb, libxslt, docbook_xsl, docbook_xml_dtd_42, w3m, mailcap, sqlite, zlib
}:
@@ -14,6 +14,14 @@ stdenv.mkDerivation rec {
sha256 = "sha256-ADg/+gmndOiuQHsncOzS5K4chthXeUFz6RRJsrZNeZY=";
};
+ patches = [
+ (fetchpatch {
+ name = "CVE-2021-32055.patch";
+ url = "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc.patch";
+ sha256 = "0bb7gisjynq3w7hhl6vxa469h609bcz6fkdi8vf740pqrwhk68yn";
+ })
+ ];
+
buildInputs = [
cyrus_sasl gss gpgme libkrb5 libidn ncurses
notmuch openssl perl lmdb
diff --git a/pkgs/applications/science/math/sage/sagedoc.nix b/pkgs/applications/science/math/sage/sagedoc.nix
index f4a8bf19b69..d53947d806d 100644
--- a/pkgs/applications/science/math/sage/sagedoc.nix
+++ b/pkgs/applications/science/math/sage/sagedoc.nix
@@ -76,7 +76,7 @@ stdenv.mkDerivation rec {
mv html/en/_static{,.tmp}
for _dir in `find -name _static` ; do
rm -r $_dir
- ln -s html/en/_static $_dir
+ ln -rs html/en/_static $_dir
done
mv html/en/_static{.tmp,}
'';
diff --git a/pkgs/applications/science/physics/xfitter/default.nix b/pkgs/applications/science/physics/xfitter/default.nix
index 4390826ccee..230f2f0e0ef 100644
--- a/pkgs/applications/science/physics/xfitter/default.nix
+++ b/pkgs/applications/science/physics/xfitter/default.nix
@@ -16,9 +16,6 @@ stdenv.mkDerivation rec {
./undefined_behavior.patch
];
- # patch needs to updated due to version bump
- #CXXFLAGS = "-Werror=return-type";
-
preConfigure =
# Fix F77LD to workaround for a following build error:
#
@@ -48,8 +45,6 @@ stdenv.mkDerivation rec {
enableParallelBuilding = true;
- hardeningDisable = [ "format" ];
-
NIX_CFLAGS_COMPILE = lib.optional (stdenv.hostPlatform.libc == "glibc") "-I${libtirpc.dev}/include/tirpc";
NIX_LDFLAGS = lib.optional (stdenv.hostPlatform.libc == "glibc") "-ltirpc";
diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json
index 05d18631e5c..40af0656fe6 100644
--- a/pkgs/applications/version-management/gitlab/data.json
+++ b/pkgs/applications/version-management/gitlab/data.json
@@ -1,13 +1,13 @@
{
- "version": "13.12.0",
- "repo_hash": "060bmfvpqh6zdrwdh4lx4xr1nbg0f7hcp8zh6k9qplv48szhj8m9",
+ "version": "13.12.2",
+ "repo_hash": "1wzbjw21pan5cfiz1jd03c3w9sgyvmn35f6dm2sr2k54acsw034p",
"owner": "gitlab-org",
"repo": "gitlab",
- "rev": "v13.12.0-ee",
+ "rev": "v13.12.2-ee",
"passthru": {
- "GITALY_SERVER_VERSION": "13.12.0",
+ "GITALY_SERVER_VERSION": "13.12.2",
"GITLAB_PAGES_VERSION": "1.39.0",
"GITLAB_SHELL_VERSION": "13.18.0",
- "GITLAB_WORKHORSE_VERSION": "13.12.0"
+ "GITLAB_WORKHORSE_VERSION": "13.12.2"
}
}
diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix
index 20695409f47..994683c2e2b 100644
--- a/pkgs/applications/version-management/gitlab/gitaly/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix
@@ -21,14 +21,14 @@ let
};
};
in buildGoModule rec {
- version = "13.12.0";
+ version = "13.12.2";
pname = "gitaly";
src = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitaly";
rev = "v${version}";
- sha256 = "sha256-MGK0WjAeqApf2xUsbF1mtyzYMhJHC5LFtj8LSb0NQKI=";
+ sha256 = "sha256-jZg/OlecYlGjDxlxsayAuqzptil1OPtyPjOe1WYT0HY=";
};
vendorSha256 = "sha256-drS0L0olEFHYJVC0VYwEZeNYa8fjwrfxlhrEQa4pqzY=";
diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
index 747cb79e59b..c6302be8d18 100644
--- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
@@ -5,7 +5,7 @@ in
buildGoModule rec {
pname = "gitlab-workhorse";
- version = "13.12.0";
+ version = "13.12.2";
src = fetchFromGitLab {
owner = data.owner;
diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
index 3e97365f588..6f40a15a64b 100644
--- a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
+++ b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
@@ -139,7 +139,7 @@ GEM
coderay (>= 1.0.0)
erubi (>= 1.0.0)
rack (>= 0.9.0)
- bindata (2.4.8)
+ bindata (2.4.10)
binding_ninja (0.2.3)
bootsnap (1.4.6)
msgpack (~> 1.0)
diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix b/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
index f2e5c9adea4..9500febc856 100644
--- a/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
+++ b/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
@@ -557,10 +557,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
- sha256 = "1bmlqjb5h1ry6wm2d903d6yxibpqzzxwqczvlicsqv0vilaca5ic";
+ sha256 = "06lqi4svq5qls9f7nnvd2zmjdqmi2sf82sq78ci5d78fq0z5x2vr";
type = "gem";
};
- version = "2.4.8";
+ version = "2.4.10";
};
binding_ninja = {
groups = ["default" "development" "test"];
diff --git a/pkgs/applications/virtualization/arion/arion-compose.nix b/pkgs/applications/virtualization/arion/arion-compose.nix
new file mode 100644
index 00000000000..d36425f9250
--- /dev/null
+++ b/pkgs/applications/virtualization/arion/arion-compose.nix
@@ -0,0 +1,27 @@
+{ mkDerivation, aeson, aeson-pretty, async, base, bytestring
+, directory, hspec, lens, lens-aeson, lib, optparse-applicative
+, process, protolude, QuickCheck, temporary, text, unix
+}:
+mkDerivation {
+ pname = "arion-compose";
+ version = "0.1.3.0";
+ sha256 = "9e18448f8489303f0d9fee020ad1ceb896f4e71eedb537c0c0ef0f1f3ade80df";
+ isLibrary = true;
+ isExecutable = true;
+ enableSeparateDataOutput = true;
+ libraryHaskellDepends = [
+ aeson aeson-pretty async base bytestring directory lens lens-aeson
+ process protolude temporary text unix
+ ];
+ executableHaskellDepends = [
+ aeson aeson-pretty async base bytestring directory lens lens-aeson
+ optparse-applicative process protolude temporary text unix
+ ];
+ testHaskellDepends = [
+ aeson aeson-pretty async base bytestring directory hspec lens
+ lens-aeson process protolude QuickCheck temporary text unix
+ ];
+ homepage = "https://github.com/hercules-ci/arion#readme";
+ description = "Run docker-compose with help from Nix/NixOS";
+ license = lib.licenses.asl20;
+}
diff --git a/pkgs/applications/virtualization/containerd/default.nix b/pkgs/applications/virtualization/containerd/default.nix
index fa504511513..5435c88f58d 100644
--- a/pkgs/applications/virtualization/containerd/default.nix
+++ b/pkgs/applications/virtualization/containerd/default.nix
@@ -16,7 +16,7 @@ buildGoPackage rec {
owner = "containerd";
repo = "containerd";
rev = "v${version}";
- sha256 = "sha256-1u+H/gJaQhltf/pq7uaAPEUlQ5R6ZByall2neNkon8s=";
+ sha256 = "sha256-jVyg+fyMuDnV/TM0Z2t+Cr17a6XBv11aWijhsqMnA5s=";
};
goPackagePath = "github.com/containerd/containerd";
diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix
index 954404e5268..6b72653c347 100644
--- a/pkgs/applications/virtualization/docker/default.nix
+++ b/pkgs/applications/virtualization/docker/default.nix
@@ -17,6 +17,7 @@ rec {
, btrfs-progs, iptables, e2fsprogs, xz, util-linux, xfsprogs, git
, procps, libseccomp
, nixosTests
+ , clientOnly ? !stdenv.isLinux
}:
let
docker-runc = runc.overrideAttrs (oldAttrs: {
@@ -116,7 +117,7 @@ rec {
++ optional (libseccomp != null) "seccomp";
});
in
- buildGoPackage ((optionalAttrs (stdenv.isLinux) {
+ buildGoPackage ((optionalAttrs (!clientOnly) {
inherit docker-runc docker-containerd docker-proxy docker-tini moby;
@@ -137,7 +138,7 @@ rec {
nativeBuildInputs = [
makeWrapper pkg-config go-md2man go libtool installShellFiles
];
- buildInputs = optionals (stdenv.isLinux) [
+ buildInputs = optionals (!clientOnly) [
sqlite lvm2 btrfs-progs systemd libseccomp
] ++ optionals (buildxSupport) [ docker-buildx ];
@@ -177,7 +178,7 @@ rec {
makeWrapper $out/libexec/docker/docker $out/bin/docker \
--prefix PATH : "$out/libexec/docker:$extraPath"
- '' + optionalString (stdenv.isLinux) ''
+ '' + optionalString (!clientOnly) ''
# symlink docker daemon to docker cli derivation
ln -s ${moby}/bin/dockerd $out/bin/dockerd
@@ -204,7 +205,7 @@ rec {
installManPage man/*/*.[1-9]
'';
- passthru.tests = { inherit (nixosTests) docker; };
+ passthru.tests = lib.optionals (!clientOnly) { inherit (nixosTests) docker; };
meta = {
homepage = "https://www.docker.com/";
diff --git a/pkgs/applications/virtualization/driver/win-spice/default.nix b/pkgs/applications/virtualization/driver/win-spice/default.nix
index ba823fa2a41..67ba9b74fbb 100644
--- a/pkgs/applications/virtualization/driver/win-spice/default.nix
+++ b/pkgs/applications/virtualization/driver/win-spice/default.nix
@@ -36,15 +36,15 @@ stdenv.mkDerivation {
buildPhase = ''
mkdir -p usbdk/x86 usbdk/amd64
- (cd usbdk/x86; ${p7zip}/bin/7z x ${src_usbdk_x86})
- (cd usbdk/amd64; ${p7zip}/bin/7z x ${src_usbdk_amd64})
+ (cd usbdk/x86; ${p7zip}/bin/7z x -y ${src_usbdk_x86})
+ (cd usbdk/amd64; ${p7zip}/bin/7z x -y ${src_usbdk_amd64})
mkdir -p vdagent/x86 vdagent/amd64
- (cd vdagent/x86; ${p7zip}/bin/7z x ${src_vdagent_x86}; mv vdagent_0_7_3_x86/* .; rm -r vdagent_0_7_3_x86)
- (cd vdagent/amd64; ${p7zip}/bin/7z x ${src_vdagent_amd64}; mv vdagent_0_7_3_x64/* .; rm -r vdagent_0_7_3_x64)
+ (cd vdagent/x86; ${p7zip}/bin/7z x -y ${src_vdagent_x86}; mv vdagent_0_7_3_x86/* .; rm -r vdagent_0_7_3_x86)
+ (cd vdagent/amd64; ${p7zip}/bin/7z x -y ${src_vdagent_amd64}; mv vdagent_0_7_3_x64/* .; rm -r vdagent_0_7_3_x64)
mkdir -p qxlwddm
- (cd qxlwddm; ${p7zip}/bin/7z x ${src_qxlwddm}; mv Win8 w8.1; cd w8.1; mv x64 amd64)
+ (cd qxlwddm; ${p7zip}/bin/7z x -y ${src_qxlwddm}; mv Win8 w8.1; cd w8.1; mv x64 amd64)
'';
installPhase =
diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
index c8b8467def5..10a6d726aef 100644
--- a/pkgs/applications/virtualization/podman/default.nix
+++ b/pkgs/applications/virtualization/podman/default.nix
@@ -69,13 +69,26 @@ buildGoModule rec {
installShellCompletion --zsh completions/zsh/*
MANDIR=$man/share/man make install.man-nobuild
'' + lib.optionalString stdenv.isLinux ''
+ install -Dm644 cni/87-podman-bridge.conflist -t $out/etc/cni/net.d
install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
install -Dm644 contrib/systemd/system/podman.{socket,service} -t $out/lib/systemd/system
'' + ''
runHook postInstall
'';
- passthru.tests = { inherit (nixosTests) podman; };
+ postFixup = lib.optionalString stdenv.isLinux ''
+ RPATH=$(patchelf --print-rpath $out/bin/podman)
+ patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman
+ '';
+
+ passthru.tests = {
+ inherit (nixosTests) podman;
+ # related modules
+ inherit (nixosTests)
+ podman-tls-ghostunnel
+ podman-dnsname
+ ;
+ };
meta = with lib; {
homepage = "https://podman.io/";
diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix
index ae163583e69..c9ec18593df 100644
--- a/pkgs/applications/virtualization/podman/wrapper.nix
+++ b/pkgs/applications/virtualization/podman/wrapper.nix
@@ -12,6 +12,7 @@
, util-linux # nsenter
, cni-plugins # not added to path
, iptables
+, iproute2
}:
let
@@ -25,6 +26,7 @@ let
fuse-overlayfs
util-linux
iptables
+ iproute2
] ++ extraPackages);
in runCommand podman.name {
@@ -48,6 +50,7 @@ in runCommand podman.name {
ln -s ${podman.man} $man
mkdir -p $out/bin
+ ln -s ${podman-unwrapped}/etc $out/etc
ln -s ${podman-unwrapped}/lib $out/lib
ln -s ${podman-unwrapped}/share $out/share
makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \
diff --git a/pkgs/build-support/build-pecl.nix b/pkgs/build-support/build-pecl.nix
index d75d3cf943a..d3a8cc54a14 100644
--- a/pkgs/build-support/build-pecl.nix
+++ b/pkgs/build-support/build-pecl.nix
@@ -33,4 +33,5 @@ stdenv.mkDerivation (args // {
(dep: "mkdir -p ext; ln -s ${dep.dev}/include ext/${dep.extensionName}")
internalDeps}
'';
+ checkPhase = "NO_INTERACTON=yes make test";
})
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 54eb13d38ff..89510cd6330 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -37,6 +37,10 @@
let
+ inherit (lib)
+ optionals
+ ;
+
mkDbExtraCommand = contents: let
contentsList = if builtins.isList contents then contents else [ contents ];
in ''
@@ -532,7 +536,7 @@ rec {
passthru.layer = layer;
passthru.imageTag =
if tag != null
- then lib.toLower tag
+ then tag
else
lib.head (lib.strings.splitString "-" (baseNameOf result.outPath));
