From 813b3b2a0c7ce01f6bd91751055e5d667acdf366 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 26 May 2021 04:56:46 +0200
Subject: [PATCH 001/126] Revert "python3Packages.pywemo: disable failing test"

This reverts commit 60c98baf17095794a5bf9219b3de843ae595ebca.

The original issue was a result of a libxml2 regression that has since
been fixed.
---
 pkgs/development/python-modules/pywemo/default.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pkgs/development/python-modules/pywemo/default.nix b/pkgs/development/python-modules/pywemo/default.nix
index 7448f1f7f2c..ceb190fe753 100644
--- a/pkgs/development/python-modules/pywemo/default.nix
+++ b/pkgs/development/python-modules/pywemo/default.nix
@@ -47,11 +47,6 @@ buildPythonPackage rec {
     pytestCheckHook
   ];
 
-  disabledTests = [
-    # https://github.com/NixOS/nixpkgs/issues/124165
-    "test_bridge_getdevicestatus"
-  ];
-
   pythonImportsCheck = [ "pywemo" ];
 
   meta = with lib; {

From 5621b77a7e04bea48743c3b532274ece280f6d08 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Wed, 26 May 2021 22:22:19 +0100
Subject: [PATCH 002/126] python3Packages.hdbscan: disable another flaky test

(cherry picked from commit 5bae3c6746d121e5acbdf3fda5fde31eac2d60d0)
---
 pkgs/development/python-modules/hdbscan/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/development/python-modules/hdbscan/default.nix b/pkgs/development/python-modules/hdbscan/default.nix
index 5264ff24890..bf48d6cf5e7 100644
--- a/pkgs/development/python-modules/hdbscan/default.nix
+++ b/pkgs/development/python-modules/hdbscan/default.nix
@@ -40,6 +40,8 @@ buildPythonPackage rec {
     "test_mem_vec_diff_clusters"
     "test_all_points_mem_vec_diff_clusters"
     "test_approx_predict_diff_clusters"
+    # another flaky test https://github.com/scikit-learn-contrib/hdbscan/issues/421
+    "test_hdbscan_boruvka_balltree_matches"
   ];
 
   meta = with lib; {

From c444b9f55bd6c5a2c03f0cf7f4e5a4ef21014680 Mon Sep 17 00:00:00 2001
From: Pacman99 <pachum99@myrdd.info>
Date: Sun, 23 May 2021 14:45:47 -0700
Subject: [PATCH 003/126] matrix-appservice-irc: set pname

(cherry picked from commit 41e46599ea2b6b947e14ccb3f1d38326bced3585)
---
 pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix b/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
index 808e81370bb..ab92c29ee3d 100644
--- a/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
+++ b/pkgs/servers/matrix-synapse/matrix-appservice-irc/default.nix
@@ -10,6 +10,8 @@ let
   };
 in
 ourNodePackages."${packageName}".override {
+  pname = "matrix-appservice-irc";
+
   nativeBuildInputs = [ makeWrapper nodePackages.node-gyp-build ];
 
   postInstall = ''

From 684d2e79242097670ea923c008d85b5d62914d66 Mon Sep 17 00:00:00 2001
From: Pacman99 <pachum99@myrdd.info>
Date: Sun, 23 May 2021 14:46:03 -0700
Subject: [PATCH 004/126] matrix-appservice-slack: set pname

(cherry picked from commit a811e7385c6a4dd8eeb871f994939ff99260fa75)
---
 pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix b/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix
index 9d21065dc02..596739a45d7 100644
--- a/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix
+++ b/pkgs/servers/matrix-synapse/matrix-appservice-slack/default.nix
@@ -13,6 +13,8 @@ let
   };
 in
 nodePackages.package.override {
+  pname = "matrix-appservice-slack";
+
   inherit src;
 
   nativeBuildInputs = [ pkgs.makeWrapper ];

From b9c25438fd23c42fb3e62b8efade45b33be49e4a Mon Sep 17 00:00:00 2001
From: Pacman99 <pachum99@myrdd.info>
Date: Sun, 23 May 2021 14:46:18 -0700
Subject: [PATCH 005/126] mx-puppet-discord: set pname

(cherry picked from commit 166aabe0c7ccd972ea3be092ab900d3a637216ef)
---
 pkgs/servers/mx-puppet-discord/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/servers/mx-puppet-discord/default.nix b/pkgs/servers/mx-puppet-discord/default.nix
index b3b72c2c5f2..d2606148768 100644
--- a/pkgs/servers/mx-puppet-discord/default.nix
+++ b/pkgs/servers/mx-puppet-discord/default.nix
@@ -16,7 +16,10 @@ let
   };
 
 in myNodePackages.package.override {
+  pname = "mx-puppet-discord";
+
   inherit src;
+
   nativeBuildInputs = [ nodePackages.node-pre-gyp pkg-config ];
   buildInputs = [ libjpeg pixman cairo pango ];
 

From f6db4eba2575d96ad5b1e54c56c308e4934f4f64 Mon Sep 17 00:00:00 2001
From: David Guibert <david.guibert@gmail.com>
Date: Sat, 15 May 2021 22:00:20 +0200
Subject: [PATCH 006/126] step-ca: 0.15.11 -> 0.15.15

(cherry picked from commit f9eedc34577b5484307e30efa81c6f0521427919)
---
 pkgs/tools/security/step-ca/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix
index 84fe06e6c19..f72f3c978ff 100644
--- a/pkgs/tools/security/step-ca/default.nix
+++ b/pkgs/tools/security/step-ca/default.nix
@@ -11,16 +11,16 @@
 
 buildGoModule rec {
   pname = "step-ca";
-  version = "0.15.11";
+  version = "0.15.15";
 
   src = fetchFromGitHub {
     owner = "smallstep";
     repo = "certificates";
     rev = "v${version}";
-    sha256 = "wFRs3n6V0z2keNVtqFw1q5jpA6BvNK5EftsNhichfsY=";
+    sha256 = "sha256-YYYpMHEis/zoRsdwW70X8zn0FMsW+2vMYdlWxr3qqzY==";
   };
 
-  vendorSha256 = "f1NdszqYYx6X1HqwqG26jjfjXq1gDXLOrh64ccKRQ90=";
+  vendorSha256 = "sha256-mjj+70/ioqcchB3X5vZPb0Oa7lA/qKh5zEpidT0jrEs=";
 
   nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ];
 

From 08e23c65c1b271c148f544b46434dcfd695c07c5 Mon Sep 17 00:00:00 2001
From: David Guibert <david.guibert@gmail.com>
Date: Sat, 15 May 2021 22:08:07 +0200
Subject: [PATCH 007/126] step-cli: 0.15.3-22 -> 0.15.16

(cherry picked from commit 1270b7977172de534ec12236b8a7a62904a8f317)
---
 pkgs/tools/security/step-cli/default.nix | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/pkgs/tools/security/step-cli/default.nix b/pkgs/tools/security/step-cli/default.nix
index 2b6ec57bbf2..a13eec71eb8 100644
--- a/pkgs/tools/security/step-cli/default.nix
+++ b/pkgs/tools/security/step-cli/default.nix
@@ -1,26 +1,24 @@
 { lib
 , buildGoModule
 , fetchFromGitHub
-, fetchpatch
 }:
 
 buildGoModule rec {
   pname = "step-cli";
-  version = "0.15.3-22-g3ddc5aa";
+  version = "0.15.16";
 
-  # 0.15.3 isn't enough, because we need https://github.com/smallstep/cli/pull/394
   src = fetchFromGitHub {
     owner = "smallstep";
     repo = "cli";
-    rev = "3ddc5aaafccb23ba9a20abfa70109a2923f298e3";
-    sha256 = "1kd04hi764xa3f9p6aw6k9f6wa4y6xsmzby5jxvvkhim4w78brw0";
+    rev = "v${version}";
+    sha256 = "sha256-/HqCG3LscwogLXvZlL2CVo2Pj1hVRnOMPCmG1hxrG/I=";
   };
 
   preCheck = ''
     # Tries to connect to smallstep.com
     rm command/certificate/remote_test.go
   '';
-  vendorSha256 = "04hckq78g1p04b2q0rq4xw6d880hqhkabbx1pc3pf8r1m6jxwz10";
+  vendorSha256 = "sha256-plQgIqs6QUbzndn8C0ByKceGtz/JxZ1Rx0fXWHNJ0kM=";
 
   meta = with lib; {
     description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc";

From 42a8ab0dbe600e0ae22d99761a981451446c598c Mon Sep 17 00:00:00 2001
From: David Guibert <david.guibert@gmail.com>
Date: Wed, 26 May 2021 09:09:59 +0200
Subject: [PATCH 008/126] step-ca: use latest buildGoModule

(cherry picked from commit acf134771c79171ce183aa85aec162e03763bc30)
---
 pkgs/top-level/all-packages.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 0e2c81f509e..464045e7a7f 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3119,7 +3119,6 @@ in
 
   step-ca = callPackage ../tools/security/step-ca {
     inherit (darwin.apple_sdk.frameworks) PCSC;
-    buildGoModule = buildGo115Module;
   };
 
   step-cli = callPackage ../tools/security/step-cli { };

From 9cab6e0dd4a21bb54f351c8d013fad1c6b16368b Mon Sep 17 00:00:00 2001
From: Dusk Banks <me@bb010g.com>
Date: Sun, 23 May 2021 16:08:46 -0700
Subject: [PATCH 009/126] betterdiscordctl: 1.7.1 -> 2.0.0

(cherry picked from commit 35a1e99d7a41ab5da0afba91f69b49495f7c85f8)
---
 pkgs/tools/misc/betterdiscordctl/default.nix | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/pkgs/tools/misc/betterdiscordctl/default.nix b/pkgs/tools/misc/betterdiscordctl/default.nix
index e839d9ef09c..f75f3a6f822 100644
--- a/pkgs/tools/misc/betterdiscordctl/default.nix
+++ b/pkgs/tools/misc/betterdiscordctl/default.nix
@@ -2,22 +2,28 @@
 
 stdenv.mkDerivation rec {
   pname = "betterdiscordctl";
-  version = "1.7.1";
+  version = "2.0.0";
 
   src = fetchFromGitHub {
     owner = "bb010g";
     repo = "betterdiscordctl";
     rev = "v${version}";
-    sha256 = "12c3phcfwl4p2jfh22ihm57vxw4nq5kwqirb7y4gzc91swfh5yj1";
+    sha256 = "1wys3wbcz5hq8275ia2887kr5fzz4b3gkcp56667j9k0p3k3zfac";
   };
 
-  preBuild = "sed -i 's/^nix=$/&yes/g;s/^DISABLE_UPGRADE=$/&yes/g' ./betterdiscordctl";
+  postPatch = ''
+    substituteInPlace betterdiscordctl \
+      --replace "DISABLE_SELF_UPGRADE=" "DISABLE_SELF_UPGRADE=yes"
+  '';
 
   installPhase = ''
-    mkdir -p $out/bin
-    mkdir -p $out/share/doc/betterdiscordctl
+    runHook preInstall
+
+    mkdir -p "$out/bin" "$out/share/doc/betterdiscordctl"
     install -Dm744 betterdiscordctl $out/bin/betterdiscordctl
     install -Dm644 README.md $out/share/doc/betterdiscordctl/README.md
+
+    runHook postInstall
   '';
 
   meta = with lib; {

From 2afcd85748bcb31eee611db89d87115248d26a63 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Fri, 28 May 2021 06:46:38 +0000
Subject: [PATCH 010/126] icinga2: 2.12.3 -> 2.12.4

(cherry picked from commit 5be9a1d161bd5ef37da9dd71e3545731247c5c35)
---
 pkgs/servers/monitoring/icinga2/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/monitoring/icinga2/default.nix b/pkgs/servers/monitoring/icinga2/default.nix
index e3ea1a80251..44c512196c6 100644
--- a/pkgs/servers/monitoring/icinga2/default.nix
+++ b/pkgs/servers/monitoring/icinga2/default.nix
@@ -9,13 +9,13 @@
 
 stdenv.mkDerivation rec {
   pname = "icinga2${nameSuffix}";
-  version = "2.12.3";
+  version = "2.12.4";
 
   src = fetchFromGitHub {
     owner = "icinga";
     repo = "icinga2";
     rev = "v${version}";
-    sha256 = "0pq6ixv7d9bqys8qjxqq0jki3zncj8jdfavkp7qw125iyfjq48xk";
+    sha256 = "sha256-SJBOZzLbmW4525G3w6BVS53kOd2bJ5rEbwwb4Lo5q8I=";
   };
 
   patches = [

From e3a1e350baa87b013008b0094d579007581b18d3 Mon Sep 17 00:00:00 2001
From: Ulrik Strid <ulrik.strid@outlook.com>
Date: Wed, 26 May 2021 08:29:44 +0200
Subject: [PATCH 011/126] =?UTF-8?q?ocamlPackages.tyxml:=204.4.0=20?=
 =?UTF-8?q?=E2=86=92=204.5.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 3fcd7a46dc4576f65c7bcd13ee12a71a456df904)
---
 pkgs/development/ocaml-modules/tyxml/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/ocaml-modules/tyxml/default.nix b/pkgs/development/ocaml-modules/tyxml/default.nix
index bf0e06507c9..c49327d7d33 100644
--- a/pkgs/development/ocaml-modules/tyxml/default.nix
+++ b/pkgs/development/ocaml-modules/tyxml/default.nix
@@ -2,13 +2,13 @@
 
 buildDunePackage rec {
   pname = "tyxml";
-  version = "4.4.0";
+  version = "4.5.0";
 
   useDune2 = true;
 
   src = fetchurl {
     url = "https://github.com/ocsigen/tyxml/releases/download/${version}/tyxml-${version}.tbz";
-    sha256 = "0c150h2f4c4id73ickkdqkir3jya66m6c7f5jxlp4caw9bfr8qsi";
+    sha256 = "0s30f72m457c3gbdmdwbx7ls9zg806nvm83aiz9qkpglbppwr6n6";
   };
 
   propagatedBuildInputs = [ uutf re ];
@@ -19,7 +19,7 @@ buildDunePackage rec {
     license = licenses.lgpl21;
     maintainers = with maintainers; [
       gal_bolle vbgl
-      ];
+    ];
   };
 