# Docker can't be made to run darwin binaries
@@ -786,7 +790,11 @@ rec {
fakeRootCommands ? "",
# We pick 100 to ensure there is plenty of room for extension. I
# believe the actual maximum is 128.
- maxLayers ? 100
+ maxLayers ? 100,
+ # Whether to include store paths in the image. You generally want to leave
+ # this on, but tooling may disable this to insert the store paths more
+ # efficiently via other means, such as bind mounting the host store.
+ includeStorePaths ? true,
}:
assert
(lib.assertMsg (maxLayers > 1)
@@ -834,7 +842,9 @@ rec {
'';
};
- closureRoots = [ baseJson ] ++ contentsList;
+ closureRoots = optionals includeStorePaths /* normally true */ (
+ [ baseJson ] ++ contentsList
+ );
overallClosure = writeText "closure" (lib.concatStringsSep " " closureRoots);
# These derivations are only created as implementation details of docker-tools,
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index 7dbee38feeb..de90eab3ea1 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -516,4 +516,29 @@ rec {
bash
layeredImageWithFakeRootCommands
];
+
+ helloOnRoot = pkgs.dockerTools.streamLayeredImage {
+ name = "hello";
+ tag = "latest";
+ contents = [
+ (pkgs.buildEnv {
+ name = "hello-root";
+ paths = [ pkgs.hello ];
+ })
+ ];
+ config.Cmd = [ "hello" ];
+ };
+
+ helloOnRootNoStore = pkgs.dockerTools.streamLayeredImage {
+ name = "hello";
+ tag = "latest";
+ contents = [
+ (pkgs.buildEnv {
+ name = "hello-root";
+ paths = [ pkgs.hello ];
+ })
+ ];
+ config.Cmd = [ "hello" ];
+ includeStorePaths = false;
+ };
}
diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix
index f6be1b299f6..cfc19c03cfd 100644
--- a/pkgs/build-support/vm/default.nix
+++ b/pkgs/build-support/vm/default.nix
@@ -822,45 +822,6 @@ rec {
/* The set of supported Dpkg-based distributions. */
debDistros = {
-
- # Interestingly, the SHA-256 hashes provided by Ubuntu in
- # http://nl.archive.ubuntu.com/ubuntu/dists/{gutsy,hardy}/Release are
- # wrong, but the SHA-1 and MD5 hashes are correct. Intrepid is fine.
-
- ubuntu1204i386 = {
- name = "ubuntu-12.04-precise-i386";
- fullName = "Ubuntu 12.04 Precise (i386)";
- packagesLists =
- [ (fetchurl {
- url = "mirror://ubuntu/dists/precise/main/binary-i386/Packages.bz2";
- sha256 = "18ns9h4qhvjfcip9z55grzi371racxavgqkp6b5kfkdq2wwwax2d";
- })
- (fetchurl {
- url = "mirror://ubuntu/dists/precise/universe/binary-i386/Packages.bz2";
- sha256 = "085lkzbnzkc74kfdmwdc32sfqyfz8dr0rbiifk8kx9jih3xjw2jk";
- })
- ];
- urlPrefix = "mirror://ubuntu";
- packages = commonDebPackages ++ [ "diffutils" ];
- };
-
- ubuntu1204x86_64 = {
- name = "ubuntu-12.04-precise-amd64";
- fullName = "Ubuntu 12.04 Precise (amd64)";
- packagesLists =
- [ (fetchurl {
- url = "mirror://ubuntu/dists/precise/main/binary-amd64/Packages.bz2";
- sha256 = "1aabpn0hdih6cbabyn87yvhccqj44q9k03mqmjsb920iqlckl3fc";
- })
- (fetchurl {
- url = "mirror://ubuntu/dists/precise/universe/binary-amd64/Packages.bz2";
- sha256 = "0x4hz5aplximgb7gnpvrhkw8m7a40s80rkm5b8hil0afblwlg4vr";
- })
- ];
- urlPrefix = "mirror://ubuntu";
- packages = commonDebPackages ++ [ "diffutils" ];
- };
-
ubuntu1404i386 = {
name = "ubuntu-14.04-trusty-i386";
fullName = "Ubuntu 14.04 Trusty (i386)";
@@ -929,40 +890,6 @@ rec {
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
- ubuntu1710i386 = {
- name = "ubuntu-17.10-artful-i386";
- fullName = "Ubuntu 17.10 Artful (i386)";
- packagesLists =
- [ (fetchurl {
- url = "mirror://ubuntu/dists/artful/main/binary-i386/Packages.xz";
- sha256 = "18yrj4kqdzm39q0527m97h5ing58hkm9yq9iyj636zh2rclym3c8";
- })
- (fetchurl {
- url = "mirror://ubuntu/dists/artful/universe/binary-i386/Packages.xz";
- sha256 = "1v0njw2w80xfmxi7by76cs8hyxlla5h3gqajlpdw5srjgx2qrm2g";
- })
- ];
- urlPrefix = "mirror://ubuntu";
- packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
- };
-
- ubuntu1710x86_64 = {
- name = "ubuntu-17.10-artful-amd64";
- fullName = "Ubuntu 17.10 Artful (amd64)";
- packagesLists =
- [ (fetchurl {
- url = "mirror://ubuntu/dists/artful/main/binary-amd64/Packages.xz";
- sha256 = "104g57j1l3vi8wb5f7rgjvjhf82ccs0vwhc59jfc4ynd51z7fqjk";
- })
- (fetchurl {
- url = "mirror://ubuntu/dists/artful/universe/binary-amd64/Packages.xz";
- sha256 = "1qzs95wfy9inaskfx9cf1l5yd3aaqwzy72zzi9xyvkxi75k5gcn4";
- })
- ];
- urlPrefix = "mirror://ubuntu";
- packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
- };
-
ubuntu1804i386 = {
name = "ubuntu-18.04-bionic-i386";
fullName = "Ubuntu 18.04 Bionic (i386)";
@@ -997,51 +924,83 @@ rec {
packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
- debian8i386 = {
- name = "debian-8.11-jessie-i386";
- fullName = "Debian 8.11 Jessie (i386)";
- packagesList = fetchurl {
- url = "mirror://debian/dists/jessie/main/binary-i386/Packages.xz";
- sha256 = "0adblarhx50yga900il6m25ng0csa81i3wid1dxxmydbdmri7v7d";
- };
- urlPrefix = "mirror://debian";
- packages = commonDebianPackages;
+ ubuntu2004i386 = {
+ name = "ubuntu-20.04-focal-i386";
+ fullName = "Ubuntu 20.04 Focal (i386)";
+ packagesLists =
+ [ (fetchurl {
+ url = "mirror://ubuntu/dists/focal/main/binary-i386/Packages.xz";
+ sha256 = "sha256-7RAYURoN3RKYQAHpwBS9TIV6vCmpURpphyMJQmV4wLc=";
+ })
+ (fetchurl {
+ url = "mirror://ubuntu/dists/focal/universe/binary-i386/Packages.xz";
+ sha256 = "sha256-oA551xVE80volUPgkMyvzpQ1d+GhuZd4DAe7dXZnULM=";
+ })
+ ];
+ urlPrefix = "mirror://ubuntu";
+ packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
- debian8x86_64 = {
- name = "debian-8.11-jessie-amd64";
- fullName = "Debian 8.11 Jessie (amd64)";
- packagesList = fetchurl {
- url = "mirror://debian/dists/jessie/main/binary-amd64/Packages.xz";
- sha256 = "09y1mv4kqllhxpk1ibjsyl5jig5bp0qxw6pp4sn56rglrpygmn5x";
- };
- urlPrefix = "mirror://debian";
- packages = commonDebianPackages;
+ ubuntu2004x86_64 = {
+ name = "ubuntu-20.04-focal-amd64";
+ fullName = "Ubuntu 20.04 Focal (amd64)";
+ packagesLists =
+ [ (fetchurl {
+ url = "mirror://ubuntu/dists/focal/main/binary-amd64/Packages.xz";
+ sha256 = "sha256-d1eSH/j+7Zw5NKDJk21EG6SiOL7j6myMHfXLzUP8mGE=";
+ })
+ (fetchurl {
+ url = "mirror://ubuntu/dists/focal/universe/binary-amd64/Packages.xz";
+ sha256 = "sha256-RqdG2seJvZU3rKVNsWgLnf9RwkgVMRE1A4IZnX2WudE=";
+ })
+ ];
+ urlPrefix = "mirror://ubuntu";
+ packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
};
debian9i386 = {
- name = "debian-9.8-stretch-i386";
- fullName = "Debian 9.8 Stretch (i386)";
+ name = "debian-9.13-stretch-i386";
+ fullName = "Debian 9.13 Stretch (i386)";
packagesList = fetchurl {
- url = "http://snapshot.debian.org/archive/debian/20200301T030401Z/dists/stretch/main/binary-i386/Packages.xz";
- sha256 = "1jglr1d1jys3xddp8f7w9j05db39fah8xy4gfkpqbd1b5d2caslz";
+ url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/stretch/main/binary-i386/Packages.xz";
+ sha256 = "sha256-fFRumd20wuVaYxzw0VPkAw5mQo8kIg+eXII15VSz9wA=";
};
urlPrefix = "mirror://debian";
packages = commonDebianPackages;
};
debian9x86_64 = {
- name = "debian-9.8-stretch-amd64";
- fullName = "Debian 9.8 Stretch (amd64)";
+ name = "debian-9.13-stretch-amd64";
+ fullName = "Debian 9.13 Stretch (amd64)";
packagesList = fetchurl {
- url = "http://snapshot.debian.org/archive/debian/20190503T090946Z/dists/stretch/main/binary-amd64/Packages.xz";
- sha256 = "01q00nl47p12n7wx0xclx59wf3zlkzrgj3zxpshyvb91xdnw5sh6";
+ url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/stretch/main/binary-amd64/Packages.xz";
+ sha256 = "sha256-1p4DEVpTGlBE3PtbQ90kYw4QNHkW0F4rna/Xz+ncMhw=";
};
urlPrefix = "mirror://debian";
packages = commonDebianPackages;
};
+ debian10i386 = {
+ name = "debian-10.9-buster-i386";
+ fullName = "Debian 10.9 Buster (i386)";
+ packagesList = fetchurl {
+ url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/buster/main/binary-i386/Packages.xz";
+ sha256 = "sha256-zlkbKV+IGBCyWKD4v4LFM/EUA4TYS9fkLBPuF6MgUDo=";
+ };
+ urlPrefix = "mirror://debian";
+ packages = commonDebianPackages;
+ };
+ debian10x86_64 = {
+ name = "debian-10.9-buster-amd64";
+ fullName = "Debian 10.9 Buster (amd64)";
+ packagesList = fetchurl {
+ url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/buster/main/binary-amd64/Packages.xz";
+ sha256 = "sha256-k13toY1b3CX7GBPQ7Jm24OMqCEsgPlGK8M99x57o69o=";
+ };
+ urlPrefix = "mirror://debian";
+ packages = commonDebianPackages;
+ };
};
@@ -1168,7 +1127,7 @@ rec {
"passwd"
];
- commonDebianPackages = commonDebPackages ++ [ "sysvinit" "diff" "mktemp" ];
+ commonDebianPackages = commonDebPackages ++ [ "sysvinit" "diff" ];
/* A set of functions that build the Linux distributions specified
diff --git a/pkgs/development/beam-modules/default.nix b/pkgs/development/beam-modules/default.nix
index 601505e1f48..a2c8f79b8eb 100644
--- a/pkgs/development/beam-modules/default.nix
+++ b/pkgs/development/beam-modules/default.nix
@@ -73,7 +73,6 @@ let
# https://hexdocs.pm/elixir/compatibility-and-deprecations.html
lfe = lfe_1_3;
- lfe_1_2 = lib'.callLFE ../interpreters/lfe/1.2.nix { inherit erlang buildRebar3 buildHex; };
lfe_1_3 = lib'.callLFE ../interpreters/lfe/1.3.nix { inherit erlang buildRebar3 buildHex; };
# Non hex packages. Examples how to build Rebar/Mix packages with and
@@ -81,9 +80,6 @@ let
hex = callPackage ./hex { };
webdriver = callPackage ./webdriver { };
relxExe = callPackage ../tools/erlang/relx-exe { };
-
- # An example of Erlang/C++ package.