 }

From 1834af74e3874ec89b7363f235552086a6e74103 Mon Sep 17 00:00:00 2001
From: Mauricio Collares <mauricio@collares.org>
Date: Sat, 29 May 2021 13:33:43 -0300
Subject: [PATCH 012/126] sageWithDoc: fix documentation symlinks

(cherry picked from commit 2c7d2ce295296553451a7839513427f63377e92e)
---
 pkgs/applications/science/math/sage/sagedoc.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/science/math/sage/sagedoc.nix b/pkgs/applications/science/math/sage/sagedoc.nix
index f4a8bf19b69..d53947d806d 100644
--- a/pkgs/applications/science/math/sage/sagedoc.nix
+++ b/pkgs/applications/science/math/sage/sagedoc.nix
@@ -76,7 +76,7 @@ stdenv.mkDerivation rec {
     mv html/en/_static{,.tmp}
     for _dir in `find -name _static` ; do
           rm -r $_dir
-          ln -s html/en/_static $_dir
+          ln -rs html/en/_static $_dir
     done
     mv html/en/_static{.tmp,}
   '';

From cd8efe13e0a572ea1016436b21fdc85ae6b95779 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6gler?= <ck3d@gmx.de>
Date: Sun, 30 May 2021 14:17:56 +0200
Subject: [PATCH 013/126] halide: Fix build

(cherry picked from commit ba677b14dd937dc00723dc13dfa2f53c934db392)
---
 pkgs/development/compilers/halide/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/compilers/halide/default.nix b/pkgs/development/compilers/halide/default.nix
index 69b7cd4d868..916d8fa56f7 100644
--- a/pkgs/development/compilers/halide/default.nix
+++ b/pkgs/development/compilers/halide/default.nix
@@ -41,7 +41,17 @@ llvmPackages.stdenv.mkDerivation rec {
   # Note: only openblas and not atlas part of this Nix expression
   # see pkgs/development/libraries/science/math/liblapack/3.5.0.nix
   # to get a hint howto setup atlas instead of openblas
-  buildInputs = [ llvmPackages.llvm libpng libjpeg mesa eigen openblas ];
+  buildInputs = [
+    llvmPackages.llvm
+    llvmPackages.lld
+    llvmPackages.openmp
+    llvmPackages.libclang
+    libpng
+    libjpeg
+    mesa
+    eigen
+    openblas
+  ];
 
   nativeBuildInputs = [ cmake ];
 

From a2f6fc7092e0cba14b82a8dcf066936b10f9c12f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phan=20Kochen?= <git@stephank.nl>
Date: Wed, 26 May 2021 07:45:49 +0200
Subject: [PATCH 014/126] schismtracker: fix darwin build

(cherry picked from commit e649cfc1e955936ca8e4d9af3e9dadb088d9f404)
---
 pkgs/applications/audio/schismtracker/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/applications/audio/schismtracker/default.nix b/pkgs/applications/audio/schismtracker/default.nix
index 3b5708529e0..797d2c1d733 100644
--- a/pkgs/applications/audio/schismtracker/default.nix
+++ b/pkgs/applications/audio/schismtracker/default.nix
@@ -13,7 +13,8 @@ stdenv.mkDerivation rec {
     sha256 = "1n6cgjiw3vkv7a1h1nki5syyjxjb6icknr9s049w2jrag10bxssn";
   };
 
-  configureFlags = [ "--enable-dependency-tracking" ];
+  configureFlags = [ "--enable-dependency-tracking" ]
+    ++ lib.optional stdenv.isDarwin "--disable-sdltest";
 
   nativeBuildInputs = [ autoreconfHook python ];
 

From 76fcaa085fbec7bf3f29894dd677dc1885a9fcd6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <dev@schuetz-co.de>
Date: Sun, 23 May 2021 10:44:17 +0200
Subject: [PATCH 015/126] python3Packages.drf-jwt: 1.19.0 -> 1.19.1

https://github.com/Styria-Digital/django-rest-framework-jwt/blob/1.19.1/CHANGELOG.md
(cherry picked from commit ffa6f1573c1080e390bb6252f955b6cebbd20619)
---
 pkgs/development/python-modules/drf-jwt/default.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/python-modules/drf-jwt/default.nix b/pkgs/development/python-modules/drf-jwt/default.nix
index ad3edc59246..2cf125c8df3 100644
--- a/pkgs/development/python-modules/drf-jwt/default.nix
+++ b/pkgs/development/python-modules/drf-jwt/default.nix
@@ -3,18 +3,17 @@
 , fetchFromGitHub
 , pyjwt
 , djangorestframework
-, pytestCheckHook
 }:
 
 buildPythonPackage rec {
   pname = "drf-jwt";
-  version = "1.19.0";
+  version = "1.19.1";
 
   src = fetchFromGitHub {
     owner = "Styria-Digital";
     repo = "django-rest-framework-jwt";
     rev = version;
-    sha256 = "012rmm25w5gvkzi4lyyhn47y1n6g68q9gasga2mkv9i6mn8n4kp7";
+    sha256 = "sha256-++8rFXVsA5WMTt+aC4di3Rpa0BAW285/qM087i9uQ0g=";
   };
 
   propagatedBuildInputs = [

From fc924fc34e5daf7f5b00800bd2728867fe8be06c Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 30 May 2021 19:13:01 -0400
Subject: [PATCH 016/126] xfitter: remove `hardeningDisable = [ "format" ];`
 (#125001)

Not needed after f42aa7e1 ('cc-wrapper: set FC when langFortran is on')

(cherry picked from commit b72b3c557170013601ceffd8c94a40764d34d302)

Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
---
 pkgs/applications/science/physics/xfitter/default.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pkgs/applications/science/physics/xfitter/default.nix b/pkgs/applications/science/physics/xfitter/default.nix
index 4390826ccee..230f2f0e0ef 100644
--- a/pkgs/applications/science/physics/xfitter/default.nix
+++ b/pkgs/applications/science/physics/xfitter/default.nix
@@ -16,9 +16,6 @@ stdenv.mkDerivation rec {
     ./undefined_behavior.patch
   ];
 
-  # patch needs to updated due to version bump
-  #CXXFLAGS = "-Werror=return-type";
-
   preConfigure =
   # Fix F77LD to workaround for a following build error:
   #
@@ -48,8 +45,6 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  hardeningDisable = [ "format" ];
-
   NIX_CFLAGS_COMPILE = lib.optional (stdenv.hostPlatform.libc == "glibc") "-I${libtirpc.dev}/include/tirpc";
   NIX_LDFLAGS = lib.optional (stdenv.hostPlatform.libc == "glibc") "-ltirpc";
 

From b0e7f0108093891b2c31d097ef0a86b8cafe850e Mon Sep 17 00:00:00 2001
From: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
Date: Sat, 29 May 2021 03:30:51 -0400
Subject: [PATCH 017/126] arrow-cpp: 4.0.0 -> 4.0.1

(cherry picked from commit cff04883e8c21fe614dad85a96b3da93909eb8c8)
---
 pkgs/development/libraries/arrow-cpp/default.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/development/libraries/arrow-cpp/default.nix b/pkgs/development/libraries/arrow-cpp/default.nix
index ac53ae3bbd4..a13ebf28193 100644
--- a/pkgs/development/libraries/arrow-cpp/default.nix
+++ b/pkgs/development/libraries/arrow-cpp/default.nix
@@ -22,12 +22,12 @@ let
 
 in stdenv.mkDerivation rec {
   pname = "arrow-cpp";
-  version = "4.0.0";
+  version = "4.0.1";
 
   src = fetchurl {
     url =
       "mirror://apache/arrow/arrow-${version}/apache-arrow-${version}.tar.gz";
-    sha256 = "1bj9jr0pgq9f2nyzqiyj3cl0hcx3c83z2ym6rpdkp59ff2zx0caa";
+    sha256 = "0vl926i6jvsvj5vigdgqzp9v1i1h5zzj1abqr6qwc9drfsibzk3m";
   };
   sourceRoot = "apache-arrow-${version}/cpp";
 
@@ -146,11 +146,11 @@ in stdenv.mkDerivation rec {
       --exclude-regex '^(${builtins.concatStringsSep "|" excludedTests})$'
   '';
 
-  meta = {
+  meta = with lib; {
     description = "A  cross-language development platform for in-memory data";
     homepage = "https://arrow.apache.org/";
-    license = lib.licenses.asl20;
-    platforms = lib.platforms.unix;
-    maintainers = with lib.maintainers; [ tobim veprbl ];
+    license = licenses.asl20;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ tobim veprbl ];
   };
 }

From 7f016e24c7e91091acdaa6a1bacf44aa8f50bab4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guillaume=20Ch=C3=A9rel?= <guillaume.cherel@iscpif.fr>
Date: Fri, 7 Aug 2020 19:12:22 +0200
Subject: [PATCH 018/126] Wrap mcom to add dependencies to PATH.

(cherry picked from commit 6dde14306092e81b58fc9b2b9082d138ab311cd8)
---
 .../networking/mailreaders/mblaze/default.nix | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/mailreaders/mblaze/default.nix b/pkgs/applications/networking/mailreaders/mblaze/default.nix
index 278561e0e5f..3cc9b12c995 100644
--- a/pkgs/applications/networking/mailreaders/mblaze/default.nix
+++ b/pkgs/applications/networking/mailreaders/mblaze/default.nix
@@ -1,10 +1,12 @@
-{ stdenv, lib, fetchFromGitHub, installShellFiles, libiconv, ruby ? null }:
+{ coreutils, fetchFromGitHub, fetchpatch, file, gawk, gnugrep, gnused
+, installShellFiles, less, lib, libiconv, makeWrapper, nano, stdenv, ruby ? null
+}:
 
 stdenv.mkDerivation rec {
   pname = "mblaze";
   version = "1.1";
 
-  nativeBuildInputs = [ installShellFiles ];
+  nativeBuildInputs = [ installShellFiles makeWrapper ];
   buildInputs = [ ruby ] ++ lib.optionals stdenv.isDarwin [ libiconv ];
 
   src = fetchFromGitHub {
@@ -22,6 +24,25 @@ stdenv.mkDerivation rec {
     installShellCompletion contrib/_mblaze
   '' + lib.optionalString (ruby != null) ''
     install -Dt $out/bin contrib/msuck contrib/mblow
+
+    # The following wrappings are used to preserve the executable
+    # names (the value of $0 in a script). The script mcom is
+    # designed to be run directly or via symlinks such as mrep. Using
+    # symlinks changes the value of $0 in the script, and makes it
+    # behave differently. When using the wrapProgram tool, the resulting
+    # wrapper breaks this behaviour. The following wrappers preserve it.
+
+    mkdir -p $out/wrapped
+    for x in mcom mbnc mfwd mrep
+    do
+      mv $out/bin/$x $out/wrapped
+      makeWrapper $out/wrapped/$x $out/bin/$x \
+        --argv0 $out/bin/$x \
+        --prefix PATH : $out/bin \
+        --prefix PATH : ${lib.makeBinPath [
+          coreutils file gawk gnugrep gnused
+        ]}
+    done
   '';
 
   meta = with lib; {

From ebdf00f038bc911b710153a0d9d664adc2063f9e Mon Sep 17 00:00:00 2001
From: guillaumecherel <6168820+guillaumecherel@users.noreply.github.com>
Date: Mon, 22 Mar 2021 09:34:15 +0100
Subject: [PATCH 019/126] Update
 pkgs/applications/networking/mailreaders/mblaze/default.nix

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
(cherry picked from commit e9d4b68fdc43af8e85868ae589eda51ce088c3e8)
---
 pkgs/applications/networking/mailreaders/mblaze/default.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/mailreaders/mblaze/default.nix b/pkgs/applications/networking/mailreaders/mblaze/default.nix
index 3cc9b12c995..c07b78f5796 100644
--- a/pkgs/applications/networking/mailreaders/mblaze/default.nix
+++ b/pkgs/applications/networking/mailreaders/mblaze/default.nix
@@ -33,8 +33,7 @@ stdenv.mkDerivation rec {
     # wrapper breaks this behaviour. The following wrappers preserve it.
 
     mkdir -p $out/wrapped
-    for x in mcom mbnc mfwd mrep
-    do
+    for x in mcom mbnc mfwd mrep; do
       mv $out/bin/$x $out/wrapped
       makeWrapper $out/wrapped/$x $out/bin/$x \
         --argv0 $out/bin/$x \

From aa2efdf901120d6be3fcf7c642291bd3172cef3b Mon Sep 17 00:00:00 2001
From: guillaumecherel <6168820+guillaumecherel@users.noreply.github.com>
Date: Mon, 22 Mar 2021 09:34:38 +0100
Subject: [PATCH 020/126] Update
 pkgs/applications/networking/mailreaders/mblaze/default.nix

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
(cherry picked from commit 1e777e5ef02c89594bb1d2b772417df0ee176dcf)
---
 pkgs/applications/networking/mailreaders/mblaze/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/networking/mailreaders/mblaze/default.nix b/pkgs/applications/networking/mailreaders/mblaze/default.nix
index c07b78f5796..f24ed3a51df 100644
--- a/pkgs/applications/networking/mailreaders/mblaze/default.nix
+++ b/pkgs/applications/networking/mailreaders/mblaze/default.nix
@@ -1,5 +1,5 @@
 { coreutils, fetchFromGitHub, fetchpatch, file, gawk, gnugrep, gnused
-, installShellFiles, less, lib, libiconv, makeWrapper, nano, stdenv, ruby ? null
+, installShellFiles, less, lib, libiconv, makeWrapper, nano, stdenv, ruby
 }:
 
 stdenv.mkDerivation rec {

From 91efaf3393c23cfbe1d0681117aa71f5dabe0697 Mon Sep 17 00:00:00 2001
From: SCOTT-HAMILTON <sgn.hamilton+github@protonmail.com>
Date: Sun, 30 May 2021 14:20:21 +0200
Subject: [PATCH 021/126] libiio: fix build with wrong libxml2 find_package

Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
(cherry picked from commit 660c4a822c1631016060ab3420ae467dabaa508e)
---
 .../libiio/cmake-fix-libxml2-find-package.patch     | 13 +++++++++++++
 pkgs/development/libraries/libiio/default.nix       |  4 ++++
 2 files changed, 17 insertions(+)
 create mode 100644 pkgs/development/libraries/libiio/cmake-fix-libxml2-find-package.patch

diff --git a/pkgs/development/libraries/libiio/cmake-fix-libxml2-find-package.patch b/pkgs/development/libraries/libiio/cmake-fix-libxml2-find-package.patch
new file mode 100644
index 00000000000..25345bef90c
--- /dev/null
+++ b/pkgs/development/libraries/libiio/cmake-fix-libxml2-find-package.patch
@@ -0,0 +1,13 @@
+diff --color -ur a/CMakeLists.txt b/CMakeLists.txt
+--- a/CMakeLists.txt	2021-05-30 13:46:22.256040282 +0200
++++ b/CMakeLists.txt	2021-05-30 14:15:42.530181216 +0200
+@@ -333,7 +333,7 @@
+ # So, try first to find the CMake module provided by libxml2 package, then fallback
+ # on the CMake's FindLibXml2.cmake module (which can lack some definition, especially
+ # in static build case).
+-find_package(LibXml2 QUIET NO_MODULE)
++find_package(LibXml2 QUIET MODULE)
+ if(DEFINED LIBXML2_VERSION_STRING)
+ 	set(LIBXML2_FOUND ON)
+ 	set(LIBXML2_INCLUDE_DIR ${LIBXML2_INCLUDE_DIRS})
+Seulement dans b: good.patch
diff --git a/pkgs/development/libraries/libiio/default.nix b/pkgs/development/libraries/libiio/default.nix
index 043e27fb4b2..e704076ab57 100644
--- a/pkgs/development/libraries/libiio/default.nix
+++ b/pkgs/development/libraries/libiio/default.nix
@@ -23,6 +23,10 @@ stdenv.mkDerivation rec {
     sha256 = "0psw67mzysdb8fkh8xpcwicm7z94k8plkcc8ymxyvl6inshq0mc7";
   };
 
+  # Revert after https://github.com/NixOS/nixpkgs/issues/125008 is
+  # fixed properly
+  patches = [ ./cmake-fix-libxml2-find-package.patch ];
+
   nativeBuildInputs = [
     cmake
     flex

From a30a33bbff4886589e411fdde1711edbfa258b06 Mon Sep 17 00:00:00 2001
From: David Birks <david@birks.dev>
Date: Fri, 28 May 2021 16:11:44 -0400
Subject: [PATCH 022/126] tilt: 0.18.10 -> 0.20.5

(cherry picked from commit 2aa7662279727652dd326d5e7fc2a9aa50a73eef)
---
 pkgs/applications/networking/cluster/tilt/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/cluster/tilt/default.nix b/pkgs/applications/networking/cluster/tilt/default.nix
index ccbe9d9a7ac..d717bd42652 100644
--- a/pkgs/applications/networking/cluster/tilt/default.nix
+++ b/pkgs/applications/networking/cluster/tilt/default.nix
@@ -5,13 +5,13 @@ buildGoModule rec {
   /* Do not use "dev" as a version. If you do, Tilt will consider itself
     running in development environment and try to serve assets from the
     source tree, which is not there once build completes.  */
-  version = "0.18.10";
+  version = "0.20.5";
 
   src = fetchFromGitHub {
     owner  = "tilt-dev";
     repo   = pname;
     rev    = "v${version}";
-    sha256 = "sha256-SvvvHGR3UPyV61MaoFB68SaZKUT3ItYOPT1a7AddxlY=";
+    sha256 = "sha256-pUKKHrShED7yp5WSmHSbS+eiYs22Nm2/ouc2a8WYc38=";
   };
   vendorSha256 = null;
 

From ad8e636a3e7ec2236e7aba307bbea8de16f6b97e Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sun, 30 May 2021 14:23:36 +0100
Subject: [PATCH 023/126] neomutt: add patch for CVE-2021-32055

no upstream release yet

(cherry picked from commit edcde75b989c69d566b8da67db2fa7351ca3c191)
---
 .../networking/mailreaders/neomutt/default.nix         | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/applications/networking/mailreaders/neomutt/default.nix b/pkgs/applications/networking/mailreaders/neomutt/default.nix
index b2187371f29..50b3b66f15d 100644
--- a/pkgs/applications/networking/mailreaders/neomutt/default.nix
+++ b/pkgs/applications/networking/mailreaders/neomutt/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, gettext, makeWrapper, tcl, which
+{ lib, stdenv, fetchFromGitHub, gettext, makeWrapper, tcl, which, fetchpatch
 , ncurses, perl , cyrus_sasl, gss, gpgme, libkrb5, libidn, libxml2, notmuch, openssl
 , lmdb, libxslt, docbook_xsl, docbook_xml_dtd_42, w3m, mailcap, sqlite, zlib
 }:
@@ -14,6 +14,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-ADg/+gmndOiuQHsncOzS5K4chthXeUFz6RRJsrZNeZY=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-32055.patch";
+      url = "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc.patch";
+      sha256 = "0bb7gisjynq3w7hhl6vxa469h609bcz6fkdi8vf740pqrwhk68yn";
+    })
+  ];
+
   buildInputs = [
     cyrus_sasl gss gpgme libkrb5 libidn ncurses
     notmuch openssl perl lmdb

From 2127c48d064a655ab8256f4371c7d5c99305fcee Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Sun, 30 May 2021 15:10:00 +0200
Subject: [PATCH 024/126] ungoogled-chromium: 90.0.4430.212 -> 91.0.4472.77

(cherry picked from commit 6c638ee6b10e7b9f567601068a195f45740805fc)
---
 .../networking/browsers/chromium/common.nix      |  7 ++-----
 .../browsers/chromium/upstream-info.json         | 16 ++++++++--------
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/common.nix b/pkgs/applications/networking/browsers/chromium/common.nix
index 2cf3556e7ea..7e95da747d1 100644
--- a/pkgs/applications/networking/browsers/chromium/common.nix
+++ b/pkgs/applications/networking/browsers/chromium/common.nix
@@ -165,14 +165,10 @@ let
       ./patches/widevine-79.patch # For bundling Widevine (DRM), might be replaceable via bundle_widevine_cdm=true in gnFlags
       # Fix the build by adding a missing dependency (s. https://crbug.com/1197837):
       ./patches/fix-missing-atspi2-dependency.patch
-    ] ++ optionals (chromiumVersionAtLeast "91") [
       ./patches/closure_compiler-Use-the-Java-binary-from-the-system.patch
     ];
 
-    postPatch = lib.optionalString (chromiumVersionAtLeast "91") ''
-      # Required for patchShebangs (unsupported):
-      chmod -x third_party/webgpu-cts/src/tools/deno
-    '' + ''
+    postPatch = ''
       # remove unused third-party
       for lib in ${toString gnSystemLibraries}; do
         if [ -d "third_party/$lib" ]; then
@@ -191,6 +187,7 @@ let
         substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \
           --replace "/usr/bin/env -S make -f" "/usr/bin/make -f"
       fi
+      chmod -x third_party/webgpu-cts/src/tools/deno
 
       # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX
       substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json
index af288536fb7..ab0afd9b54e 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.json
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json
@@ -44,19 +44,19 @@
     }
   },
   "ungoogled-chromium": {
-    "version": "90.0.4430.212",
-    "sha256": "17nmhrkl81qqvzbh861k2mmifncx4wg1mv1fmn52f8gzn461vqdb",
-    "sha256bin64": "1y33c5829s22yfj0qmsj8fpcxnjhcm3fsxz7744csfsa9cy4fjr7",
+    "version": "91.0.4472.77",
+    "sha256": "0c8vj3gq3nmb7ssiwj6875g0a8hcprss1a4gqw9h7llqywza9ma5",
+    "sha256bin64": "0caf47xam5igdnbhipal1iyicnxxvadhi61k199rwysrvyv5sdad",
     "deps": {
       "gn": {
-        "version": "2021-02-09",
+        "version": "2021-04-06",
         "url": "https://gn.googlesource.com/gn",
-        "rev": "dfcbc6fed0a8352696f92d67ccad54048ad182b3",
-        "sha256": "1941bzg37c4dpsk3sh6ga3696gpq6vjzpcw9rsnf6kdr9mcgdxvn"
+        "rev": "dba01723a441c358d843a575cb7720d54ddcdf92",
+        "sha256": "199xkks67qrn0xa5fhp24waq2vk8qb78a96cb3kdd8v1hgacgb8x"
       },
       "ungoogled-patches": {
-        "rev": "90.0.4430.212-1",
-        "sha256": "05jh05a4g50ws7pr18dl5pwi95knygh6xywp7kyydir7wy1pbin8"
+        "rev": "91.0.4472.77-1",
+        "sha256": "1jfmmkw1y4rcjfgsm7b4v2lrgd3sks5qpajvq0djflbhkpsqxfk0"
       }
     }
   }

From 11cd670ca02eb2faab458e16bccd7e62bedc95ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 26 May 2021 23:11:31 +0200
Subject: [PATCH 025/126] vmTools: update current lts versions of ubuntu

(cherry picked from commit e71c4f4628d0b5cce28f1a23c0c41eaffb6b1fd2)
---
 pkgs/build-support/vm/default.nix | 107 ++++++++++--------------------
 1 file changed, 34 insertions(+), 73 deletions(-)

diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix
index f6be1b299f6..1ea8814bd65 100644
--- a/pkgs/build-support/vm/default.nix
+++ b/pkgs/build-support/vm/default.nix
@@ -822,45 +822,6 @@ rec {
   /* The set of supported Dpkg-based distributions. */
 
   debDistros = {
-
-    # Interestingly, the SHA-256 hashes provided by Ubuntu in
-    # http://nl.archive.ubuntu.com/ubuntu/dists/{gutsy,hardy}/Release are
-    # wrong, but the SHA-1 and MD5 hashes are correct.  Intrepid is fine.
-
-    ubuntu1204i386 = {
-      name = "ubuntu-12.04-precise-i386";
-      fullName = "Ubuntu 12.04 Precise (i386)";
-      packagesLists =
-        [ (fetchurl {
-            url = "mirror://ubuntu/dists/precise/main/binary-i386/Packages.bz2";
-            sha256 = "18ns9h4qhvjfcip9z55grzi371racxavgqkp6b5kfkdq2wwwax2d";
-          })
-          (fetchurl {
-            url = "mirror://ubuntu/dists/precise/universe/binary-i386/Packages.bz2";
-            sha256 = "085lkzbnzkc74kfdmwdc32sfqyfz8dr0rbiifk8kx9jih3xjw2jk";
-          })
-        ];
-      urlPrefix = "mirror://ubuntu";
-      packages = commonDebPackages ++ [ "diffutils" ];
-    };
-
-    ubuntu1204x86_64 = {
-      name = "ubuntu-12.04-precise-amd64";
-      fullName = "Ubuntu 12.04 Precise (amd64)";
-      packagesLists =
-        [ (fetchurl {
-            url = "mirror://ubuntu/dists/precise/main/binary-amd64/Packages.bz2";
-            sha256 = "1aabpn0hdih6cbabyn87yvhccqj44q9k03mqmjsb920iqlckl3fc";
-          })
-          (fetchurl {
-            url = "mirror://ubuntu/dists/precise/universe/binary-amd64/Packages.bz2";
-            sha256 = "0x4hz5aplximgb7gnpvrhkw8m7a40s80rkm5b8hil0afblwlg4vr";
-          })
-        ];
-      urlPrefix = "mirror://ubuntu";
-      packages = commonDebPackages ++ [ "diffutils" ];
-    };
-
     ubuntu1404i386 = {
       name = "ubuntu-14.04-trusty-i386";
       fullName = "Ubuntu 14.04 Trusty (i386)";
@@ -929,40 +890,6 @@ rec {
       packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
     };
 