- cuter = callPackage ../tools/erlang/cuter { };
};
in
makeExtensible packages
diff --git a/pkgs/development/compilers/halide/default.nix b/pkgs/development/compilers/halide/default.nix
index 69b7cd4d868..916d8fa56f7 100644
--- a/pkgs/development/compilers/halide/default.nix
+++ b/pkgs/development/compilers/halide/default.nix
@@ -41,7 +41,17 @@ llvmPackages.stdenv.mkDerivation rec {
# Note: only openblas and not atlas part of this Nix expression
# see pkgs/development/libraries/science/math/liblapack/3.5.0.nix
# to get a hint howto setup atlas instead of openblas
- buildInputs = [ llvmPackages.llvm libpng libjpeg mesa eigen openblas ];
+ buildInputs = [
+ llvmPackages.llvm
+ llvmPackages.lld
+ llvmPackages.openmp
+ llvmPackages.libclang
+ libpng
+ libjpeg
+ mesa
+ eigen
+ openblas
+ ];
nativeBuildInputs = [ cmake ];
diff --git a/pkgs/development/haskell-modules/cabal2nix-unstable.nix b/pkgs/development/haskell-modules/cabal2nix-unstable.nix
index 1ec16eaf5eb..00bd9061f01 100644
--- a/pkgs/development/haskell-modules/cabal2nix-unstable.nix
+++ b/pkgs/development/haskell-modules/cabal2nix-unstable.nix
@@ -8,10 +8,10 @@
}:
mkDerivation {
pname = "cabal2nix";
- version = "unstable-2021-05-06";
+ version = "unstable-2021-05-28";
src = fetchzip {
- url = "https://github.com/NixOS/cabal2nix/archive/b598bc4682b0827554b5780acdd6f948d320283b.tar.gz";
- sha256 = "04afm56cyhj2l41cvq4z11k92jjchr21a8vg9pjaz438pma7jgw1";
+ url = "https://github.com/NixOS/cabal2nix/archive/5fb325e094af91328e02cc2ecfd211feaeb135a7.tar.gz";
+ sha256 = "1zbd336s99rgk24yjqlp012d0f66s5nf190sjmsl7mfhqx9j2y4l";
};
isLibrary = true;
isExecutable = true;
diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix
index f293048e817..d62741d590e 100644
--- a/pkgs/development/haskell-modules/configuration-common.nix
+++ b/pkgs/development/haskell-modules/configuration-common.nix
@@ -1156,6 +1156,23 @@ self: super: {
# Therefore we jailbreak it.
hakyll-contrib-hyphenation = doJailbreak super.hakyll-contrib-hyphenation;
+ # Jailbreak due to bounds on multiple dependencies,
+ # bound on pandoc needs to be patched since it is conditional
+ hakyll = doJailbreak (overrideCabal super.hakyll (drv: {
+ patches = [
+ # Remove when Hakyll > 4.14.0.0
+ (pkgs.fetchpatch {
+ url = "https://github.com/jaspervdj/hakyll/commit/0dc6127d81ff688e27c36ce469230320eee60246.patch";
+ sha256 = "sha256-YyRz3bAmIBODTEeS5kGl2J2x31SjiPoLzUZUlo3nHvQ=";
+ })
+ # Remove when Hakyll > 4.14.0.0
+ (pkgs.fetchpatch {
+ url = "https://github.com/jaspervdj/hakyll/commit/af9e29b5456c105dc948bc46c93e989a650b5ed1.patch";
+ sha256 = "sha256-ghc0V5L9OybNHWKmM0vhjRBN2rIvDlp+ClcK/aQst44=";
+ })
+ ];
+ }));
+
# 2020-06-22: NOTE: > 0.4.0 => rm Jailbreak: https://github.com/serokell/nixfmt/issues/71
nixfmt = doJailbreak super.nixfmt;
@@ -1207,14 +1224,10 @@ self: super: {
hasql-notifications = dontCheck super.hasql-notifications;
hasql-pool = dontCheck super.hasql-pool;
- # This bumps optparse-applicative to <0.16 in the cabal file, as otherwise
- # the version bounds are not satisfied. This can be removed if the PR at
- # https://github.com/ananthakumaran/webify/pull/27 is merged and a new
- # release of webify is published.
- webify = appendPatch super.webify (pkgs.fetchpatch {
- url = "https://github.com/ananthakumaran/webify/pull/27/commits/6d653e7bdc1ffda75ead46851b5db45e87cb2aa0.patch";
- sha256 = "0xbfhzhzg94b4r5qy5dg1c40liswwpqarrc2chcwgfbfnrmwkfc2";
- });
+ # We jailbreak webify, as optparse-applicative evolved past the version bound
+ # and the corresponding (and outdated) PR was not merged for a year.
+ # https://github.com/ananthakumaran/webify/pull/27
+ webify = doJailbreak super.webify;
# hasn‘t bumped upper bounds
# upstream: https://github.com/obsidiansystems/which/pull/6
diff --git a/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml b/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
index 0aade87acbf..ad6dd7115ae 100644
--- a/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
+++ b/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
@@ -1675,7 +1675,6 @@ broken-packages:
- grasp
- gray-code
- greencard
- - greenclip
- greg-client
- gremlin-haskell
- Grempa
@@ -1745,7 +1744,6 @@ broken-packages:
- hakismet
- hakka
- hako
- - hakyll
- hakyll-shortcode
- HaLeX
- halfs
@@ -5026,7 +5024,6 @@ broken-packages:
- web-encodings
- WeberLogic
- webfinger-client
- - webify
- webkit-javascriptcore
- webmention
- web-output
diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix
index c04898da528..198ce1cc4a5 100644
--- a/pkgs/development/haskell-modules/hackage-packages.nix
+++ b/pkgs/development/haskell-modules/hackage-packages.nix
@@ -41557,7 +41557,7 @@ self: {
license = lib.licenses.bsd3;
hydraPlatforms = lib.platforms.none;
broken = true;
- }) {wlc = null;};
+ }) {inherit (pkgs) wlc;};
"bindings-yices" = callPackage
({ mkDerivation, base, gmp, yices }:
@@ -110752,9 +110752,9 @@ self: {
"greenclip" = callPackage
({ mkDerivation, base, binary, bytestring, directory, exceptions
- , hashable, libXau, microlens, microlens-mtl, protolude, text
- , tomland, unix, vector, wordexp, X11, xcb, xdmcp, xlibsWrapper
- , xscrnsaver
+ , hashable, libXau, libXScrnSaver, microlens, microlens-mtl
+ , protolude, text, tomland, unix, vector, wordexp, X11, xcb, xdmcp
+ , xlibsWrapper
}:
mkDerivation {
pname = "greenclip";
@@ -110767,14 +110767,12 @@ self: {
microlens-mtl protolude text tomland unix vector wordexp X11
];
executablePkgconfigDepends = [
- libXau xcb xdmcp xlibsWrapper xscrnsaver
+ libXau libXScrnSaver xcb xdmcp xlibsWrapper
];
description = "Simple clipboard manager to be integrated with rofi";
license = lib.licenses.bsd3;
- hydraPlatforms = lib.platforms.none;
- broken = true;
- }) {inherit (pkgs.xorg) libXau; xcb = null; xdmcp = null;
- inherit (pkgs) xlibsWrapper; xscrnsaver = null;};
+ }) {inherit (pkgs.xorg) libXScrnSaver; inherit (pkgs.xorg) libXau;
+ xcb = null; xdmcp = null; inherit (pkgs) xlibsWrapper;};
"greg-client" = callPackage
({ mkDerivation, base, binary, bytestring, clock, hostname, network
@@ -114775,8 +114773,6 @@ self: {
testToolDepends = [ utillinux ];
description = "A static website compiler library";
license = lib.licenses.bsd3;
- hydraPlatforms = lib.platforms.none;
- broken = true;
}) {inherit (pkgs) utillinux;};
"hakyll-R" = callPackage
@@ -278699,8 +278695,6 @@ self: {
];
description = "webfont generator";
license = lib.licenses.mit;
- hydraPlatforms = lib.platforms.none;
- broken = true;
}) {};
"webkit" = callPackage
@@ -280226,7 +280220,7 @@ self: {
description = "Haskell bindings for the wlc library";
license = lib.licenses.isc;
hydraPlatforms = lib.platforms.none;
- }) {wlc = null;};
+ }) {inherit (pkgs) wlc;};
"wobsurv" = callPackage
({ mkDerivation, aeson, attoparsec, base-prelude, bytestring
diff --git a/pkgs/development/haskell-modules/non-hackage-packages.nix b/pkgs/development/haskell-modules/non-hackage-packages.nix
index 1882d68f234..1e657d89a17 100644
--- a/pkgs/development/haskell-modules/non-hackage-packages.nix
+++ b/pkgs/development/haskell-modules/non-hackage-packages.nix
@@ -36,4 +36,16 @@ self: super: {
# Unofficial fork until PRs are merged https://github.com/pcapriotti/optparse-applicative/pulls/roberth
# cabal2nix --maintainer roberth https://github.com/hercules-ci/optparse-applicative.git > pkgs/development/misc/haskell/hercules-ci-optparse-applicative.nix
hercules-ci-optparse-applicative = self.callPackage ../misc/haskell/hercules-ci-optparse-applicative.nix {};
+
+ #
+ # Backports
+ #
+
+ # This file overrides packages in `hackage-packages.nix`.
+
+ # Backport arion, to support Podman instead of Docker, for those who need NixOS-based containers.
+ # Generated with:
+ # nix-shell -I nixpkgs=$PWD -p cabal-install -p cabal2nix --run 'cabal update; cabal2nix cabal://arion-compose > pkgs/applications/virtualization/arion/arion-compose.nix'
+ arion-compose = self.callPackage ../../applications/virtualization/arion/arion-compose.nix {};
+
}
diff --git a/pkgs/development/interpreters/erlang/R18.nix b/pkgs/development/interpreters/erlang/R18.nix
deleted file mode 100644
index c99596ea026..00000000000
--- a/pkgs/development/interpreters/erlang/R18.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ mkDerivation, fetchpatch }:
-
-let
- rmAndPwdPatch = fetchpatch {
- url = "https://github.com/erlang/otp/commit/98b8650d22e94a5ff839170833f691294f6276d0.patch";
- sha256 = "0zjs7as83prgq4d5gaw2cmnajnsprdk8cjl5kklknx0pc2b3hfg5";
- };
-
- envAndCpPatch = fetchpatch {
- url = "https://github.com/erlang/otp/commit/9f9841eb7327c9fe73e84e197fd2965a97b639cf.patch";
- sha256 = "00fx5wc88ki3z71z5q4xzi9h3whhjw1zblpn09w995ygn07m9qhm";
- };
-
- makeOrderingPatch = fetchpatch {
- url = "https://github.com/erlang/otp/commit/2f1a37f1011ff9d129bc35a6efa0ab937a2aa0e9.patch";
- sha256 = "0xfa6hzxh9d7qllkyidcgh57xrrx11w65y7s1hyg52alm06l6b9n";
- };
-
- makeParallelInstallPatch = fetchpatch {
- url ="https://github.com/erlang/otp/commit/de8fe86f67591dd992bae33f7451523dab36e5bd.patch";
- sha256 = "1cj9fjhdng6yllajjm3gkk04ag9bwyb3n70hrb5nk6c292v8a45c";
- };
-
-in mkDerivation {
- version = "18.3.4.11";
- sha256 = "190xbv77v5x2g8xkzdg9bpwa1ylkc18d03ag2a0frcwcv76x53k1";
-
- patches = [
- rmAndPwdPatch
- envAndCpPatch
- makeOrderingPatch
- makeParallelInstallPatch
- ];
-}
diff --git a/pkgs/development/interpreters/erlang/R19.nix b/pkgs/development/interpreters/erlang/R19.nix
deleted file mode 100644
index 65ac57413f6..00000000000
--- a/pkgs/development/interpreters/erlang/R19.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ mkDerivation, fetchpatch }:
-
-mkDerivation {
- version = "19.3.6.13";
- sha256 = "1zbg54p7pdr8bjyrxvi7vs41vgamqa8lsynnm6ac6845q0xwpwid";
-
- patches = [
- # macOS 10.13 crypto fix from OTP-20.1.2
- (fetchpatch {
- name = "darwin-crypto.patch";
- url = "https://github.com/erlang/otp/commit/882c90f72ba4e298aa5a7796661c28053c540a96.patch";
- sha256 = "1gggzpm8ssamz6975z7px0g8qq5i4jqw81j846ikg49c5cxvi0hi";
- })
- ];
-
- prePatch = ''
- substituteInPlace configure.in --replace '`sw_vers -productVersion`' "''${MACOSX_DEPLOYMENT_TARGET:-10.12}"
- '';
-}
diff --git a/pkgs/development/interpreters/erlang/R20.nix b/pkgs/development/interpreters/erlang/R20.nix
deleted file mode 100644
index dfa363c0f25..00000000000
--- a/pkgs/development/interpreters/erlang/R20.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ mkDerivation }:
-
-mkDerivation {
- version = "20.3.8.26";
- sha256 = "062405s59hkdkmw2dryq0qc1k03jsncj7yqisgj35x9sqpzm4w7a";
-
- prePatch = ''
- substituteInPlace configure.in --replace '`sw_vers -productVersion`' "''${MACOSX_DEPLOYMENT_TARGET:-10.12}"
- '';
-}
diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix
index 95b593fb5db..d2ba451b9e6 100644
--- a/pkgs/development/interpreters/lua-5/default.nix
+++ b/pkgs/development/interpreters/lua-5/default.nix
@@ -3,8 +3,8 @@
rec {
lua5_4 = callPackage ./interpreter.nix {
- sourceVersion = { major = "5"; minor = "4"; patch = "2"; };
- hash = "0ksj5zpj74n0jkamy3di1p6l10v4gjnd2zjnb453qc6px6bhsmqi";
+ sourceVersion = { major = "5"; minor = "4"; patch = "3"; };
+ hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq";
patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch;
};
diff --git a/pkgs/development/libraries/arrow-cpp/default.nix b/pkgs/development/libraries/arrow-cpp/default.nix
index ac53ae3bbd4..a13ebf28193 100644
--- a/pkgs/development/libraries/arrow-cpp/default.nix
+++ b/pkgs/development/libraries/arrow-cpp/default.nix
@@ -22,12 +22,12 @@ let
in stdenv.mkDerivation rec {
pname = "arrow-cpp";
- version = "4.0.0";
+ version = "4.0.1";
src = fetchurl {
url =
"mirror://apache/arrow/arrow-${version}/apache-arrow-${version}.tar.gz";
- sha256 = "1bj9jr0pgq9f2nyzqiyj3cl0hcx3c83z2ym6rpdkp59ff2zx0caa";
+ sha256 = "0vl926i6jvsvj5vigdgqzp9v1i1h5zzj1abqr6qwc9drfsibzk3m";
};
sourceRoot = "apache-arrow-${version}/cpp";
@@ -146,11 +146,11 @@ in stdenv.mkDerivation rec {
--exclude-regex '^(${builtins.concatStringsSep "|" excludedTests})$'
'';
- meta = {
+ meta = with lib; {
description = "A cross-language development platform for in-memory data";
homepage = "https://arrow.apache.org/";
- license = lib.licenses.asl20;
- platforms = lib.platforms.unix;
- maintainers = with lib.maintainers; [ tobim veprbl ];
+ license = licenses.asl20;
+ platforms = platforms.unix;
+ maintainers = with maintainers; [ tobim veprbl ];
};
}
diff --git a/pkgs/development/libraries/lasso/default.nix b/pkgs/development/libraries/lasso/default.nix
index 24efa689c58..eaea748c714 100644
--- a/pkgs/development/libraries/lasso/default.nix
+++ b/pkgs/development/libraries/lasso/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, autoconf, automake, autoreconfHook, fetchurl, glib, gobject-introspection, gtk-doc, libtool, libxml2, libxslt, openssl, pkg-config, python27Packages, xmlsec, zlib }:
+{ lib, stdenv, autoconf, automake, autoreconfHook, fetchurl, fetchpatch, glib, gobject-introspection, gtk-doc, libtool, libxml2, libxslt, openssl, pkg-config, python27Packages, xmlsec, zlib }:
stdenv.mkDerivation rec {
@@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
};
+ patches = [
+ (fetchpatch {
+ name = "CVE-2021-28091.patch";
+ url = "https://git.entrouvert.org/lasso.git/patch/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a";
+ sha256 = "0070x01pir30hsb21mp69pf9pxingadl3y4w0afw07a5c57drhn4";
+ })
+ ];
+
nativeBuildInputs = [ autoreconfHook pkg-config ];
buildInputs = [ autoconf automake glib gobject-introspection gtk-doc libtool libxml2 libxslt openssl python27Packages.six xmlsec zlib ];
diff --git a/pkgs/development/libraries/libccd/default.nix b/pkgs/development/libraries/libccd/default.nix
index a9e0c2b3feb..c8e7c8af210 100644
--- a/pkgs/development/libraries/libccd/default.nix
+++ b/pkgs/development/libraries/libccd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, cmake }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake }:
stdenv.mkDerivation rec {
pname = "libccd";
@@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
sha256 = "0sfmn5pd7k5kyhbxnd689xmsa5v843r7sska96dlysqpljd691jc";
};
+ patches = [
+ # Fix pkgconfig file with absolute CMAKE_INSTALL_*DIR
+ # https://github.com/danfis/libccd/pull/76
+ (fetchpatch {
+ url = "https://github.com/danfis/libccd/commit/cd16c4f168ae308e4c77db66ac97a2eaf47e059e.patch";
+ sha256 = "02wj21c185kwf8bn4qi4cnna0ypzqm481xw9rr8jy1i0cb1r9idg";
+ })
+ ];
+
nativeBuildInputs = [ cmake ];
meta = with lib; {
diff --git a/pkgs/development/libraries/libiio/cmake-fix-libxml2-find-package.patch b/pkgs/development/libraries/libiio/cmake-fix-libxml2-find-package.patch
new file mode 100644
index 00000000000..25345bef90c
--- /dev/null
+++ b/pkgs/development/libraries/libiio/cmake-fix-libxml2-find-package.patch
@@ -0,0 +1,13 @@
+diff --color -ur a/CMakeLists.txt b/CMakeLists.txt
+--- a/CMakeLists.txt 2021-05-30 13:46:22.256040282 +0200
++++ b/CMakeLists.txt 2021-05-30 14:15:42.530181216 +0200
+@@ -333,7 +333,7 @@
+ # So, try first to find the CMake module provided by libxml2 package, then fallback
+ # on the CMake's FindLibXml2.cmake module (which can lack some definition, especially
+ # in static build case).
+-find_package(LibXml2 QUIET NO_MODULE)
++find_package(LibXml2 QUIET MODULE)
+ if(DEFINED LIBXML2_VERSION_STRING)
+ set(LIBXML2_FOUND ON)
+ set(LIBXML2_INCLUDE_DIR ${LIBXML2_INCLUDE_DIRS})
+Seulement dans b: good.patch
diff --git a/pkgs/development/libraries/libiio/default.nix b/pkgs/development/libraries/libiio/default.nix
index 043e27fb4b2..e704076ab57 100644
--- a/pkgs/development/libraries/libiio/default.nix
+++ b/pkgs/development/libraries/libiio/default.nix
@@ -23,6 +23,10 @@ stdenv.mkDerivation rec {
sha256 = "0psw67mzysdb8fkh8xpcwicm7z94k8plkcc8ymxyvl6inshq0mc7";
};
+ # Revert after https://github.com/NixOS/nixpkgs/issues/125008 is
+ # fixed properly
+ patches = [ ./cmake-fix-libxml2-find-package.patch ];
+
nativeBuildInputs = [
cmake
flex
diff --git a/pkgs/development/libraries/libraspberrypi/default.nix b/pkgs/development/libraries/libraspberrypi/default.nix
index 8ffe8f488b2..8a8f41981aa 100644
--- a/pkgs/development/libraries/libraspberrypi/default.nix
+++ b/pkgs/development/libraries/libraspberrypi/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
patches = [
(fetchpatch {
# https://github.com/raspberrypi/userland/pull/670
- url = "https://github.com/raspberrypi/userland/pull/670/commits/37cb44f314ab1209fe2a0a2449ef78893b1e5f62.patch";
+ url = "https://github.com/raspberrypi/userland/commit/37cb44f314ab1209fe2a0a2449ef78893b1e5f62.patch";
sha256 = "1fbrbkpc4cc010ji8z4ll63g17n6jl67kdy62m74bhlxn72gg9rw";
})
];
diff --git a/pkgs/development/libraries/libxlsxwriter/default.nix b/pkgs/development/libraries/libxlsxwriter/default.nix
index d323c2d962e..4bb80cb04a4 100644
--- a/pkgs/development/libraries/libxlsxwriter/default.nix
+++ b/pkgs/development/libraries/libxlsxwriter/default.nix
@@ -8,13 +8,13 @@
stdenv.mkDerivation rec {
pname = "libxlsxwriter";
- version = "1.0.5";
+ version = "1.0.6";
src = fetchFromGitHub {
owner = "jmcnamara";
repo = "libxlsxwriter";
rev = "RELEASE_${version}";
- sha256 = "1jjmwg1mk7pvf36q30rng42qphgz6qdjvn96agrym2q0hhwxc99v";
+ sha256 = "03fdcbm0xnkxwv6fir4yy4x9q2p5h08j099w9xh5gc2ni7ygjlyx";
};
nativeBuildInputs = [
diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix
index 7f0ad5acdce..bc7f7e80d9c 100644
--- a/pkgs/development/libraries/polkit/default.nix
+++ b/pkgs/development/libraries/polkit/default.nix
@@ -34,6 +34,13 @@ stdenv.mkDerivation rec {
url = "https://gitlab.freedesktop.org/polkit/polkit/commit/5dd4e22efd05d55833c4634b56e473812b5acbf2.patch";
sha256 = "17lv7xj5ksa27iv4zpm4zwd4iy8zbwjj4ximslfq3sasiz9kxhlp";
})
+ (fetchpatch {
+ # https://www.openwall.com/lists/oss-security/2021/06/03/1
+ # https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/79
+ name = "CVE-2021-3560.patch";
+ url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81.patch";
+ sha256 = "157ddsizgr290jsb8fpafrc37gc1qw5pdvl351vnn3pzhqs7n6f4";
+ })
] ++ lib.optionals stdenv.hostPlatform.isMusl [
# Make netgroup support optional (musl does not have it)
# Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10
diff --git a/pkgs/development/ocaml-modules/tyxml/default.nix b/pkgs/development/ocaml-modules/tyxml/default.nix
index bf0e06507c9..c49327d7d33 100644
--- a/pkgs/development/ocaml-modules/tyxml/default.nix
+++ b/pkgs/development/ocaml-modules/tyxml/default.nix
@@ -2,13 +2,13 @@
buildDunePackage rec {
pname = "tyxml";
- version = "4.4.0";
+ version = "4.5.0";
useDune2 = true;
src = fetchurl {
url = "https://github.com/ocsigen/tyxml/releases/download/${version}/tyxml-${version}.tbz";
- sha256 = "0c150h2f4c4id73ickkdqkir3jya66m6c7f5jxlp4caw9bfr8qsi";
+ sha256 = "0s30f72m457c3gbdmdwbx7ls9zg806nvm83aiz9qkpglbppwr6n6";
};
propagatedBuildInputs = [ uutf re ];
@@ -19,7 +19,7 @@ buildDunePackage rec {
license = licenses.lgpl21;
maintainers = with maintainers; [
gal_bolle vbgl
- ];
+ ];
};
}
diff --git a/pkgs/development/python-modules/adblock/default.nix b/pkgs/development/python-modules/adblock/default.nix
index 8fc697828f0..59d1f2e4e7a 100644
--- a/pkgs/development/python-modules/adblock/default.nix
+++ b/pkgs/development/python-modules/adblock/default.nix
@@ -8,6 +8,7 @@
, openssl
, publicsuffix-list
, isPy27
+, libiconv
, CoreFoundation
, Security
}:
@@ -37,7 +38,7 @@ buildPythonPackage rec {
++ (with rustPlatform; [ cargoSetupHook maturinBuildHook ]);
buildInputs = [ openssl ]
- ++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
+ ++ lib.optionals stdenv.isDarwin [ libiconv CoreFoundation Security ];
PSL_PATH = "${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat";
@@ -49,7 +50,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Python wrapper for Brave's adblocking library, which is written in Rust";
homepage = "https://github.com/ArniDagur/python-adblock/";
- maintainers = with maintainers; [ petabyteboy ];
+ maintainers = with maintainers; [ petabyteboy dotlambda ];
license = with licenses; [ asl20 mit ];
};
}
diff --git a/pkgs/development/python-modules/click-option-group/default.nix b/pkgs/development/python-modules/click-option-group/default.nix
new file mode 100644
index 00000000000..cf39ba80845
--- /dev/null
+++ b/pkgs/development/python-modules/click-option-group/default.nix
@@ -0,0 +1,47 @@
+{ lib
+, buildPythonPackage
+, pythonOlder
+, fetchFromGitHub
+, click
+, pytestCheckHook
+}:
+
+buildPythonPackage rec {
+ pname = "click-option-group";
+ version = "0.5.3";
+ format = "setuptools";
+ disabled = pythonOlder "3.6";
+
+ src = fetchFromGitHub {
+ owner = "click-contrib";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "1w0692s8fabncpggpwl2d4dfqjjlmcia271rrb8hcz0r6nvw98ak";
+ };
+
+ propagatedBuildInputs = [
+ click
+ ];
+
+ checkInputs = [
+ pytestCheckHook
+ ];
+
+ pythonImportsCheck = [
+ "click_option_group"
+ ];
+
+ meta = with lib; {
+ description = "Option groups missing in Click";
+ longDescription = ''
+ Option groups are convenient mechanism for logical structuring
+ CLI, also it allows you to set the specific behavior and set the
+ relationship among grouped options (mutually exclusive options
+ for example). Moreover, argparse stdlib package contains this
+ functionality out of the box.