-    ubuntu1710i386 = {
-      name = "ubuntu-17.10-artful-i386";
-      fullName = "Ubuntu 17.10 Artful (i386)";
-      packagesLists =
-        [ (fetchurl {
-            url = "mirror://ubuntu/dists/artful/main/binary-i386/Packages.xz";
-            sha256 = "18yrj4kqdzm39q0527m97h5ing58hkm9yq9iyj636zh2rclym3c8";
-          })
-          (fetchurl {
-            url = "mirror://ubuntu/dists/artful/universe/binary-i386/Packages.xz";
-            sha256 = "1v0njw2w80xfmxi7by76cs8hyxlla5h3gqajlpdw5srjgx2qrm2g";
-          })
-        ];
-      urlPrefix = "mirror://ubuntu";
-      packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
-    };
-
-    ubuntu1710x86_64 = {
-      name = "ubuntu-17.10-artful-amd64";
-      fullName = "Ubuntu 17.10 Artful (amd64)";
-      packagesLists =
-        [ (fetchurl {
-            url = "mirror://ubuntu/dists/artful/main/binary-amd64/Packages.xz";
-            sha256 = "104g57j1l3vi8wb5f7rgjvjhf82ccs0vwhc59jfc4ynd51z7fqjk";
-          })
-          (fetchurl {
-            url = "mirror://ubuntu/dists/artful/universe/binary-amd64/Packages.xz";
-            sha256 = "1qzs95wfy9inaskfx9cf1l5yd3aaqwzy72zzi9xyvkxi75k5gcn4";
-          })
-        ];
-      urlPrefix = "mirror://ubuntu";
-      packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
-    };
-
     ubuntu1804i386 = {
       name = "ubuntu-18.04-bionic-i386";
       fullName = "Ubuntu 18.04 Bionic (i386)";
@@ -997,6 +924,40 @@ rec {
       packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
     };
 
+    ubuntu2004i386 = {
+      name = "ubuntu-20.04-focal-i386";
+      fullName = "Ubuntu 20.04 Focal (i386)";
+      packagesLists =
+        [ (fetchurl {
+            url = "mirror://ubuntu/dists/focal/main/binary-i386/Packages.xz";
+            sha256 = "sha256-7RAYURoN3RKYQAHpwBS9TIV6vCmpURpphyMJQmV4wLc=";
+          })
+          (fetchurl {
+            url = "mirror://ubuntu/dists/focal/universe/binary-i386/Packages.xz";
+            sha256 = "sha256-oA551xVE80volUPgkMyvzpQ1d+GhuZd4DAe7dXZnULM=";
+          })
+        ];
+      urlPrefix = "mirror://ubuntu";
+      packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
+    };
+
+    ubuntu2004x86_64 = {
+      name = "ubuntu-20.04-focal-amd64";
+      fullName = "Ubuntu 20.04 Focal (amd64)";
+      packagesLists =
+        [ (fetchurl {
+            url = "mirror://ubuntu/dists/focal/main/binary-amd64/Packages.xz";
+            sha256 = "sha256-d1eSH/j+7Zw5NKDJk21EG6SiOL7j6myMHfXLzUP8mGE=";
+          })
+          (fetchurl {
+            url = "mirror://ubuntu/dists/focal/universe/binary-amd64/Packages.xz";
+            sha256 = "sha256-RqdG2seJvZU3rKVNsWgLnf9RwkgVMRE1A4IZnX2WudE=";
+          })
+        ];
+      urlPrefix = "mirror://ubuntu";
+      packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
+    };
+
     debian8i386 = {
       name = "debian-8.11-jessie-i386";
       fullName = "Debian 8.11 Jessie (i386)";

From 81136a1c969ea23749a4f3102e4b1c6d4d6e3153 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 26 May 2021 23:12:03 +0200
Subject: [PATCH 026/126] vmTools: update current maintained debian versions

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
(cherry picked from commit eb0034927d08e2c63675b6a90a9219472356fd38)
---
 pkgs/build-support/vm/default.nix | 60 +++++++++++++++----------------
 1 file changed, 29 insertions(+), 31 deletions(-)

diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix
index 1ea8814bd65..cfc19c03cfd 100644
--- a/pkgs/build-support/vm/default.nix
+++ b/pkgs/build-support/vm/default.nix
@@ -958,51 +958,49 @@ rec {
       packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
     };
 
-    debian8i386 = {
-      name = "debian-8.11-jessie-i386";
-      fullName = "Debian 8.11 Jessie (i386)";
-      packagesList = fetchurl {
-        url = "mirror://debian/dists/jessie/main/binary-i386/Packages.xz";
-        sha256 = "0adblarhx50yga900il6m25ng0csa81i3wid1dxxmydbdmri7v7d";
-      };
-      urlPrefix = "mirror://debian";
-      packages = commonDebianPackages;
-    };
-
-    debian8x86_64 = {
-      name = "debian-8.11-jessie-amd64";
-      fullName = "Debian 8.11 Jessie (amd64)";
-      packagesList = fetchurl {
-        url = "mirror://debian/dists/jessie/main/binary-amd64/Packages.xz";
-        sha256 = "09y1mv4kqllhxpk1ibjsyl5jig5bp0qxw6pp4sn56rglrpygmn5x";
-      };
-      urlPrefix = "mirror://debian";
-      packages = commonDebianPackages;
-    };
-
     debian9i386 = {
-      name = "debian-9.8-stretch-i386";
-      fullName = "Debian 9.8 Stretch (i386)";
+      name = "debian-9.13-stretch-i386";
+      fullName = "Debian 9.13 Stretch (i386)";
       packagesList = fetchurl {
-        url = "http://snapshot.debian.org/archive/debian/20200301T030401Z/dists/stretch/main/binary-i386/Packages.xz";
-        sha256 = "1jglr1d1jys3xddp8f7w9j05db39fah8xy4gfkpqbd1b5d2caslz";
+        url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/stretch/main/binary-i386/Packages.xz";
+        sha256 = "sha256-fFRumd20wuVaYxzw0VPkAw5mQo8kIg+eXII15VSz9wA=";
       };
       urlPrefix = "mirror://debian";
       packages = commonDebianPackages;
     };
 
     debian9x86_64 = {
-      name = "debian-9.8-stretch-amd64";
-      fullName = "Debian 9.8 Stretch (amd64)";
+      name = "debian-9.13-stretch-amd64";
+      fullName = "Debian 9.13 Stretch (amd64)";
       packagesList = fetchurl {
-        url = "http://snapshot.debian.org/archive/debian/20190503T090946Z/dists/stretch/main/binary-amd64/Packages.xz";
-        sha256 = "01q00nl47p12n7wx0xclx59wf3zlkzrgj3zxpshyvb91xdnw5sh6";
+        url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/stretch/main/binary-amd64/Packages.xz";
+        sha256 = "sha256-1p4DEVpTGlBE3PtbQ90kYw4QNHkW0F4rna/Xz+ncMhw=";
       };
       urlPrefix = "mirror://debian";
       packages = commonDebianPackages;
     };
 
+    debian10i386 = {
+      name = "debian-10.9-buster-i386";
+      fullName = "Debian 10.9 Buster (i386)";
+      packagesList = fetchurl {
+        url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/buster/main/binary-i386/Packages.xz";
+        sha256 = "sha256-zlkbKV+IGBCyWKD4v4LFM/EUA4TYS9fkLBPuF6MgUDo=";
+      };
+      urlPrefix = "mirror://debian";
+      packages = commonDebianPackages;
+    };
 
+    debian10x86_64 = {
+      name = "debian-10.9-buster-amd64";
+      fullName = "Debian 10.9 Buster (amd64)";
+      packagesList = fetchurl {
+        url = "https://snapshot.debian.org/archive/debian/20210526T143040Z/dists/buster/main/binary-amd64/Packages.xz";
+        sha256 = "sha256-k13toY1b3CX7GBPQ7Jm24OMqCEsgPlGK8M99x57o69o=";
+      };
+      urlPrefix = "mirror://debian";
+      packages = commonDebianPackages;
+    };
   };
 
 
@@ -1129,7 +1127,7 @@ rec {
     "passwd"
   ];
 
-  commonDebianPackages = commonDebPackages ++ [ "sysvinit" "diff" "mktemp" ];
+  commonDebianPackages = commonDebPackages ++ [ "sysvinit" "diff" ];
 
 
   /* A set of functions that build the Linux distributions specified

From 7ca8def3b947af9ebbc5ef117cb52d6096d27155 Mon Sep 17 00:00:00 2001
From: matthewcroughan <matt@croughan.sh>
Date: Thu, 27 May 2021 22:39:23 +0100
Subject: [PATCH 027/126] fioctl: 0.16 -> 0.17

(cherry picked from commit 005f0008a777d84885cca6a031988322d3100e1d)
---
 pkgs/tools/admin/fioctl/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/admin/fioctl/default.nix b/pkgs/tools/admin/fioctl/default.nix
index c27b18ac6d5..0e0c977acd0 100644
--- a/pkgs/tools/admin/fioctl/default.nix
+++ b/pkgs/tools/admin/fioctl/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "fioctl";
-  version = "0.16";
+  version = "0.17";
 
   src = fetchFromGitHub {
     owner = "foundriesio";
     repo = "fioctl";
     rev = "v${version}";
-    sha256 = "1mm62piih7x2886wpgqd8ks22vpmrjgxs4alskiqz61bgshks9vw";
+    sha256 = "sha256-u23BQ/sRAfUO36uqv7xY+DkseDnlVesgamsgne8N8kU=";
   };
 
-  vendorSha256 = "170z5a1iwwcpz890nficqnz7rr7yzdxr5jx9pa7s31z17lr8kbz9";
+  vendorSha256 = "sha256-6a+JMj3hh6GPuqnLknv7/uR8vsUsOgsS+pdxHoMqH5w=";
 
   runVend = true;
 

From b9fd21fe40f2cd380a57ce91d9cf2967de5d51bd Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Fri, 28 May 2021 08:00:08 +0200
Subject: [PATCH 028/126] morph: 1.5.0 -> 1.6.0

https://github.com/DBCDK/morph/releases/tag/v1.6.0
(cherry picked from commit 03465e588bf3ac86b30af3473b4f254305d9f61b)
---
 pkgs/tools/package-management/morph/default.nix | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/pkgs/tools/package-management/morph/default.nix b/pkgs/tools/package-management/morph/default.nix
index 61e4a897f48..56d824059f5 100644
--- a/pkgs/tools/package-management/morph/default.nix
+++ b/pkgs/tools/package-management/morph/default.nix
@@ -1,18 +1,17 @@
-{ buildGoPackage, fetchFromGitHub, go-bindata, openssh, makeWrapper, lib }:
+{ buildGoModule, fetchFromGitHub, go-bindata, openssh, makeWrapper, lib }:
 
-buildGoPackage rec {
+buildGoModule rec {
   pname = "morph";
-  version = "1.5.0";
+  version = "1.6.0";
 
   src = fetchFromGitHub {
     owner = "dbcdk";
     repo = "morph";
     rev = "v${version}";
-    sha256 = "064ccvvq4yk17jy5jvi1nxfp5ajvnvn2k4zvh9v0n3ragcl3rd20";
+    sha256 = "0aibs4gsb9pl21nd93bf963kdzf0661qn0liaw8v8ak2xbz7nbs8";
   };
 
-  goPackagePath = "github.com/dbcdk/morph";
-  goDeps = ./deps.nix;
+  vendorSha256 = "08zzp0h4c4i5hk4whz06a3da7qjms6lr36596vxz0d8q0n7rspr9";
 
   nativeBuildInputs = [ makeWrapper go-bindata ];
 
@@ -28,7 +27,7 @@ buildGoPackage rec {
 
   postInstall = ''
     mkdir -p $lib
-    cp -v go/src/$goPackagePath/data/*.nix $lib
+    cp -v ./data/*.nix $lib
     wrapProgram $out/bin/morph --prefix PATH : ${lib.makeBinPath [ openssh ]};
   '';
 

From 8479c43fa23452a9ed915dcb2130845a8295d662 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=9B=87=E5=B4=A9=E4=B9=83=E9=9F=B3?=
 <jakuzure@users.noreply.github.com>
Date: Fri, 28 May 2021 16:47:33 +0200
Subject: [PATCH 029/126] tailscale: 1.8.3 -> 1.8.5