+ '';
+ homepage = "https://github.com/click-contrib/click-option-group";
+ license = licenses.bsd3;
+ maintainers = with maintainers; [ hexa ];
+ };
+}
diff --git a/pkgs/development/python-modules/drf-jwt/default.nix b/pkgs/development/python-modules/drf-jwt/default.nix
index ad3edc59246..2cf125c8df3 100644
--- a/pkgs/development/python-modules/drf-jwt/default.nix
+++ b/pkgs/development/python-modules/drf-jwt/default.nix
@@ -3,18 +3,17 @@
, fetchFromGitHub
, pyjwt
, djangorestframework
-, pytestCheckHook
}:
buildPythonPackage rec {
pname = "drf-jwt";
- version = "1.19.0";
+ version = "1.19.1";
src = fetchFromGitHub {
owner = "Styria-Digital";
repo = "django-rest-framework-jwt";
rev = version;
- sha256 = "012rmm25w5gvkzi4lyyhn47y1n6g68q9gasga2mkv9i6mn8n4kp7";
+ sha256 = "sha256-++8rFXVsA5WMTt+aC4di3Rpa0BAW285/qM087i9uQ0g=";
};
propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/hdbscan/default.nix b/pkgs/development/python-modules/hdbscan/default.nix
index 5264ff24890..bf48d6cf5e7 100644
--- a/pkgs/development/python-modules/hdbscan/default.nix
+++ b/pkgs/development/python-modules/hdbscan/default.nix
@@ -40,6 +40,8 @@ buildPythonPackage rec {
"test_mem_vec_diff_clusters"
"test_all_points_mem_vec_diff_clusters"
"test_approx_predict_diff_clusters"
+ # another flaky test https://github.com/scikit-learn-contrib/hdbscan/issues/421
+ "test_hdbscan_boruvka_balltree_matches"
];
meta = with lib; {
diff --git a/pkgs/development/python-modules/pywemo/default.nix b/pkgs/development/python-modules/pywemo/default.nix
index 7448f1f7f2c..ceb190fe753 100644
--- a/pkgs/development/python-modules/pywemo/default.nix
+++ b/pkgs/development/python-modules/pywemo/default.nix
@@ -47,11 +47,6 @@ buildPythonPackage rec {
pytestCheckHook
];
- disabledTests = [
- # https://github.com/NixOS/nixpkgs/issues/124165
- "test_bridge_getdevicestatus"
- ];
-
pythonImportsCheck = [ "pywemo" ];
meta = with lib; {
diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix
index e59c48f91d3..f51f0f9368d 100644
--- a/pkgs/development/tools/analysis/radare2/default.nix
+++ b/pkgs/development/tools/analysis/radare2/default.nix
@@ -28,13 +28,13 @@
stdenv.mkDerivation rec {
pname = "radare2";
- version = "5.2.1";
+ version = "5.3.0";
src = fetchFromGitHub {
owner = "radare";
repo = "radare2";
rev = version;
- sha256 = "0n3k190qjhdlj10fjqijx6ismz0g7fk28i83j0480cxdqgmmlbxc";
+ sha256 = "sha256-xndnRVlqTB/NH1ROo7xkftLP7DufsJu4CCA9MCOEeng=";
};
postInstall = ''
diff --git a/pkgs/development/tools/delve/default.nix b/pkgs/development/tools/delve/default.nix
index 62e51597055..9a0d19840e4 100644
--- a/pkgs/development/tools/delve/default.nix
+++ b/pkgs/development/tools/delve/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoPackage, fetchFromGitHub }:
+{ lib, buildGoPackage, fetchFromGitHub, makeWrapper }:
buildGoPackage rec {
pname = "delve";
@@ -14,6 +14,16 @@ buildGoPackage rec {
sha256 = "sha256-bTVCasemE8Vyjcs8wZBiiXEsW3UBndjpPQ5bi+4vQkw=";
};
+ subPackages = [ "cmd/dlv" ];
+
+ nativeBuildInputs = [ makeWrapper ];
+
+ postInstall = ''
+ # fortify source breaks build since delve compiles with -O0
+ wrapProgram $out/bin/dlv \
+ --prefix disableHardening " " fortify
+ '';
+
meta = with lib; {
description = "debugger for the Go programming language";
homepage = "https://github.com/derekparker/delve";
diff --git a/pkgs/development/tools/erlang/cuter/default.nix b/pkgs/development/tools/erlang/cuter/default.nix
deleted file mode 100644
index 44ed61ac1d5..00000000000
--- a/pkgs/development/tools/erlang/cuter/default.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ lib, stdenv, autoreconfHook, which, writeText, makeWrapper, fetchFromGitHub, erlang
-, z3, python }:
-
-stdenv.mkDerivation rec {
- pname = "cuter";
- version = "0.1";
-
- src = fetchFromGitHub {
- owner = "aggelgian";
- repo = "cuter";
- rev = "v${version}";
- sha256 = "1ax1pj6ji4w2mg3p0nh2lzmg3n9mgfxk4cf07pll51yrcfpfrnfv";
- };
-
- setupHook = writeText "setupHook.sh" ''
- addToSearchPath ERL_LIBS "$1/lib/erlang/lib/"
- '';
-
- nativeBuildInputs = [ autoreconfHook makeWrapper which ];
- buildInputs = [ python python.pkgs.setuptools z3.python erlang ];
-
- buildFlags = [ "PWD=$(out)/lib/erlang/lib/cuter-${version}" "cuter_target" ];
- configurePhase = ''
- autoconf
- ./configure --prefix $out
- '';
-
- installPhase = ''
- mkdir -p "$out/lib/erlang/lib/cuter-${version}"
- mkdir -p "$out/bin"
- cp -r * "$out/lib/erlang/lib/cuter-${version}"
- cp cuter "$out/bin/cuter"
- wrapProgram $out/bin/cuter \
- --prefix PATH : "${python}/bin" \
- --suffix PYTHONPATH : "${z3}/${python.sitePackages}" \
- --suffix ERL_LIBS : "$out/lib/erlang/lib"
- '';
-
- meta = {
- description = "A concolic testing tool for the Erlang functional programming language";
- license = lib.licenses.gpl3;
- homepage = "https://github.com/aggelgian/cuter";
- maintainers = with lib.maintainers; [ ericbmerritt ];
- platforms = with lib.platforms; unix;
- };
-}
diff --git a/pkgs/development/tools/ijq/default.nix b/pkgs/development/tools/ijq/default.nix
index 0b0af79301e..f3c0b6c7b1b 100644
--- a/pkgs/development/tools/ijq/default.nix
+++ b/pkgs/development/tools/ijq/default.nix
@@ -2,15 +2,15 @@
buildGoModule rec {
pname = "ijq";
- version = "0.2.3";
+ version = "0.3.4";
src = fetchgit {
url = "https://git.sr.ht/~gpanders/ijq";
rev = "v${version}";
- sha256 = "14n54jh5387jf97zhc7aidn7w60zp5624xbvq4jdbsh96apg3bk1";
+ sha256 = "ZKxEK6SPxEC0S5yXSzITPn0HhpJa4Bcf9X8/N+ZZAeA=";
};
- vendorSha256 = "0xbni6lk6y3ig7pj2234fv7ra6b8qv0k8m3bvh59wwans8xpihzb";
+ vendorSha256 = "04KlXE2I8ZVDbyo9tBnFskLB6fo5W5/lPzSpo8KGqUU=";
nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/development/tools/rust/cbindgen/latest.nix b/pkgs/development/tools/rust/cbindgen/latest.nix
new file mode 100644
index 00000000000..c1bc2fb4c07
--- /dev/null
+++ b/pkgs/development/tools/rust/cbindgen/latest.nix
@@ -0,0 +1,38 @@
+{ lib, stdenv, fetchFromGitHub, rustPlatform, python3Packages, Security }:
+
+rustPlatform.buildRustPackage rec {
+ pname = "rust-cbindgen";
+ version = "0.19.0";
+
+ src = fetchFromGitHub {
+ owner = "eqrion";
+ repo = "cbindgen";
+ rev = "v${version}";
+ sha256 = "0753dklr5lm1dmk6hy5khh8k3xyr5srfsq11l07685h71j7z0r00";
+ };
+
+ cargoSha256 = "0qyw0iqin7i31kk23ddsmywk7z0xxpd5n4q6dr6mf44y35a8krm8";
+
+ buildInputs = lib.optional stdenv.isDarwin Security;
+
+ checkInputs = [
+ python3Packages.cython
+ ];
+
+ checkFlags = [
+ # Disable tests that require rust unstable features
+ # https://github.com/eqrion/cbindgen/issues/338
+ "--skip test_expand"
+ "--skip test_bitfield"
+ "--skip lib_default_uses_debug_build"
+ "--skip lib_explicit_debug_build"
+ "--skip lib_explicit_release_build"
+ ];
+
+ meta = with lib; {
+ description = "A project for generating C bindings from Rust code";
+ homepage = "https://github.com/eqrion/cbindgen";
+ license = licenses.mpl20;
+ maintainers = with maintainers; [ jtojnar ];
+ };
+}
diff --git a/pkgs/development/tools/stagit/default.nix b/pkgs/development/tools/stagit/default.nix
index 85d64890180..cfbca202568 100644
--- a/pkgs/development/tools/stagit/default.nix
+++ b/pkgs/development/tools/stagit/default.nix
@@ -2,12 +2,12 @@
stdenv.mkDerivation rec {
pname = "stagit";
- version = "0.9.5";
+ version = "0.9.6";
src = fetchgit {
url = "git://git.codemadness.org/stagit";
rev = version;
- sha256 = "1wlx5k0v464fr1ifjv04v7ccwb559s54xpsbxdda4whyx1v0fbq4";
+ sha256 = "sha256-0vkdxtKZv7LyEHKGPrB4uOI2lD74+haelEanq2sOjkE=";
};
makeFlags = [ "PREFIX=$(out)" ];
diff --git a/pkgs/development/web/deno/default.nix b/pkgs/development/web/deno/default.nix
index 80e68003b4e..08c69dde399 100644
--- a/pkgs/development/web/deno/default.nix
+++ b/pkgs/development/web/deno/default.nix
@@ -17,15 +17,15 @@
rustPlatform.buildRustPackage rec {
pname = "deno";
- version = "1.10.2";
+ version = "1.10.3";
src = fetchFromGitHub {
owner = "denoland";
repo = pname;
rev = "v${version}";
- sha256 = "sha256-uePCEYcYahsxcgA+GDcloqqo+dr7Y2N/9nps6Y79D58=";
+ sha256 = "sha256-25FfxGtPZ+KQCmXur6pwrb1l/xjCWgw69CMLPihnhAU=";
};
- cargoSha256 = "sha256-6fm1RWuTVWCE6nKgkC/SRQYRXGf9SGv7kAXWNqsdQS8=";
+ cargoSha256 = "sha256-CopfdjafWAhpbrdYSHJjKHKCLw94TSaiSAH4CVFOHi8=";
# Install completions post-install
nativeBuildInputs = [ installShellFiles ];
diff --git a/pkgs/games/warzone2100/default.nix b/pkgs/games/warzone2100/default.nix
index c0707ed5e86..7f2ad875d8c 100644
--- a/pkgs/games/warzone2100/default.nix
+++ b/pkgs/games/warzone2100/default.nix
@@ -3,7 +3,7 @@
, fetchurl
, cmake
, ninja
-, zip
+, p7zip
, pkg-config
, asciidoctor
, gettext
@@ -68,7 +68,7 @@ stdenv.mkDerivation rec {
pkg-config
cmake
ninja
- zip
+ p7zip
asciidoctor
gettext
shaderc
diff --git a/pkgs/servers/dns/pdns-recursor/default.nix b/pkgs/servers/dns/pdns-recursor/default.nix
index fa8723ea965..ee3d8aafa1c 100644
--- a/pkgs/servers/dns/pdns-recursor/default.nix
+++ b/pkgs/servers/dns/pdns-recursor/default.nix
@@ -33,6 +33,9 @@ stdenv.mkDerivation rec {
description = "A recursive DNS server";
homepage = "https://www.powerdns.com/";
platforms = platforms.linux;
+ badPlatforms = [
+ "i686-linux" # a 64-bit time_t is needed
+ ];
license = licenses.gpl2;
maintainers = with maintainers; [ rnhmjoj ];
};
diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix
index c1444ecb6b3..0fce9981967 100644
--- a/pkgs/servers/matrix-synapse/default.nix
+++ b/pkgs/servers/matrix-synapse/default.nix
@@ -12,11 +12,11 @@ let
in
buildPythonApplication rec {
pname = "matrix-synapse";
- version = "1.34.0";
+ version = "1.35.1";
src = fetchPypi {
inherit pname version;
- sha256 = "sha256-lXVJfhcH9lKOCHn5f4Lc/OjgEYa5IpauKRhBsFXNWLw=";