(cherry picked from commit 57f67a8ec02025cd4e562bbfb9f0f6924e755544)
---
 pkgs/servers/tailscale/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/tailscale/default.nix b/pkgs/servers/tailscale/default.nix
index bd75a45154d..be3b4209eb9 100644
--- a/pkgs/servers/tailscale/default.nix
+++ b/pkgs/servers/tailscale/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "tailscale";
-  version = "1.8.5";
+  version = "1.8.6";
 
   src = fetchFromGitHub {
     owner = "tailscale";
     repo = "tailscale";
     rev = "v${version}";
-    sha256 = "0wr6zb8v5082gbh0isz8inmndvqfqgmh5bgaz8ij2id5qwx5znx6";
+    sha256 = "1h3ry4y62wwcv4z3yjqal4ch4xy40k9s3rq20lqs3r58kblnaxs2";
   };
 
   nativeBuildInputs = [ makeWrapper ];

From 41734b6851f99a9d6b470923342b9176f172e1cf Mon Sep 17 00:00:00 2001
From: Serval <servalcat@pm.me>
Date: Sat, 29 May 2021 02:56:04 +0800
Subject: [PATCH 030/126] v2ray: 4.38.3 -> 4.39.2

(cherry picked from commit c6f22908106542da243ec48eaa1b1f8d89b66b75)
---
 pkgs/tools/networking/v2ray/default.nix | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/pkgs/tools/networking/v2ray/default.nix b/pkgs/tools/networking/v2ray/default.nix
index 89e2f0f320d..4c4b46c2520 100644
--- a/pkgs/tools/networking/v2ray/default.nix
+++ b/pkgs/tools/networking/v2ray/default.nix
@@ -3,22 +3,22 @@
 }:
 
 let
-  version = "4.38.3";
+  version = "4.39.2";
 
   src = fetchFromGitHub {
     owner = "v2fly";
     repo = "v2ray-core";
     rev = "v${version}";
-    sha256 = "1vsq98h6zbm3wz1mgphl7dqlabgfg53fhkyn47vfbhhkbx6nwl7c";
+    sha256 = "0rgwxsix2qy5w44s2ramalsn1bqznj2yra8bakcms8yl9yh0gbvd";
   };
 
-  vendorSha256 = "sha256-jXpGlJ30xBttysbUekMdw8fH0KVfPufWq0t7AXZrDEQ=";
+  vendorSha256 = "sha256-1LEKg9kyF4QBrzLP5TyKmFLPBprJRNqGxtkAI1mHx4Y=";
 
   assets = {
     # MIT licensed
     "geoip.dat" = let
-      geoipRev = "202104300531";
-      geoipSha256 = "0srskpp0pmw4fzp4lgachjjvig4fy96523r7aj2bwig0ipfgr401";
+      geoipRev = "202105270041";
+      geoipSha256 = "0g67lggc41himpnbbghm4xlnbv4dl2fyidxplh3pl6ajqb4wxwd5";
     in fetchurl {
       url = "https://github.com/v2fly/geoip/releases/download/${geoipRev}/geoip.dat";
       sha256 = geoipSha256;
@@ -26,8 +26,8 @@ let
 
     # MIT licensed
     "geosite.dat" = let
-      geositeRev = "20210430100800";
-      geositeSha256 = "0wp111iip3lhkgpbrzzivl5flj44vj7slx9w7k307sls6hmjzlcb";
+      geositeRev = "20210527065138";
+      geositeSha256 = "1335zyc5zrwws46ldv0sqn51kpkfwfksbfw6hd53fakz0whxki0g";
     in fetchurl {
       url = "https://github.com/v2fly/domain-list-community/releases/download/${geositeRev}/dlc.dat";
       sha256 = geositeSha256;

From 6cac8dd5d9a6aa0055189c676562fd7b9c29fc8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <dev@schuetz-co.de>
Date: Fri, 28 May 2021 17:46:29 +0200
Subject: [PATCH 031/126] libxlsxwriter: 1.0.5 -> 1.0.6

https://github.com/jmcnamara/libxlsxwriter/releases/tag/RELEASE_1.0.6
(cherry picked from commit 5d873fde2352061fa487e7c4b73c0d1f840c77c2)
---
 pkgs/development/libraries/libxlsxwriter/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libxlsxwriter/default.nix b/pkgs/development/libraries/libxlsxwriter/default.nix
index d323c2d962e..4bb80cb04a4 100644
--- a/pkgs/development/libraries/libxlsxwriter/default.nix
+++ b/pkgs/development/libraries/libxlsxwriter/default.nix
@@ -8,13 +8,13 @@
 
 stdenv.mkDerivation rec {
   pname = "libxlsxwriter";
-  version = "1.0.5";
+  version = "1.0.6";
 
   src = fetchFromGitHub {
     owner = "jmcnamara";
     repo = "libxlsxwriter";
     rev = "RELEASE_${version}";
-    sha256 = "1jjmwg1mk7pvf36q30rng42qphgz6qdjvn96agrym2q0hhwxc99v";
+    sha256 = "03fdcbm0xnkxwv6fir4yy4x9q2p5h08j099w9xh5gc2ni7ygjlyx";
   };
 
   nativeBuildInputs = [

From 9ad5d4d363e68aa3877cbcd2e8f225a5aa58040b Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Mon, 31 May 2021 00:29:06 +0100
Subject: [PATCH 032/126] postgresqlPackages.pg_partman: 4.4.1 -> 4.5.1

addressing CVE-2021-33204

(cherry picked from commit 29b5264841b5c82a5bf81f335b306c3a10229849)
---
 pkgs/servers/sql/postgresql/ext/pg_partman.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/sql/postgresql/ext/pg_partman.nix b/pkgs/servers/sql/postgresql/ext/pg_partman.nix
index fb690e96328..d2e7dd37be1 100644
--- a/pkgs/servers/sql/postgresql/ext/pg_partman.nix
+++ b/pkgs/servers/sql/postgresql/ext/pg_partman.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "pg_partman";
-  version = "4.4.1";
+  version = "4.5.1";
 
   buildInputs = [ postgresql ];
 
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
     owner  = "pgpartman";
     repo   = pname;
     rev    = "refs/tags/v${version}";
-    sha256 = "sha256-jFG2Zna97FHZin2V3Cwy5JcdeFh09Yy/eoyHtcCorPA=";
+    sha256 = "182yqvgcpgw99swn7w516f6d1bid2gnmf6dfsgmldx5viz0d6vi0";
   };
 
   installPhase = ''

From aa9f441226e4e3d16ca51e867ce9d861e79c7ffc Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Mon, 31 May 2021 12:53:11 +0200
Subject: [PATCH 033/126] radare2: add patch for CVE-2021-32613

Closes #124670
See also https://nvd.nist.gov/vuln/detail/CVE-2021-32613

(cherry picked from commit 16ce96934052e728445e57e5c9b1242dbfa836bd)
---
 .../development/tools/analysis/radare2/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix
index e59c48f91d3..0ffe937a93f 100644
--- a/pkgs/development/tools/analysis/radare2/default.nix
+++ b/pkgs/development/tools/analysis/radare2/default.nix
@@ -20,6 +20,7 @@
 , ruby
 , lua
 , capstone
+, fetchpatch
 , useX11 ? false
 , rubyBindings ? false
 , pythonBindings ? false
@@ -37,6 +38,19 @@ stdenv.mkDerivation rec {
     sha256 = "0n3k190qjhdlj10fjqijx6ismz0g7fk28i83j0480cxdqgmmlbxc";
   };
 
+  patches = [
+    # fix for CVE-2021-32613
+    (fetchpatch {
+      url = "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05.patch";
+      sha256 = "sha256-zCFNn968buLuSqfUT5E+72qz0l1tA3fEUQIxJl2nd3I=";
+    })
+    (fetchpatch {
+      name = "CVE-2021-32613.patch";
+      url = "https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc.patch";
+      sha256 = "sha256-s8SWGuSQ6fxDCybtjO2ZW8w7H6mr+AuzVLL6dw+XKDw=";
+    })
+  ];
+
   postInstall = ''
     install -D -m755 $src/binr/r2pm/r2pm $out/bin/r2pm
   '';

From 9bbf2ec131abd6b30f1b6b01e7ad4295d44ebdd2 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 26 May 2021 03:49:11 +0200
Subject: [PATCH 034/126] weechatScripts.wee-slack: 2.7.0 -> 2.8.0

https://github.com/wee-slack/wee-slack/releases/tag/v2.8.0
(cherry picked from commit d7de7087fcc62b0c571825d5aa3d096c277c1d41)
---
 .../0001-hardcode-json-file-path.patch        | 35 -------------------
 .../irc/weechat/scripts/wee-slack/default.nix | 11 +++---
 .../weechat/scripts/wee-slack/libpath.patch   | 14 ++++----
 .../scripts/wee-slack/load_weemoji_path.patch | 25 +++++++++++++
 4 files changed, 39 insertions(+), 46 deletions(-)
 delete mode 100644 pkgs/applications/networking/irc/weechat/scripts/wee-slack/0001-hardcode-json-file-path.patch
 create mode 100644 pkgs/applications/networking/irc/weechat/scripts/wee-slack/load_weemoji_path.patch

diff --git a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/0001-hardcode-json-file-path.patch b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/0001-hardcode-json-file-path.patch
deleted file mode 100644
index 45e620db258..00000000000
--- a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/0001-hardcode-json-file-path.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 5dd2593369645b11a9dc03e1930617d2f5dbd039 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
-Date: Wed, 11 Nov 2020 11:48:49 +0100
-Subject: [PATCH] hardcode json file path
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
----
- wee_slack.py | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/wee_slack.py b/wee_slack.py
-index a3d779c..5942289 100644
---- a/wee_slack.py
-+++ b/wee_slack.py
-@@ -5136,13 +5136,7 @@ def create_slack_debug_buffer():
- 
- def load_emoji():
-     try:
--        weechat_dir = w.info_get('weechat_dir', '')
--        weechat_sharedir = w.info_get('weechat_sharedir', '')
--        local_weemoji, global_weemoji = ('{}/weemoji.json'.format(path)
--                for path in (weechat_dir, weechat_sharedir))
--        path = (global_weemoji if os.path.exists(global_weemoji) and
--                not os.path.exists(local_weemoji) else local_weemoji)
--        with open(path, 'r') as ef:
-+        with open('@out@/share/wee-slack/weemoji.json', 'r') as ef:
-             emojis = json.loads(ef.read())
-             if 'emoji' in emojis:
-                 print_error('The weemoji.json file is in an old format. Please update it.')
--- 
-2.29.0
-
diff --git a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix
index 679e278c8a0..698ee80edf6 100644
--- a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix
+++ b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "wee-slack";
-  version = "2.7.0";
+  version = "2.8.0";
 
   src = fetchFromGitHub {
     repo = "wee-slack";
     owner = "wee-slack";
     rev = "v${version}";
-    sha256 = "sha256-6Z/H15bKe0PKpNe9PCgc5mLOii3CILCAVon7EgzIkx8=";
+    sha256 = "0xfklr0gsc9jgxfyrrb2j756lclz9g8imcb0pk0xgyj8mhsw23zk";
   };
 
   patches = [
@@ -16,10 +16,13 @@ stdenv.mkDerivation rec {
       src = ./libpath.patch;
       env = "${buildEnv {
         name = "wee-slack-env";
-        paths = with python3Packages; [ websocket_client six ];
+        paths = with python3Packages; [
+          websocket_client
+          six
+        ];
       }}/${python3Packages.python.sitePackages}";
     })
-    ./0001-hardcode-json-file-path.patch
+    ./load_weemoji_path.patch
   ];
 
   postPatch = ''
diff --git a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch
index af2dd36b41c..a6e38c16fb1 100644
--- a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch
+++ b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/libpath.patch
@@ -1,13 +1,13 @@
 diff --git a/wee_slack.py b/wee_slack.py
-index dbe6446..d1b7546 100644
+index e4716b4..f673b7c 100644
 --- a/wee_slack.py
 +++ b/wee_slack.py
-@@ -25,6 +25,8 @@ import random
- import socket
- import string
+@@ -31,6 +31,8 @@ import string
+ # See https://github.com/numpy/numpy/issues/11925
+ sys.modules["numpy"] = None
  
 +sys.path.append('@env@')
 +
- from websocket import ABNF, create_connection, WebSocketConnectionClosedException
- 
- try:
+ from websocket import (  # noqa: E402
+     ABNF,
+     create_connection,
diff --git a/pkgs/applications/networking/irc/weechat/scripts/wee-slack/load_weemoji_path.patch b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/load_weemoji_path.patch
new file mode 100644
index 00000000000..1e97dc32fa6
--- /dev/null
+++ b/pkgs/applications/networking/irc/weechat/scripts/wee-slack/load_weemoji_path.patch
@@ -0,0 +1,25 @@
+diff --git a/wee_slack.py b/wee_slack.py
+index e4716b4..ffd122d 100644
+--- a/wee_slack.py
++++ b/wee_slack.py
+@@ -6092,19 +6092,7 @@ def create_slack_debug_buffer():
+ 
+ def load_emoji():
+     try:
+-        weechat_dir = w.info_get("weechat_data_dir", "") or w.info_get(
+-            "weechat_dir", ""
+-        )
+-        weechat_sharedir = w.info_get("weechat_sharedir", "")
+-        local_weemoji, global_weemoji = (
+-            "{}/weemoji.json".format(path) for path in (weechat_dir, weechat_sharedir)
+-        )
+-        path = (
+-            global_weemoji
+-            if os.path.exists(global_weemoji) and not os.path.exists(local_weemoji)
+-            else local_weemoji
+-        )
+-        with open(path, "r") as ef:
++        with open("@out@/share/wee-slack/weemoji.json", "r") as ef:
+             emojis = json.loads(ef.read())
+             if "emoji" in emojis:
+                 print_error(

From f2cabb18e03afd50179b4a6d9d450aa674751b3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janne=20He=C3=9F?= <janne@hess.ooo>
Date: Mon, 31 May 2021 19:42:36 +0200
Subject: [PATCH 035/126] lua5_4: 5.4.2 -> 5.4.3

(cherry picked from commit 490970ae8b34107aa5e092629271ac7739407478)
---
 pkgs/development/interpreters/lua-5/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix
index 95b593fb5db..d2ba451b9e6 100644
--- a/pkgs/development/interpreters/lua-5/default.nix
+++ b/pkgs/development/interpreters/lua-5/default.nix
@@ -3,8 +3,8 @@
 
 rec {
   lua5_4 = callPackage ./interpreter.nix {
-    sourceVersion = { major = "5"; minor = "4"; patch = "2"; };
-    hash = "0ksj5zpj74n0jkamy3di1p6l10v4gjnd2zjnb453qc6px6bhsmqi";
+    sourceVersion = { major = "5"; minor = "4"; patch = "3"; };
+    hash = "1yxvjvnbg4nyrdv10bq42gz6dr66pyan28lgzfygqfwy2rv24qgq";
 
     patches = lib.optional stdenv.isDarwin ./5.4.darwin.patch;
   };

From cbe0e663eced8d77ec8400d8e790845fcf3b0de5 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Sun, 30 May 2021 13:12:32 +0200
Subject: [PATCH 036/126] nixos/acme: don't use --reuse-key

Reusing the same private/public key on renewal has two issues:

 - some providers don't accept to sign the same public key
   again (Buypass Go SSL)

 - keeping the same private key forever partly defeats the purpose of
   renewing the certificate often

Therefore, let's remove this option. People wanting to keep the same
key can set extraLegoRenewFlags to `[ --reuse-key ]` to keep the
previous behavior. Alternatively, we could put this as an option whose
default value is true.

(cherry picked from commit 632c8e1d54e299f656aa677f25552e1127f12849)
---
 nixos/doc/manual/release-notes/rl-2105.xml | 10 ++++++++++
 nixos/modules/security/acme.nix            |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 410d2432786..8abaae02b8a 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -795,6 +795,16 @@ environment.systemPackages = [
      the deprecated <option>services.radicale.config</option> is used.
     </para>
    </listitem>
+   <listitem>
+    <para>
+     In the <option>security.acme</option> module, use of <literal>--reuse-key</literal>
+     parameter  for Lego has been removed. It was introduced for HKPK, but this security
+     feature is now deprecated. It is a better security practice to rotate key pairs
+     instead of always keeping the same. If you need to keep this parameter, you can add
+     it back using <literal>extraLegoRenewFlags</literal> as an option for the
+     appropriate certificate.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index eb3599b924d..c0250171109 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -152,7 +152,7 @@ let
     );
     renewOpts = escapeShellArgs (
       commonOpts
-      ++ [ "renew" "--reuse-key" ]
+      ++ [ "renew" ]
       ++ optionals data.ocspMustStaple [ "--must-staple" ]
       ++ data.extraLegoRenewFlags
     );

From 05a82f0f468d0064c01911af2b43f2d57bd16984 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Tue, 1 Jun 2021 01:25:19 +0200
Subject: [PATCH 037/126] rust-cbindgen_latest: init at 0.19.0

---
 .../tools/rust/cbindgen/latest.nix            | 38 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  4 ++
 2 files changed, 42 insertions(+)
 create mode 100644 pkgs/development/tools/rust/cbindgen/latest.nix

diff --git a/pkgs/development/tools/rust/cbindgen/latest.nix b/pkgs/development/tools/rust/cbindgen/latest.nix
new file mode 100644
index 00000000000..c1bc2fb4c07
--- /dev/null
+++ b/pkgs/development/tools/rust/cbindgen/latest.nix
@@ -0,0 +1,38 @@
+{ lib, stdenv, fetchFromGitHub, rustPlatform, python3Packages, Security }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "rust-cbindgen";
+  version = "0.19.0";
+
+  src = fetchFromGitHub {
+    owner = "eqrion";
+    repo = "cbindgen";
+    rev = "v${version}";
+    sha256 = "0753dklr5lm1dmk6hy5khh8k3xyr5srfsq11l07685h71j7z0r00";
+  };
+
+  cargoSha256 = "0qyw0iqin7i31kk23ddsmywk7z0xxpd5n4q6dr6mf44y35a8krm8";
+
+  buildInputs = lib.optional stdenv.isDarwin Security;
+
+  checkInputs = [
+    python3Packages.cython
+  ];
+
+  checkFlags = [
+    # Disable tests that require rust unstable features
+    # https://github.com/eqrion/cbindgen/issues/338
+    "--skip test_expand"
+    "--skip test_bitfield"
+    "--skip lib_default_uses_debug_build"
+    "--skip lib_explicit_debug_build"
+    "--skip lib_explicit_release_build"
+  ];
+
+  meta = with lib; {
+    description = "A project for generating C bindings from Rust code";
+    homepage = "https://github.com/eqrion/cbindgen";
+    license = licenses.mpl20;
+    maintainers = with maintainers; [ jtojnar ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e563a29cb2e..17f6ef9e8c0 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -11758,6 +11758,10 @@ in
   rust-cbindgen = callPackage ../development/tools/rust/cbindgen {
     inherit (darwin.apple_sdk.frameworks) Security;
   };
+  rust-cbindgen_latest = callPackage ../development/tools/rust/cbindgen/latest.nix {
+    inherit (darwin.apple_sdk.frameworks) Security;
+  };
+
   rustup = callPackage ../development/tools/rust/rustup {
     inherit (darwin.apple_sdk.frameworks) CoreServices Security;
   };

From 66959b52fda9191ccde1327046528ed361f05d03 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 31 May 2021 13:31:09 +0200
Subject: [PATCH 038/126] firefox: 88.0.1 -> 89.0

https://www.mozilla.org/en-US/firefox/89.0/releasenotes/
(cherry picked from commit bcc35ef63fbabdd9e0b03213fb4af67dedf4c359)
---
 pkgs/applications/networking/browsers/firefox/common.nix  | 8 +++++++-
 .../applications/networking/browsers/firefox/packages.nix | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/networking/browsers/firefox/common.nix b/pkgs/applications/networking/browsers/firefox/common.nix
index e35fd6ca701..62e641280b6 100644
--- a/pkgs/applications/networking/browsers/firefox/common.nix
+++ b/pkgs/applications/networking/browsers/firefox/common.nix
@@ -16,6 +16,10 @@
 
 ### optionals
 
+## backported libraries
+
+, rust-cbindgen_latest
+
 ## optional libraries
 
 , alsaSupport ? stdenv.isLinux, alsaLib
@@ -90,6 +94,8 @@ let
             then "/Applications/${binaryNameCapitalized}.app/Contents/MacOS"
             else "/bin";
 
+  rust-cbindgen_pkg = if lib.versionAtLeast ffversion "89" then rust-cbindgen_latest else rust-cbindgen;
+
   # 78 ESR won't build with rustc 1.47
   inherit (if lib.versionAtLeast ffversion "82" then rustPackages else rustPackages_1_45)
     rustc cargo;
@@ -226,7 +232,7 @@ buildStdenv.mkDerivation ({
       perl
       pkg-config
       python3
-      rust-cbindgen
+      rust-cbindgen_pkg
       rustc
       which
       unzip
diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 05f2524f949..b4d87b859ae 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -7,10 +7,10 @@ in
 rec {
   firefox = common rec {
     pname = "firefox";
-    ffversion = "88.0.1";
+    ffversion = "89.0";
     src = fetchurl {
       url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
-      sha512 = "e2d7fc950ba49f225c83ee1d799d6318fcf16c33a3b7f40b85c49d5b7865f7e632c703e5fd227a303b56e2565d0796283ebb12d7fd1a02781dcaa45e84cea934";
+      sha512 = "5089720feda15d054d0aa4c3bdeb84760314dadd6381d7360e688d8e396154868220c6315add650d8d2a42652cb8a9bfeb833885812ef0bd70a74ee58ad18aa3";
     };
 
     meta = {

From 9e2c334e52c11e38aa582636efc2bbba31a1afe6 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Mon, 31 May 2021 14:48:15 -0700
Subject: [PATCH 039/126] nixos/doc/releases: update stable release info to
 21.05

(cherry picked from commit 545ba18df2ca2077d6c1a69e02648ad88dd5d968)
---
 nixos/doc/manual/installation/upgrading.xml | 16 ++++++++--------
 nixos/doc/manual/release-notes/rl-2105.xml  |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/nixos/doc/manual/installation/upgrading.xml b/nixos/doc/manual/installation/upgrading.xml
index 15ba5db9a37..960d4fa9a43 100644
--- a/nixos/doc/manual/installation/upgrading.xml
+++ b/nixos/doc/manual/installation/upgrading.xml
@@ -14,7 +14,7 @@
     <para>
      <emphasis>Stable channels</emphasis>, such as
      <literal
-    xlink:href="https://nixos.org/channels/nixos-20.09">nixos-20.09</literal>.
+    xlink:href="https://nixos.org/channels/nixos-21.05">nixos-21.05</literal>.
      These only get conservative bug fixes and package upgrades. For instance,
      a channel update may cause the Linux kernel on your system to be upgraded
      from 4.19.34 to 4.19.38 (a minor bug fix), but not from
@@ -38,7 +38,7 @@
     <para>
      <emphasis>Small channels</emphasis>, such as
      <literal
-    xlink:href="https://nixos.org/channels/nixos-20.09-small">nixos-20.09-small</literal>
+    xlink:href="https://nixos.org/channels/nixos-21.05-small">nixos-21.05-small</literal>
      or
      <literal
     xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>.
@@ -63,8 +63,8 @@
  <para>
   When you first install NixOS, you’re automatically subscribed to the NixOS
   channel that corresponds to your installation source. For instance, if you
-  installed from a 20.09 ISO, you will be subscribed to the
-  <literal>nixos-20.09</literal> channel. To see which NixOS channel you’re
+  installed from a 21.05 ISO, you will be subscribed to the
+  <literal>nixos-21.05</literal> channel. To see which NixOS channel you’re
   subscribed to, run the following as root:
 <screen>
 <prompt># </prompt>nix-channel --list | grep nixos
@@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable
 <prompt># </prompt>nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
 </screen>
   (Be sure to include the <literal>nixos</literal> parameter at the end.) For
-  instance, to use the NixOS 20.09 stable channel:
+  instance, to use the NixOS 21.05 stable channel:
 <screen>
-<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09 nixos
+<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05 nixos
 </screen>
   If you have a server, you may want to use the “small” channel instead:
 <screen>
-<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09-small nixos
+<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05-small nixos
 </screen>
   And if you want to live on the bleeding edge:
 <screen>
@@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable
    kernel, initrd or kernel modules.
    You can also specify a channel explicitly, e.g.
 <programlisting>
-<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.09;
+<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-21.05;
 </programlisting>
   </para>
  </section>
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 8abaae02b8a..84b4d17bfaf 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -3,7 +3,7 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-release-21.05">
- <title>Release 21.05 (“Okapi”, 2021.05/??)</title>
+ <title>Release 21.05 (“Okapi”, 2021.05/31)</title>
 
  <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"

From a8eeea419e98223cf465cc17c27fdc017d8fc7ae Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Thu, 6 May 2021 22:26:54 -0700
Subject: [PATCH 040/126] nixos/release-notes: Initial grooming of release
 notes

(cherry picked from commit f15d286aaca6f7bd9f246c72978992ea8bb73e63)
---
 nixos/doc/manual/release-notes/rl-2105.xml | 73 +++++++++++++++++++++-
 1 file changed, 71 insertions(+), 2 deletions(-)

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 84b4d17bfaf..0b0bf68f9db 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -5,6 +5,9 @@
          xml:id="sec-release-21.05">
  <title>Release 21.05 (“Okapi”, 2021.05/31)</title>
 
+ <para>
+  Support is planned until the end of December 2021, handing over to 21.11.
+ </para>
  <section xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
@@ -18,18 +21,80 @@
   </para>
 