+ sha256 = "sha256-MJ3RG60rWbcfQxhj34k99AFg8TsPd3ECEw/x2+xU1js=";
};
patches = [
@@ -27,12 +27,13 @@ buildPythonApplication rec {
buildInputs = [ openssl ];
propagatedBuildInputs = [
- setuptools
+ authlib
bcrypt
bleach
canonicaljson
daemonize
frozendict
+ ijson
jinja2
jsonschema
lxml
@@ -44,20 +45,20 @@ buildPythonApplication rec {
psutil
psycopg2
pyasn1
+ pyjwt
pymacaroons
pynacl
pyopenssl
pysaml2
pyyaml
requests
+ setuptools
signedjson
sortedcontainers
treq
twisted
- unpaddedbase64
typing-extensions
- authlib
- pyjwt
+ unpaddedbase64
] ++ lib.optional enableSystemd systemd
++ lib.optional enableRedis hiredis;
@@ -66,7 +67,6 @@ buildPythonApplication rec {
doCheck = !stdenv.isDarwin;
checkPhase = ''
- ${lib.optionalString (!enableRedis) "rm -r tests/replication # these tests need the optional dependency 'hiredis'"}
PYTHONPATH=".:$PYTHONPATH" ${python3.interpreter} -m twisted.trial tests
'';
diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix b/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
index 808e81370bb..ab92c29ee3d 100644
--- a/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
+++ b/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
@@ -10,6 +10,8 @@ let
};
in
ourNodePackages."${packageName}".override {
+ pname = "matrix-appservice-irc";
+
nativeBuildInputs = [ makeWrapper nodePackages.node-gyp-build ];
postInstall = ''
diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix b/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix
index 9d21065dc02..596739a45d7 100644
--- a/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix
+++ b/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix
@@ -13,6 +13,8 @@ let
};
in
nodePackages.package.override {
+ pname = "matrix-appservice-slack";
+
inherit src;
nativeBuildInputs = [ pkgs.makeWrapper ];
diff --git a/pkgs/servers/matrix-synapse/tools/default.nix b/pkgs/servers/matrix-synapse/tools/default.nix
index 43667f9e16d..defc35bc0e0 100644
--- a/pkgs/servers/matrix-synapse/tools/default.nix
+++ b/pkgs/servers/matrix-synapse/tools/default.nix
@@ -1,4 +1,6 @@
{ callPackage }:
{
rust-synapse-compress-state = callPackage ./rust-synapse-compress-state.nix { };
+
+ synadm = callPackage ./synadm.nix { };
}
diff --git a/pkgs/servers/matrix-synapse/tools/synadm.nix b/pkgs/servers/matrix-synapse/tools/synadm.nix
new file mode 100644
index 00000000000..b9a0ff3acd9
--- /dev/null
+++ b/pkgs/servers/matrix-synapse/tools/synadm.nix
@@ -0,0 +1,41 @@
+{ lib
+, python3Packages
+}:
+
+with python3Packages; buildPythonApplication rec {
+ pname = "synadm";
+ version = "0.29";
+ format = "setuptools";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "1vy30nwsns4jnv0s5i9jpyplxpclgwyw0gldpywv4z3fljs0lzik";
+ };
+
+ propagatedBuildInputs = [
+ click
+ click-option-group
+ tabulate
+ pyyaml
+ requests
+ ];
+
+ checkPhase = ''
+ runHook preCheck
+ export HOME=$TMPDIR
+ $out/bin/synadm -h > /dev/null
+ runHook postCheck
+ '';
+
+ meta = with lib; {
+ description = "Command line admin tool for Synapse";
+ longDescription = ''
+ A CLI tool to help admins of Matrix Synapse homeservers
+ conveniently issue commands available via its admin API's
+ (matrix-org/synapse@master/docs/admin_api)
+ '';
+ homepage = "https://github.com/JOJ0/synadm";
+ license = licenses.gpl3Plus;
+ maintainers = with maintainers; [ hexa ];
+ };
+}
diff --git a/pkgs/servers/matterbridge/default.nix b/pkgs/servers/matterbridge/default.nix
index d6865df66cd..a3e898e048a 100644
--- a/pkgs/servers/matterbridge/default.nix
+++ b/pkgs/servers/matterbridge/default.nix
@@ -1,18 +1,18 @@
-{ lib, buildGoModule, fetchurl }:
+{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "matterbridge";
- version = "1.22.1";
+ version = "1.22.2";
+
+ src = fetchFromGitHub {
+ owner = "42wim";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "sha256-H6Cy6yvX57QLNfZPeansZv6IJ4uQVqr0h24QsAlrLx8=";
+ };
vendorSha256 = null;
- doCheck = false;
-
- src = fetchurl {
- url = "https://github.com/42wim/matterbridge/archive/v${version}.tar.gz";
- sha256 = "sha256-yV805OWFNOxKIGd6t2kRcUzdB8xYWYHFK+W2u/QPTXg=";
- };
-
meta = with lib; {
description = "Simple bridge between Mattermost, IRC, XMPP, Gitter, Slack, Discord, Telegram, Rocket.Chat, Hipchat(via xmpp), Matrix and Steam";
homepage = "https://github.com/42wim/matterbridge";
diff --git a/pkgs/servers/monitoring/icinga2/default.nix b/pkgs/servers/monitoring/icinga2/default.nix
index e3ea1a80251..44c512196c6 100644
--- a/pkgs/servers/monitoring/icinga2/default.nix
+++ b/pkgs/servers/monitoring/icinga2/default.nix
@@ -9,13 +9,13 @@
stdenv.mkDerivation rec {
pname = "icinga2${nameSuffix}";
- version = "2.12.3";
+ version = "2.12.4";
src = fetchFromGitHub {
owner = "icinga";
repo = "icinga2";
rev = "v${version}";
- sha256 = "0pq6ixv7d9bqys8qjxqq0jki3zncj8jdfavkp7qw125iyfjq48xk";
+ sha256 = "sha256-SJBOZzLbmW4525G3w6BVS53kOd2bJ5rEbwwb4Lo5q8I=";
};
patches = [
diff --git a/pkgs/servers/mx-puppet-discord/default.nix b/pkgs/servers/mx-puppet-discord/default.nix
index b3b72c2c5f2..d2606148768 100644
--- a/pkgs/servers/mx-puppet-discord/default.nix
+++ b/pkgs/servers/mx-puppet-discord/default.nix
@@ -16,7 +16,10 @@ let
};
in myNodePackages.package.override {
+ pname = "mx-puppet-discord";
+
inherit src;
+
nativeBuildInputs = [ nodePackages.node-pre-gyp pkg-config ];
buildInputs = [ libjpeg pixman cairo pango ];
diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix
index 5856d0d17b5..a1b2b0570c3 100644
--- a/pkgs/servers/nosql/redis/default.nix
+++ b/pkgs/servers/nosql/redis/default.nix
@@ -5,11 +5,11 @@
stdenv.mkDerivation rec {
pname = "redis";
- version = "6.2.3";
+ version = "6.2.4";
src = fetchurl {
url = "https://download.redis.io/releases/${pname}-${version}.tar.gz";
- sha256 = "sha256-mO19UytelnH13wglu3Hw83SDoWVGNkBJOExj24dkUSs=";
+ sha256 = "0vp1d9mlfsppry3nsj9f7bmh9wjgsy3jggp24sac1hhgl43c8cms";
};
# Cross-compiling fixes
diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix
index 7beaeb20943..3ae30699546 100644
--- a/pkgs/servers/samba/4.x.nix
+++ b/pkgs/servers/samba/4.x.nix
@@ -26,6 +26,7 @@
, tdb
, cmocka
, rpcsvc-proto
+, python3Packages
, nixosTests
, enableLDAP ? false, openldap
@@ -91,10 +92,10 @@ stdenv.mkDerivation rec {
libtasn1
tdb
] ++ optionals stdenv.isLinux [ liburing systemd ]
- ++ optional enableLDAP openldap
+ ++ optionals enableLDAP [ openldap.dev python3Packages.markdown ]
++ optional (enablePrinting && stdenv.isLinux) cups
++ optional enableMDNS avahi
- ++ optionals enableDomainController [ gpgme lmdb ]
+ ++ optionals enableDomainController [ gpgme lmdb python3Packages.dnspython ]
++ optional enableRegedit ncurses
++ optional (enableCephFS && stdenv.isLinux) libceph
++ optionals (enableGlusterFS && stdenv.isLinux) [ glusterfs libuuid ]
diff --git a/pkgs/servers/sql/postgresql/ext/pg_partman.nix b/pkgs/servers/sql/postgresql/ext/pg_partman.nix
index fb690e96328..d2e7dd37be1 100644
--- a/pkgs/servers/sql/postgresql/ext/pg_partman.nix
+++ b/pkgs/servers/sql/postgresql/ext/pg_partman.nix
@@ -2,7 +2,7 @@
stdenv.mkDerivation rec {
pname = "pg_partman";
- version = "4.4.1";
+ version = "4.5.1";
buildInputs = [ postgresql ];
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
owner = "pgpartman";
repo = pname;
rev = "refs/tags/v${version}";
- sha256 = "sha256-jFG2Zna97FHZin2V3Cwy5JcdeFh09Yy/eoyHtcCorPA=";
+ sha256 = "182yqvgcpgw99swn7w516f6d1bid2gnmf6dfsgmldx5viz0d6vi0";
};
installPhase = ''
diff --git a/pkgs/servers/tailscale/default.nix b/pkgs/servers/tailscale/default.nix
index bd75a45154d..be3b4209eb9 100644
--- a/pkgs/servers/tailscale/default.nix
+++ b/pkgs/servers/tailscale/default.nix
@@ -2,13 +2,13 @@
buildGoModule rec {
pname = "tailscale";
- version = "1.8.5";
+ version = "1.8.6";
src = fetchFromGitHub {
owner = "tailscale";
repo = "tailscale";
rev = "v${version}";
- sha256 = "0wr6zb8v5082gbh0isz8inmndvqfqgmh5bgaz8ij2id5qwx5znx6";
+ sha256 = "1h3ry4y62wwcv4z3yjqal4ch4xy40k9s3rq20lqs3r58kblnaxs2";
};
nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/tools/admin/fioctl/default.nix b/pkgs/tools/admin/fioctl/default.nix
index c27b18ac6d5..0e0c977acd0 100644
--- a/pkgs/tools/admin/fioctl/default.nix
+++ b/pkgs/tools/admin/fioctl/default.nix
@@ -2,16 +2,16 @@
buildGoModule rec {
pname = "fioctl";
- version = "0.16";
+ version = "0.17";
src = fetchFromGitHub {
owner = "foundriesio";
repo = "fioctl";
rev = "v${version}";
- sha256 = "1mm62piih7x2886wpgqd8ks22vpmrjgxs4alskiqz61bgshks9vw";
+ sha256 = "sha256-u23BQ/sRAfUO36uqv7xY+DkseDnlVesgamsgne8N8kU=";
};
- vendorSha256 = "170z5a1iwwcpz890nficqnz7rr7yzdxr5jx9pa7s31z17lr8kbz9";
+ vendorSha256 = "sha256-6a+JMj3hh6GPuqnLknv7/uR8vsUsOgsS+pdxHoMqH5w=";
runVend = true;
diff --git a/pkgs/tools/audio/botamusique/node-packages.nix b/pkgs/tools/audio/botamusique/node-packages.nix
index 8857e1e76f9..c9bdb6f0097 100644
--- a/pkgs/tools/audio/botamusique/node-packages.nix
+++ b/pkgs/tools/audio/botamusique/node-packages.nix
@@ -4527,7 +4527,7 @@ let
name = "botamusique";
packageName = "botamusique";
version = "0.0.0";
- src = ../../../../../../../../../tmp/tmp.hWY9btrx5g;
+ src = ../../../../../../../../../tmp/tmp.UAoivnXH3n;
dependencies = [
sources."@babel/code-frame-7.10.4"
sources."@babel/compat-data-7.12.7"
diff --git a/pkgs/tools/audio/botamusique/src.json b/pkgs/tools/audio/botamusique/src.json
index c7e61947460..d1337f5ae68 100644
--- a/pkgs/tools/audio/botamusique/src.json
+++ b/pkgs/tools/audio/botamusique/src.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/azlux/botamusique",
- "rev": "33a9e75ba9d0a382f7a76d23a0ceb626924a8b49",
- "date": "2021-05-19T22:37:39+08:00",
- "path": "/nix/store/dqc2vjd43cixm49w8g66wvi9zmdfwsdd-botamusique",
- "sha256": "18lbgslx9vdwd5nrbkqfjvzaikp2swvv375v9gql7cg8p46w7i11",
+ "rev": "ba02cdebf2e175dc371995361eafcb88ad2c1b52",
+ "date": "2021-06-01T23:39:44+02:00",
+ "path": "/nix/store/dp5vnj7zqv1sp1ab5xycvvqdpia9xb71-botamusique",
+ "sha256": "01d51y6h38hs4ynjgz050ryy14sp5y2c3n7f80mcv0a4ls8413qp",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/pkgs/tools/compression/zstd/default.nix b/pkgs/tools/compression/zstd/default.nix
index e890518a45a..2740ebde5bd 100644
--- a/pkgs/tools/compression/zstd/default.nix
+++ b/pkgs/tools/compression/zstd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, cmake, bash, gnugrep
+{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, bash, gnugrep
, fixDarwinDylibNames
, file
, legacySupport ? false
@@ -24,7 +24,13 @@ stdenv.mkDerivation rec {
# This patches makes sure we do not attempt to use the MD5 implementation
# of the host platform when running the tests
./playtests-darwin.patch
- ];
+ ] ++ lib.optional stdenv.is32bit
+ (fetchpatch { # https://github.com/facebook/zstd/pull/2606
+ name = "test-memory-usage.diff";
+ url = "https://github.com/facebook/zstd/commit/6f40571a.diff";
+ sha256 = "1484k5b99wplv9vjvvxjn88l13hlay6bynhq3zh1nd34whyi1kd0";
+ });
+
postPatch = lib.optionalString (!static) ''
substituteInPlace build/cmake/CMakeLists.txt \
diff --git a/pkgs/tools/misc/betterdiscordctl/default.nix b/pkgs/tools/misc/betterdiscordctl/default.nix
index e839d9ef09c..f75f3a6f822 100644
--- a/pkgs/tools/misc/betterdiscordctl/default.nix
+++ b/pkgs/tools/misc/betterdiscordctl/default.nix
@@ -2,22 +2,28 @@
stdenv.mkDerivation rec {
pname = "betterdiscordctl";
- version = "1.7.1";
+ version = "2.0.0";
src = fetchFromGitHub {
owner = "bb010g";
repo = "betterdiscordctl";
rev = "v${version}";
- sha256 = "12c3phcfwl4p2jfh22ihm57vxw4nq5kwqirb7y4gzc91swfh5yj1";
+ sha256 = "1wys3wbcz5hq8275ia2887kr5fzz4b3gkcp56667j9k0p3k3zfac";
};
- preBuild = "sed -i 's/^nix=$/&yes/g;s/^DISABLE_UPGRADE=$/&yes/g' ./betterdiscordctl";
+ postPatch = ''
+ substituteInPlace betterdiscordctl \
+ --replace "DISABLE_SELF_UPGRADE=" "DISABLE_SELF_UPGRADE=yes"
+ '';
installPhase = ''
- mkdir -p $out/bin
- mkdir -p $out/share/doc/betterdiscordctl
+ runHook preInstall
+
+ mkdir -p "$out/bin" "$out/share/doc/betterdiscordctl"
install -Dm744 betterdiscordctl $out/bin/betterdiscordctl
install -Dm644 README.md $out/share/doc/betterdiscordctl/README.md
+
+ runHook postInstall
'';
meta = with lib; {
diff --git a/pkgs/tools/networking/v2ray/default.nix b/pkgs/tools/networking/v2ray/default.nix
index 89e2f0f320d..4c4b46c2520 100644
--- a/pkgs/tools/networking/v2ray/default.nix
+++ b/pkgs/tools/networking/v2ray/default.nix
@@ -3,22 +3,22 @@
}:
let
- version = "4.38.3";
+ version = "4.39.2";
src = fetchFromGitHub {
owner = "v2fly";
repo = "v2ray-core";
rev = "v${version}";
- sha256 = "1vsq98h6zbm3wz1mgphl7dqlabgfg53fhkyn47vfbhhkbx6nwl7c";
+ sha256 = "0rgwxsix2qy5w44s2ramalsn1bqznj2yra8bakcms8yl9yh0gbvd";
};
- vendorSha256 = "sha256-jXpGlJ30xBttysbUekMdw8fH0KVfPufWq0t7AXZrDEQ=";
+ vendorSha256 = "sha256-1LEKg9kyF4QBrzLP5TyKmFLPBprJRNqGxtkAI1mHx4Y=";
assets = {
# MIT licensed
"geoip.dat" = let
- geoipRev = "202104300531";
- geoipSha256 = "0srskpp0pmw4fzp4lgachjjvig4fy96523r7aj2bwig0ipfgr401";
+ geoipRev = "202105270041";
+ geoipSha256 = "0g67lggc41himpnbbghm4xlnbv4dl2fyidxplh3pl6ajqb4wxwd5";
in fetchurl {
url = "https://github.com/v2fly/geoip/releases/download/${geoipRev}/geoip.dat";
sha256 = geoipSha256;
@@ -26,8 +26,8 @@ let
# MIT licensed
"geosite.dat" = let
- geositeRev = "20210430100800";
- geositeSha256 = "0wp111iip3lhkgpbrzzivl5flj44vj7slx9w7k307sls6hmjzlcb";
+ geositeRev = "20210527065138";
+ geositeSha256 = "1335zyc5zrwws46ldv0sqn51kpkfwfksbfw6hd53fakz0whxki0g";
in fetchurl {
url = "https://github.com/v2fly/domain-list-community/releases/download/${geositeRev}/dlc.dat";
sha256 = geositeSha256;
diff --git a/pkgs/tools/package-management/morph/default.nix b/pkgs/tools/package-management/morph/default.nix
index 61e4a897f48..56d824059f5 100644
--- a/pkgs/tools/package-management/morph/default.nix
+++ b/pkgs/tools/package-management/morph/default.nix
@@ -1,18 +1,17 @@
-{ buildGoPackage, fetchFromGitHub, go-bindata, openssh, makeWrapper, lib }:
+{ buildGoModule, fetchFromGitHub, go-bindata, openssh, makeWrapper, lib }:
-buildGoPackage rec {
+buildGoModule rec {
pname = "morph";
- version = "1.5.0";
+ version = "1.6.0";
src = fetchFromGitHub {
owner = "dbcdk";
repo = "morph";
rev = "v${version}";
- sha256 = "064ccvvq4yk17jy5jvi1nxfp5ajvnvn2k4zvh9v0n3ragcl3rd20";
+ sha256 = "0aibs4gsb9pl21nd93bf963kdzf0661qn0liaw8v8ak2xbz7nbs8";
};
- goPackagePath = "github.com/dbcdk/morph";
- goDeps = ./deps.nix;
+ vendorSha256 = "08zzp0h4c4i5hk4whz06a3da7qjms6lr36596vxz0d8q0n7rspr9";
nativeBuildInputs = [ makeWrapper go-bindata ];
@@ -28,7 +27,7 @@ buildGoPackage rec {
postInstall = ''
mkdir -p $lib
- cp -v go/src/$goPackagePath/data/*.nix $lib
+ cp -v ./data/*.nix $lib
wrapProgram $out/bin/morph --prefix PATH : ${lib.makeBinPath [ openssh ]};
'';
diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix
index 159fc5b39c1..598d43bb840 100644
--- a/pkgs/tools/package-management/nix/default.nix
+++ b/pkgs/tools/package-management/nix/default.nix
@@ -119,9 +119,12 @@ common =
[ "--with-store-dir=${storeDir}"
"--localstatedir=${stateDir}"
"--sysconfdir=${confDir}"
- "--disable-init-state"
"--enable-gc"
]
+ ++ lib.optionals (!is24) [
+ # option was removed in 2.4
+ "--disable-init-state"
+ ]
++ lib.optionals stdenv.isLinux [
"--with-sandbox-shell=${sh}/bin/busybox"
]
@@ -196,10 +199,10 @@ in rec {
nixStable = callPackage common (rec {
pname = "nix";
- version = "2.3.11";
+ version = "2.3.12";
src = fetchurl {
url = "https://nixos.org/releases/nix/${pname}-${version}/${pname}-${version}.tar.xz";
- sha256 = "89a8d7995305a78b1561e6670bbf1879c791fc4904eb094bc4f180775a61c128";
+ sha256 = "sha256-ITp9ScRhB5syNh5NAI0kjX9o400syTR/Oo/5Ap+a+10=";
};
inherit storeDir stateDir confDir boehmgc;
@@ -208,23 +211,17 @@ in rec {
nixUnstable = lib.lowPrio (callPackage common rec {
pname = "nix";
version = "2.4${suffix}";
- suffix = "pre20210503_6d2553a";
+ suffix = "pre20210601_5985b8b";
src = fetchFromGitHub {
owner = "NixOS";
repo = "nix";
- rev = "6d2553ae1496288554e871c530836428f405fd67";
- sha256 = "sha256-YeSeyOKhBAXHlkzo4mwYr8QIjIP9AgdpJ7YdhqOO2CA=";
+ rev = "5985b8b5275605ddd5e92e2f0a7a9f494ac6e35d";
+ sha256 = "sha256-2So7ZsD8QJlOXCYqdoj8naNgBw6O4Vw1MM2ORsaqlXc=";
};
inherit storeDir stateDir confDir boehmgc;
- patches = [
- (fetchpatch {
- url = "https://github.com/NixOS/nix/commit/8c7e043de2f673bc355d83f1e873baa93f30be62.patch";
- sha256 = "sha256-aTcUnZXheewnyCT7yQKnTqQDKS2uDoN9plMQgxJH8Ag=";
- })
- ];
});
}
diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix
index 84fe06e6c19..f72f3c978ff 100644
--- a/pkgs/tools/security/step-ca/default.nix
+++ b/pkgs/tools/security/step-ca/default.nix
@@ -11,16 +11,16 @@
buildGoModule rec {
pname = "step-ca";
- version = "0.15.11";
+ version = "0.15.15";
src = fetchFromGitHub {
owner = "smallstep";
repo = "certificates";
rev = "v${version}";
- sha256 = "wFRs3n6V0z2keNVtqFw1q5jpA6BvNK5EftsNhichfsY=";
+ sha256 = "sha256-YYYpMHEis/zoRsdwW70X8zn0FMsW+2vMYdlWxr3qqzY==";
};
- vendorSha256 = "f1NdszqYYx6X1HqwqG26jjfjXq1gDXLOrh64ccKRQ90=";
+ vendorSha256 = "sha256-mjj+70/ioqcchB3X5vZPb0Oa7lA/qKh5zEpidT0jrEs=";
nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ];
diff --git a/pkgs/tools/security/step-cli/default.nix b/pkgs/tools/security/step-cli/default.nix
index 2b6ec57bbf2..a13eec71eb8 100644
--- a/pkgs/tools/security/step-cli/default.nix
+++ b/pkgs/tools/security/step-cli/default.nix
@@ -1,26 +1,24 @@
{ lib
, buildGoModule
, fetchFromGitHub
-, fetchpatch
}:
buildGoModule rec {
pname = "step-cli";
- version = "0.15.3-22-g3ddc5aa";
+ version = "0.15.16";
- # 0.15.3 isn't enough, because we need https://github.com/smallstep/cli/pull/394
src = fetchFromGitHub {
owner = "smallstep";
repo = "cli";
- rev = "3ddc5aaafccb23ba9a20abfa70109a2923f298e3";
- sha256 = "1kd04hi764xa3f9p6aw6k9f6wa4y6xsmzby5jxvvkhim4w78brw0";
+ rev = "v${version}";
+ sha256 = "sha256-/HqCG3LscwogLXvZlL2CVo2Pj1hVRnOMPCmG1hxrG/I=";
};
preCheck = ''
# Tries to connect to smallstep.com
rm command/certificate/remote_test.go
'';
- vendorSha256 = "04hckq78g1p04b2q0rq4xw6d880hqhkabbx1pc3pf8r1m6jxwz10";
+ vendorSha256 = "sha256-plQgIqs6QUbzndn8C0ByKceGtz/JxZ1Rx0fXWHNJ0kM=";
meta = with lib; {
description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc";
diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix
index 506bf0f719d..3eb5495d2c9 100644
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -1,5 +1,4 @@
{ lib, stdenv
-, fetchpatch
, fetchFromGitHub
, autoreconfHook
, pcre
@@ -11,17 +10,18 @@
, enableDotNet ? true
, enableMacho ? true
, enableMagic ? true, file
+, enableStatic ? false
}:
stdenv.mkDerivation rec {
- version = "4.0.5";
+ version = "4.1.1";
pname = "yara";
src = fetchFromGitHub {
owner = "VirusTotal";
repo = "yara";
rev = "v${version}";
- sha256 = "1gkdll2ygdlqy1f27a5b84gw2bq75ss7acsx06yhiss90qwdaalq";
+ sha256 = "185j7firn7i5506rcp0va7sxdbminwrm06jsm4c70jf98qxmv522";
};
nativeBuildInputs = [ autoreconfHook pkg-config ];
@@ -34,19 +34,6 @@ stdenv.mkDerivation rec {
preConfigure = "./bootstrap.sh";
- # If static builds are disabled, `make all-am` will fail to find libyara.a and
- # cause a build failure. It appears that somewhere between yara 4.0.1 and
- # 4.0.5, linking the yara binaries dynamically against libyara.so was broken.