   <itemizedlist>
+
    <listitem>
     <para>
-     Support is planned until the end of December 2021, handing over to 21.11.
+     Core version changes:
     </para>
+    <itemizedlist>
+     <listitem>
+      <para>
+       gcc: 9.3.0 -> 10.3.0
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+       glibc: 2.30 -> 2.32
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+        default linux: 5.4 -> 5.10, all supported kernels available
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+        mesa: 20.1.7 -> 21.0.1
+      </para>
+     </listitem>
+    </itemizedlist>
    </listitem>
    <listitem>
     <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para>
     <para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para>
+    <para>
+     Desktop Environments:
+    </para>
+    <itemizedlist>
+     <listitem>
+      <para>
+        Gnome: 3.36 -> 3.40, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.40/">release notes</link>
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+        Plasma5: 5.18.5 -> 5.21.3
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+        kdeApplications: 20.08.1 -> 20.12.3
+      </para>
+     </listitem>
+      <listitem>
+       <para>
+         cinnamon: 4.6 -> 4.8.1
+      </para>
+     </listitem>
+    </itemizedlist>
    </listitem>
+
    <listitem>
-    <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
+    <para>
+     Programming Languages and Frameworks:
+    </para>
+    <itemizedlist>
+
+     <listitem>
+      <para>
+       Python optimizations were disabled again. Builds with optimizations enabled
+       are not reproducible. Optimizations can now be enabled with an option.
+      </para>
+     </listitem>
+
+    </itemizedlist>
    </listitem>
+
    <listitem>
     <para>
      <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
@@ -193,6 +258,10 @@
   </para>
 
   <itemizedlist>
+   <listitem>
+    <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
+   </listitem>
+
    <listitem>
     <para>
      If you are using <option>services.udev.extraRules</option> to assign

From 7e9b0dff974c89e070da1ad85713ff3c20b0ca97 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Mon, 31 May 2021 18:49:13 -0700
Subject: [PATCH 041/126] nixos/release-notes: move non-highlights to other
 mentions

(cherry picked from commit 9a3e8699976bd673f9f4eee64e254ccb7a1fadce)
---
 nixos/doc/manual/release-notes/rl-2105.xml | 199 ++++++++++-----------
 1 file changed, 99 insertions(+), 100 deletions(-)

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 0b0bf68f9db..8e631d752cf 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -50,8 +50,6 @@
     </itemizedlist>
    </listitem>
    <listitem>
-    <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para>
-    <para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para>
     <para>
      Desktop Environments:
     </para>
@@ -94,103 +92,10 @@
 
     </itemizedlist>
    </listitem>
+   <listitem>
+    <para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para>
+   </listitem>
 
-   <listitem>
-    <para>
-     <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
-     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
-     packaged, along with a rewrite to the Nix expressions, allowing users to
-     override the features upstream supports selecting to compile or not to.
-     Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
-     now point to an externally wrapped by default derivations, that allow you to
-     also add `extraPythonPackages` to the Python interpreter used by GNURadio.
-     Missing environmental variables needed for operational GUI were also added
-     (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
-    </para>
-   </listitem>
-   <listitem>
-    <para>
-     <link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
-     <code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
-     function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
-     <code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
-     defined with <code>gnuradio.callPackage</code> and some packages that depend
-     on gnuradio are defined with this as well.
-    </para>
-   </listitem>
-   <listitem>
-    <para>
-     <link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
-     to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
-     Compared to the previous release, Privoxy has gained support for HTTPS
-     inspection (still experimental), Brotli decompression, several new filters
-     and lots of bug fixes, including security ones. In addition, the package
-     is now built with compression and external filters support, which were
-     previously disabled.
-    </para>
-    <para>
-     Regarding the NixOS module, new options for HTTPS inspection have been added
-     and <option>services.privoxy.extraConfig</option> has been replaced by the new
-     <xref linkend="opt-services.privoxy.settings"/>
-     (See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
-     for the motivation).
-    </para>
-   </listitem>
-   <listitem>
-    <para>
-     Python optimizations were disabled again. Builds with optimizations enabled
-     are not reproducible. Optimizations can now be enabled with an option.
-    </para>
-   </listitem>
-   <listitem>
-    <para>
-     <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
-     the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
-     further details.
-    </para>
-   </listitem>
-   <listitem>
-    <para>
-     The <option>services.packagekit.backend</option> option has been removed as
-     it only supported a single setting which would always be the default.
-     Instead new <link
-     xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
-     0042</link> compliant <xref linkend="opt-services.packagekit.settings"/>
-     and <xref linkend="opt-services.packagekit.vendorSettings"/> options have
-     been introduced.
-    </para>
-   </listitem>
-   <listitem>
-    <para>
-      <link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
-      Now nginx uses the zlib-ng library by default.
-    </para>
-   </listitem>
-   <listitem>
-    <para>
-     KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
-     <link xlink:href="https://kde.org/announcements/gear/21.04/">release
-     notes</link> for details.
-    </para>
-    <para>
-     The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
-     in keeping with the new name. The old name remains for compatibility, but
-     it is deprecated.
-    </para>
-   </listitem>
-   <listitem>
-    <para>
-     <link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
-     to version 4.4. The package now includes example configurations and manual
-     pages by default. The NixOS module has been changed to use the upstream
-     systemd units and write the configuration in the <literal>/etc/ipsec.d/
-     </literal> directory. In addition, two new options have been added to
-     specify connection policies
-     (<xref linkend="opt-services.libreswan.policies"/>)
-     and disable send/receive redirects
-     (<xref linkend="opt-services.libreswan.disableRedirects"/>).
-    </para>
-   </listitem>
   </itemizedlist>
  </section>
 
@@ -206,6 +111,20 @@
   </para>
 
   <itemizedlist>
+   <listitem>
+    <para>
+     <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was
+     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link>
+     packaged, along with a rewrite to the Nix expressions, allowing users to
+     override the features upstream supports selecting to compile or not to.
+     Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code>
+     now point to an externally wrapped by default derivations, that allow you to
+     also add `extraPythonPackages` to the Python interpreter used by GNURadio.
+     Missing environmental variables needed for operational GUI were also added
+     (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>).
+    </para>
+   </listitem>
+
    <listitem>
      <para>
        <link xlink:href="https://www.keycloak.org/">Keycloak</link>,
@@ -660,7 +579,7 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e
        <programlisting>
 self: super:
 {
- mpi = super.mpich;
+  mpi = super.mpich;
 }
        </programlisting>
      </para>
@@ -893,6 +812,85 @@ environment.systemPackages = [
      for details.
     </para>
    </listitem>
+
+   <listitem>
+    <para>
+     <link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a
+     <code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code>
+     function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a
+     <code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are
+     defined with <code>gnuradio.callPackage</code> and some packages that depend
+     on gnuradio are defined with this as well.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated
+     to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>).
+     Compared to the previous release, Privoxy has gained support for HTTPS
+     inspection (still experimental), Brotli decompression, several new filters
+     and lots of bug fixes, including security ones. In addition, the package
+     is now built with compression and external filters support, which were
+     previously disabled.
+    </para>
+    <para>
+     Regarding the NixOS module, new options for HTTPS inspection have been added
+     and <option>services.privoxy.extraConfig</option> has been replaced by the new
+     <xref linkend="opt-services.privoxy.settings"/>
+     (See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link>
+     for the motivation).
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See
+     the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for
+     further details.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     The <option>services.packagekit.backend</option> option has been removed as
+     it only supported a single setting which would always be the default.
+     Instead new <link
+     xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC
+     0042</link> compliant <xref linkend="opt-services.packagekit.settings"/>
+     and <xref linkend="opt-services.packagekit.vendorSettings"/> options have
+     been introduced.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+      <link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0.
+      Now nginx uses the zlib-ng library by default.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its
+     <link xlink:href="https://kde.org/announcements/gear/21.04/">release
+     notes</link> for details.
+    </para>
+    <para>
+     The <code>kdeApplications</code> package set is now <code>kdeGear</code>,
+     in keeping with the new name. The old name remains for compatibility, but
+     it is deprecated.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     <link xlink:href="https://libreswan.org/">Libreswan</link> has been updated
+     to version 4.4. The package now includes example configurations and manual
+     pages by default. The NixOS module has been changed to use the upstream
+     systemd units and write the configuration in the <literal>/etc/ipsec.d/
+     </literal> directory. In addition, two new options have been added to
+     specify connection policies
+     (<xref linkend="opt-services.libreswan.policies"/>)
+     and disable send/receive redirects
+     (<xref linkend="opt-services.libreswan.disableRedirects"/>).
+    </para>
+   </listitem>
+
    <listitem>
     <para>
      The Mailman NixOS module (<literal>services.mailman</literal>) has a new
@@ -1054,7 +1052,8 @@ environment.systemPackages = [
      PulseAudio was upgraded to 14.0, with changes to the handling of default sinks.
      See its <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release notes</link>.
     </para>
-
+   </listitem>
+   <listitem>
     <para>
      GNOME users may wish to delete their <literal>~/.config/pulse</literal> due to the changes to stream routing
      logic. See <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio bug 832</link>

From 58301adb35f8a902da4548292039266d026a9fbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 31 May 2021 16:40:17 +0200
Subject: [PATCH 042/126] delve: disable source fortify at runtime

(cherry picked from commit b48e56c74634757b4f85e06377dd4f89c85d9a26)
---
 pkgs/development/tools/delve/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/tools/delve/default.nix b/pkgs/development/tools/delve/default.nix
index 62e51597055..2d2eecd5412 100644
--- a/pkgs/development/tools/delve/default.nix
+++ b/pkgs/development/tools/delve/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoPackage, fetchFromGitHub }:
+{ lib, buildGoPackage, fetchFromGitHub, makeWrapper }:
 
 buildGoPackage rec {
   pname = "delve";
@@ -14,6 +14,16 @@ buildGoPackage rec {
     sha256 = "sha256-bTVCasemE8Vyjcs8wZBiiXEsW3UBndjpPQ5bi+4vQkw=";
   };
 
+  subPackages = [ "cmd/dlv" ];
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  postInstall = ''
+    # fortify source breaks build since delve compiles with -O0
+    wrapProgram $out/bin/dlv \
+      --set "disableHardening" fortify
+  '';
+
   meta = with lib; {
     description = "debugger for the Go programming language";
     homepage = "https://github.com/derekparker/delve";

From c5a8c128665f53d41564ebf8f715c3676b9fcecc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <Mic92@users.noreply.github.com>
Date: Tue, 1 Jun 2021 07:23:50 +0200
Subject: [PATCH 043/126] Update pkgs/development/tools/delve/default.nix

Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
(cherry picked from commit c9927ba895f17ae58dfe8dc736a9ba8508e623ee)
---
 pkgs/development/tools/delve/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/development/tools/delve/default.nix b/pkgs/development/tools/delve/default.nix
index 2d2eecd5412..9a0d19840e4 100644
--- a/pkgs/development/tools/delve/default.nix
+++ b/pkgs/development/tools/delve/default.nix
@@ -21,7 +21,7 @@ buildGoPackage rec {
   postInstall = ''
     # fortify source breaks build since delve compiles with -O0
     wrapProgram $out/bin/dlv \
-      --set "disableHardening" fortify
+      --prefix disableHardening " " fortify
   '';
 
   meta = with lib; {

From 25ffebcb62524d3325c04af7f079ebfd5808a0e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 1 Jun 2021 06:24:20 +0200
Subject: [PATCH 044/126] radare2: 5.2.1 -> 5.3.0

(cherry picked from commit bfaa9f175bdfd9a5106021ae1906a35f429e283f)
---
 .../tools/analysis/radare2/default.nix         | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix
index 0ffe937a93f..f51f0f9368d 100644
--- a/pkgs/development/tools/analysis/radare2/default.nix
+++ b/pkgs/development/tools/analysis/radare2/default.nix
@@ -20,7 +20,6 @@
 , ruby
 , lua
 , capstone
-, fetchpatch
 , useX11 ? false
 , rubyBindings ? false
 , pythonBindings ? false
@@ -29,28 +28,15 @@
 
 stdenv.mkDerivation rec {
   pname = "radare2";
-  version = "5.2.1";
+  version = "5.3.0";
 
   src = fetchFromGitHub {
     owner = "radare";
     repo = "radare2";
     rev = version;
-    sha256 = "0n3k190qjhdlj10fjqijx6ismz0g7fk28i83j0480cxdqgmmlbxc";
+    sha256 = "sha256-xndnRVlqTB/NH1ROo7xkftLP7DufsJu4CCA9MCOEeng=";
   };
 
-  patches = [
-    # fix for CVE-2021-32613
-    (fetchpatch {
-      url = "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05.patch";
-      sha256 = "sha256-zCFNn968buLuSqfUT5E+72qz0l1tA3fEUQIxJl2nd3I=";
-    })
-    (fetchpatch {
-      name = "CVE-2021-32613.patch";
-      url = "https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc.patch";
-      sha256 = "sha256-s8SWGuSQ6fxDCybtjO2ZW8w7H6mr+AuzVLL6dw+XKDw=";
-    })
-  ];
-
   postInstall = ''
     install -D -m755 $src/binr/r2pm/r2pm $out/bin/r2pm
   '';

From 4718cb50f555b02bcca40150afc4981e090c74c6 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Tue, 1 Jun 2021 09:20:16 +0200
Subject: [PATCH 045/126] nginx: fix link to discussion explaining why "with"
 is not used

This is because we are in a huge "rec" that takes precedence for
symbols in its scope, despite the more nested "with".