- #
- # This was already fixed in yara master. Backport the patch to yara 4.0.5.
- patches = [
- (fetchpatch {
- name = "fix-build-with-no-static.patch";
- url = "https://github.com/VirusTotal/yara/commit/52e6866023b9aca26571c78fb8759bc3a51ba6dc.diff";
- sha256 = "074cf99j0rqiyacp60j1hkvjqxia7qwd11xjqgcr8jmfwihb38nr";
- })
- ];
-
configureFlags = [
(lib.withFeature withCrypto "crypto")
(lib.enableFeature enableCuckoo "cuckoo")
@@ -54,8 +41,11 @@ stdenv.mkDerivation rec {
(lib.enableFeature enableDotNet "dotnet")
(lib.enableFeature enableMacho "macho")
(lib.enableFeature enableMagic "magic")
+ (lib.enableFeature enableStatic "static")
];
+ doCheck = enableStatic;
+
meta = with lib; {
description = "The pattern matching swiss knife for malware researchers";
homepage = "http://Virustotal.github.io/yara/";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e563a29cb2e..0d45fa4e5e1 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3121,7 +3121,6 @@ in
step-ca = callPackage ../tools/security/step-ca {
inherit (darwin.apple_sdk.frameworks) PCSC;
- buildGoModule = buildGo115Module;
};
step-cli = callPackage ../tools/security/step-cli { };
@@ -11758,6 +11757,10 @@ in
rust-cbindgen = callPackage ../development/tools/rust/cbindgen {
inherit (darwin.apple_sdk.frameworks) Security;
};
+ rust-cbindgen_latest = callPackage ../development/tools/rust/cbindgen/latest.nix {
+ inherit (darwin.apple_sdk.frameworks) Security;
+ };
+
rustup = callPackage ../development/tools/rust/rustup {
inherit (darwin.apple_sdk.frameworks) CoreServices Security;
};
@@ -12031,7 +12034,7 @@ in
beam_nox = callPackage ./beam-packages.nix { wxSupport = false; };
inherit (beam.interpreters)
- erlang erlangR24 erlangR23 erlangR22 erlangR21 erlangR20 erlangR19 erlangR18
+ erlang erlangR24 erlangR23 erlangR22 erlangR21
erlang_odbc erlang_javac erlang_odbc_javac erlang_basho_R16B02
elixir elixir_1_11 elixir_1_10 elixir_1_9 elixir_1_8 elixir_1_7
elixir_ls;
@@ -12044,8 +12047,6 @@ in
fetchHex beamPackages
relxExe;
- inherit (beam.packages.erlangR19) cuter lfe_1_2;
-
inherit (beam.packages.erlangR21) lfe lfe_1_3;
groovy = callPackage ../development/interpreters/groovy { };
@@ -19203,7 +19204,7 @@ in
zlib = zlib-ng.override { withZlibCompat = true; };
withPerl = false;
# We don't use `with` statement here on purpose!
- # See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
+ # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
# Use latest boringssl to allow http3 support
openssl = boringssl;
@@ -19213,7 +19214,7 @@ in
zlib = zlib-ng.override { withZlibCompat = true; };
withPerl = false;
# We don't use `with` statement here on purpose!
- # See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
+ # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
};
@@ -19221,7 +19222,7 @@ in
zlib = zlib-ng.override { withZlibCompat = true; };
withPerl = false;
# We don't use `with` statement here on purpose!
- # See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
+ # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334
modules = [ nginxModules.dav nginxModules.moreheaders ];
};
@@ -19683,7 +19684,6 @@ in
enableDomainController = true;
enableRegedit = true;
enableCephFS = !pkgs.stdenv.hostPlatform.isAarch64;
- enableGlusterFS = true;
});
sambaFull = samba4Full;
@@ -19871,7 +19871,7 @@ in
xwayland = callPackage ../servers/x11/xorg/xwayland.nix { };
yaws = callPackage ../servers/http/yaws {
- erlang = erlangR18;
+ erlang = erlangR21;
};
youtrack = callPackage ../servers/jetbrains/youtrack.nix { };
@@ -20506,8 +20506,6 @@ in
bbswitch = callPackage ../os-specific/linux/bbswitch {};
- ati_drivers_x11 = throw "ati drivers are no longer supported by any kernel >=4.1"; # added 2021-05-18
-
chipsec = callPackage ../tools/security/chipsec {
inherit kernel;
withDriver = true;
@@ -20679,6 +20677,9 @@ in
zfs = zfsStable;
can-isotp = callPackage ../os-specific/linux/can-isotp { };
+ } // lib.optionalAttrs (config.allowAliases or false) {
+ # aliases or removed packages
+ ati_drivers_x11 = throw "ati drivers are no longer supported by any kernel >=4.1"; # added 2021-05-18
});
# The current default kernel / kernel modules.
@@ -22852,6 +22853,8 @@ in
cni = callPackage ../applications/networking/cluster/cni {};
cni-plugins = callPackage ../applications/networking/cluster/cni/plugins.nix {};
+ dnsname-cni = callPackage ../applications/networking/cluster/dnsname-cni {};
+
cntr = callPackage ../applications/virtualization/cntr { };
communi = libsForQt5.callPackage ../applications/networking/irc/communi { };
@@ -23021,6 +23024,7 @@ in
docker = docker_20_10;
docker-edge = docker_20_10;
+ docker-client = docker.override { clientOnly = true; };
docker-proxy = callPackage ../applications/virtualization/docker/proxy.nix { };
diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix
index 688d1607240..cb6e68c2890 100644
--- a/pkgs/top-level/beam-packages.nix
+++ b/pkgs/top-level/beam-packages.nix
@@ -1,4 +1,4 @@
-{ callPackage, wxGTK30, openssl_1_0_2, buildPackages, wxSupport ? true }:
+{ callPackage, wxGTK30, buildPackages, wxSupport ? true }:
rec {
lib = callPackage ../development/beam-modules/lib.nix { };
@@ -72,47 +72,6 @@ rec {
odbcSupport = true;
};
- # R20
- erlangR20 = lib.callErlang ../development/interpreters/erlang/R20.nix {
- wxGTK = wxGTK30;
- autoconf = buildPackages.autoconf269;
- inherit wxSupport;
- };
- erlangR20_odbc = erlangR20.override { odbcSupport = true; };
- erlangR20_javac = erlangR20.override { javacSupport = true; };
- erlangR20_odbc_javac = erlangR20.override {
- javacSupport = true;
- odbcSupport = true;
- };
-
- # R19
- erlangR19 = lib.callErlang ../development/interpreters/erlang/R19.nix {
- wxGTK = wxGTK30;
- openssl = openssl_1_0_2;
- autoconf = buildPackages.autoconf269;
- inherit wxSupport;
- };
- erlangR19_odbc = erlangR19.override { odbcSupport = true; };
- erlangR19_javac = erlangR19.override { javacSupport = true; };
- erlangR19_odbc_javac = erlangR19.override {
- javacSupport = true;
- odbcSupport = true;
- };
-
- # R18
- erlangR18 = lib.callErlang ../development/interpreters/erlang/R18.nix {
- wxGTK = wxGTK30;
- openssl = openssl_1_0_2;
- autoconf = buildPackages.autoconf269;
- inherit wxSupport;
- };
- erlangR18_odbc = erlangR18.override { odbcSupport = true; };
- erlangR18_javac = erlangR18.override { javacSupport = true; };
- erlangR18_odbc_javac = erlangR18.override {
- javacSupport = true;
- odbcSupport = true;
- };
-
# Basho fork, using custom builder.
erlang_basho_R16B02 =
lib.callErlang ../development/interpreters/erlang/R16B02-basho.nix {
@@ -128,7 +87,7 @@ rec {
inherit (packages.erlang)
elixir elixir_1_11 elixir_1_10 elixir_1_9 elixir_1_8 elixir_1_7 elixir_ls;
- inherit (packages.erlang) lfe lfe_1_2 lfe_1_3;
+ inherit (packages.erlang) lfe lfe_1_3;
};
# Helper function to generate package set with a specific Erlang version.
@@ -145,8 +104,5 @@ rec {
erlangR23 = packagesWith interpreters.erlangR23;
erlangR22 = packagesWith interpreters.erlangR22;
erlangR21 = packagesWith interpreters.erlangR21;
- erlangR20 = packagesWith interpreters.erlangR20;
- erlangR19 = packagesWith interpreters.erlangR19;
- erlangR18 = packagesWith interpreters.erlangR18;
};
}
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index 7bcdf6190c8..7b0c8b5fe9a 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -13677,10 +13677,10 @@ let
Mojolicious = buildPerlPackage {
pname = "Mojolicious";
- version = "9.17";
+ version = "9.19";
src = fetchurl {
- url = "mirror://cpan/authors/id/S/SR/SRI/Mojolicious-9.17.tar.gz";
- sha256 = "13dxjhr03dhh1f5bbxbb3jiwdv7jby96qqb97l3arf5x043yd9hd";
+ url = "mirror://cpan/authors/id/S/SR/SRI/Mojolicious-9.19.tar.gz";
+ sha256 = "15qs99sl3ckzqwpqk4kawhamdm6160bzxyikf3blym4fn1k6s1a5";
};
meta = {
homepage = "https://mojolicious.org";
diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix
index 0f61402bb05..c59391ce290 100644
--- a/pkgs/top-level/php-packages.nix
+++ b/pkgs/top-level/php-packages.nix
@@ -235,7 +235,7 @@ lib.makeScope pkgs.newScope (self: with self; {
(dep: "mkdir -p ext; ln -s ${dep.dev}/include ext/${dep.extensionName}")
internalDeps}
'';
- checkPhase = "runHook preCheck; echo n | make test; runHook postCheck";
+ checkPhase = "runHook preCheck; NO_INTERACTON=yes make test; runHook postCheck";
outputs = [ "out" "dev" ];
installPhase = ''
mkdir -p $out/lib/php/extensions
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index e562c64b5ff..20a970ec6b4 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1411,6 +1411,8 @@ in {
click-log = callPackage ../development/python-modules/click-log { };
+ click-option-group = callPackage ../development/python-modules/click-option-group { };
+
click-plugins = callPackage ../development/python-modules/click-plugins { };
click-spinner = callPackage ../development/python-modules/click-spinner { };