(cherry picked from commit 7ee8945a120da5b10fa0eac9fc59b92531ac8552)
---
 pkgs/top-level/all-packages.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e563a29cb2e..7357848ce23 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -19203,7 +19203,7 @@ in
     zlib = zlib-ng.override { withZlibCompat = true; };
     withPerl = false;
     # We don't use `with` statement here on purpose!
-    # See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
+    # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334
     modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
     # Use latest boringssl to allow http3 support
     openssl = boringssl;
@@ -19213,7 +19213,7 @@ in
     zlib = zlib-ng.override { withZlibCompat = true; };
     withPerl = false;
     # We don't use `with` statement here on purpose!
-    # See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
+    # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334
     modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
   };
 
@@ -19221,7 +19221,7 @@ in
     zlib = zlib-ng.override { withZlibCompat = true; };
     withPerl = false;
     # We don't use `with` statement here on purpose!
-    # See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
+    # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334
     modules = [ nginxModules.dav nginxModules.moreheaders ];
   };
 

From cb58ba1c5515792e5e4e24d6aa28b042fab3cffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Tue, 1 Jun 2021 11:22:11 +0200
Subject: [PATCH 046/126] zstd: patch test flakiness on i686

https://hydra.nixos.org/build/143933617/nixlog/246/tail
The last attempt I see on 21.05 has failed:
https://hydra.nixos.org/build/144447049#tabs-buildsteps
---
 pkgs/tools/compression/zstd/default.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/compression/zstd/default.nix b/pkgs/tools/compression/zstd/default.nix
index e890518a45a..2740ebde5bd 100644
--- a/pkgs/tools/compression/zstd/default.nix
+++ b/pkgs/tools/compression/zstd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, cmake, bash, gnugrep
+{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, bash, gnugrep
 , fixDarwinDylibNames
 , file
 , legacySupport ? false
@@ -24,7 +24,13 @@ stdenv.mkDerivation rec {
     # This patches makes sure we do not attempt to use the MD5 implementation
     # of the host platform when running the tests
     ./playtests-darwin.patch
-  ];
+  ] ++ lib.optional stdenv.is32bit
+    (fetchpatch { # https://github.com/facebook/zstd/pull/2606
+      name = "test-memory-usage.diff";
+      url = "https://github.com/facebook/zstd/commit/6f40571a.diff";
+      sha256 = "1484k5b99wplv9vjvvxjn88l13hlay6bynhq3zh1nd34whyi1kd0";
+    });
+
 
   postPatch = lib.optionalString (!static) ''
     substituteInPlace build/cmake/CMakeLists.txt \

From 803502aaae5a134cd3f370fc456201873348ab3d Mon Sep 17 00:00:00 2001
From: wearemnr <wearemnr@pm.me>
Date: Tue, 25 May 2021 08:12:54 +0300
Subject: [PATCH 047/126] discord: 0.0.14 -> 0.0.15

(cherry picked from commit 501e54080dfc82c41011d371677a7390eab61586)
---
 .../instant-messengers/discord/default.nix           | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/discord/default.nix b/pkgs/applications/networking/instant-messengers/discord/default.nix
index 4a0bc23be2f..0d75b374792 100644
--- a/pkgs/applications/networking/instant-messengers/discord/default.nix
+++ b/pkgs/applications/networking/instant-messengers/discord/default.nix
@@ -7,30 +7,30 @@ in {
     pname = "discord";
     binaryName = "Discord";
     desktopName = "Discord";
-    version = "0.0.14";
+    version = "0.0.15";
     src = fetchurl {
       url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
-      sha256 = "1rq490fdl5pinhxk8lkfcfmfq7apj79jzf3m14yql1rc9gpilrf2";
+      sha256 = "0pn2qczim79hqk2limgh88fsn93sa8wvana74mpdk5n6x5afkvdd";
     };
   };
   ptb = callPackage ./base.nix rec {
     pname = "discord-ptb";
     binaryName = "DiscordPTB";
     desktopName = "Discord PTB";
-    version = "0.0.23";
+    version = "0.0.25";
     src = fetchurl {
       url = "https://dl-ptb.discordapp.net/apps/linux/${version}/discord-ptb-${version}.tar.gz";
-      sha256 = "0vxz68vldrbmmw1alpwl7blfcy6byd6zg9m0851dm0p0ldyhsp5j";
+      sha256 = "082ygmsycicddpkv5s03vw3rjkrk4lgprq29z8b1hdjifvw93b21";
     };
   };
   canary = callPackage ./base.nix rec {
     pname = "discord-canary";
     binaryName = "DiscordCanary";
     desktopName = "Discord Canary";
-    version = "0.0.122";
+    version = "0.0.123";
     src = fetchurl {
       url = "https://dl-canary.discordapp.net/apps/linux/${version}/discord-canary-${version}.tar.gz";
-      sha256 = "0ph7gp77wzjpr7nhv13fg64j97dxjwmivshr56ly3kjhmvvanj7k";
+      sha256 = "0bijwfsd9s4awqkgxd9c2cxh7y5r06vix98qjp0dkv63r6jig8ch";
     };
   };
 }.${branch}

From a1d551b23b2cdefe3909ef5287f2a67d8a54a930 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Tue, 25 May 2021 13:22:50 -0700
Subject: [PATCH 048/126] discord: fix runtime linking

(cherry picked from commit c5bed409b29dfbf467a71fab9679cf189ccfa428)
---
 .../networking/instant-messengers/discord/base.nix          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/discord/base.nix b/pkgs/applications/networking/instant-messengers/discord/base.nix
index 841c979e97f..a61ab254348 100644
--- a/pkgs/applications/networking/instant-messengers/discord/base.nix
+++ b/pkgs/applications/networking/instant-messengers/discord/base.nix
@@ -23,7 +23,7 @@ in stdenv.mkDerivation rec {
     libXScrnSaver
     libXtst
     libxcb
-    mesa.drivers
+    mesa
     nss
     wrapGAppsHook
   ];
@@ -31,7 +31,7 @@ in stdenv.mkDerivation rec {
   dontWrapGApps = true;
 
   libPath = lib.makeLibraryPath [
-    libcxx systemd libpulseaudio
+    libcxx systemd libpulseaudio libdrm mesa
     stdenv.cc.cc alsaLib atk at-spi2-atk at-spi2-core cairo cups dbus expat fontconfig freetype
     gdk-pixbuf glib gtk3 libnotify libX11 libXcomposite libuuid
     libXcursor libXdamage libXext libXfixes libXi libXrandr libXrender
@@ -50,7 +50,7 @@ in stdenv.mkDerivation rec {
     wrapProgram $out/opt/${binaryName}/${binaryName} \
         "''${gappsWrapperArgs[@]}" \
         --prefix XDG_DATA_DIRS : "${gtk3}/share/gsettings-schemas/${gtk3.name}/" \
-        --prefix LD_LIBRARY_PATH : ${libPath}
+        --prefix LD_LIBRARY_PATH : ${libPath}:$out/opt/${binaryName}
 
     ln -s $out/opt/${binaryName}/${binaryName} $out/bin/
     ln -s $out/opt/${binaryName}/discord.png $out/share/pixmaps/${pname}.png

From a87958a49d7d8d66b7a747da9681f366e4780854 Mon Sep 17 00:00:00 2001
From: Kerstin Humm <kerstin@erictapen.name>
Date: Mon, 24 May 2021 00:19:09 +0200
Subject: [PATCH 049/126] haskellPackages.hakyll: unbreak, jailbreak, patch for
 pandoc version

(cherry picked from commit 8f33bb975daf526d916035413b67fcc939f09c5c)
---
 .../haskell-modules/configuration-common.nix    | 17 +++++++++++++++++
 .../configuration-hackage2nix/broken.yaml       |  1 -
 .../haskell-modules/hackage-packages.nix        |  2 --
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix
index f293048e817..7f093153292 100644
--- a/pkgs/development/haskell-modules/configuration-common.nix
+++ b/pkgs/development/haskell-modules/configuration-common.nix
@@ -1156,6 +1156,23 @@ self: super: {
   # Therefore we jailbreak it.
   hakyll-contrib-hyphenation = doJailbreak super.hakyll-contrib-hyphenation;
 
+  # Jailbreak due to bounds on multiple dependencies,
+  # bound on pandoc needs to be patched since it is conditional
+  hakyll = doJailbreak (overrideCabal super.hakyll (drv: {
+    patches = [
+      # Remove when Hakyll > 4.14.0.0
+      (pkgs.fetchpatch {
+        url = "https://github.com/jaspervdj/hakyll/commit/0dc6127d81ff688e27c36ce469230320eee60246.patch";
+        sha256 = "sha256-YyRz3bAmIBODTEeS5kGl2J2x31SjiPoLzUZUlo3nHvQ=";
+      })
+      # Remove when Hakyll > 4.14.0.0
+      (pkgs.fetchpatch {
+        url = "https://github.com/jaspervdj/hakyll/commit/af9e29b5456c105dc948bc46c93e989a650b5ed1.patch";
+        sha256 = "sha256-ghc0V5L9OybNHWKmM0vhjRBN2rIvDlp+ClcK/aQst44=";
+      })
+    ];
+  }));
+
   # 2020-06-22: NOTE: > 0.4.0 => rm Jailbreak: https://github.com/serokell/nixfmt/issues/71
   nixfmt = doJailbreak super.nixfmt;
 
diff --git a/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml b/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
index 0aade87acbf..687390a1d50 100644
--- a/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
+++ b/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
@@ -1745,7 +1745,6 @@ broken-packages:
   - hakismet
   - hakka
   - hako
-  - hakyll
   - hakyll-shortcode
   - HaLeX
   - halfs
diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix
index c04898da528..57d7ecd7a73 100644
--- a/pkgs/development/haskell-modules/hackage-packages.nix
+++ b/pkgs/development/haskell-modules/hackage-packages.nix
@@ -114775,8 +114775,6 @@ self: {
        testToolDepends = [ utillinux ];
        description = "A static website compiler library";
        license = lib.licenses.bsd3;
-       hydraPlatforms = lib.platforms.none;
-       broken = true;
      }) {inherit (pkgs) utillinux;};
 
   "hakyll-R" = callPackage

From 705afa0294ac76e53d3ce391998da556d3d7c3ac Mon Sep 17 00:00:00 2001
From: Kerstin Humm <kerstin@erictapen.name>
Date: Mon, 24 May 2021 00:25:55 +0200
Subject: [PATCH 050/126] haskellPackages.webify: unbreak, jailbreak, as
 patches are not upstreamable atm

(cherry picked from commit b401b432099d174dadd26a4c00f5afb62d7c2e01)
---
 .../haskell-modules/configuration-common.nix         | 12 ++++--------
 .../configuration-hackage2nix/broken.yaml            |  1 -
 .../development/haskell-modules/hackage-packages.nix |  2 --
 3 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix
index 7f093153292..d62741d590e 100644
--- a/pkgs/development/haskell-modules/configuration-common.nix
+++ b/pkgs/development/haskell-modules/configuration-common.nix
@@ -1224,14 +1224,10 @@ self: super: {
   hasql-notifications = dontCheck super.hasql-notifications;
   hasql-pool = dontCheck super.hasql-pool;
 
-  # This bumps optparse-applicative to <0.16 in the cabal file, as otherwise
-  # the version bounds are not satisfied.  This can be removed if the PR at
-  # https://github.com/ananthakumaran/webify/pull/27 is merged and a new
-  # release of webify is published.
-  webify = appendPatch super.webify (pkgs.fetchpatch {
-    url = "https://github.com/ananthakumaran/webify/pull/27/commits/6d653e7bdc1ffda75ead46851b5db45e87cb2aa0.patch";
-    sha256 = "0xbfhzhzg94b4r5qy5dg1c40liswwpqarrc2chcwgfbfnrmwkfc2";
-  });
+  # We jailbreak webify, as optparse-applicative evolved past the version bound
+  # and the corresponding (and outdated) PR was not merged for a year.
+  # https://github.com/ananthakumaran/webify/pull/27
+  webify = doJailbreak super.webify;
 
   # hasn‘t bumped upper bounds
   # upstream: https://github.com/obsidiansystems/which/pull/6
diff --git a/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml b/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
index 687390a1d50..8faaff9ddc5 100644
--- a/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
+++ b/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
@@ -5025,7 +5025,6 @@ broken-packages:
   - web-encodings
   - WeberLogic
   - webfinger-client
-  - webify
   - webkit-javascriptcore
   - webmention
   - web-output
diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix
index 57d7ecd7a73..95399b7ba50 100644
--- a/pkgs/development/haskell-modules/hackage-packages.nix
+++ b/pkgs/development/haskell-modules/hackage-packages.nix
@@ -278697,8 +278697,6 @@ self: {
        ];
        description = "webfont generator";
        license = lib.licenses.mit;
-       hydraPlatforms = lib.platforms.none;
-       broken = true;
      }) {};
 
   "webkit" = callPackage

From 0462a6da7a28229cd876f0efe385445f0821ce37 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Tue, 1 Jun 2021 08:00:51 +0000
Subject: [PATCH 051/126] deno: 1.10.2 -> 1.10.3

(cherry picked from commit c89224c2d351fa860fe7703aba498b6f64e28f41)
---
 pkgs/development/web/deno/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/web/deno/default.nix b/pkgs/development/web/deno/default.nix
index 80e68003b4e..08c69dde399 100644
--- a/pkgs/development/web/deno/default.nix
+++ b/pkgs/development/web/deno/default.nix
@@ -17,15 +17,15 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "deno";
-  version = "1.10.2";
+  version = "1.10.3";
 
   src = fetchFromGitHub {
     owner = "denoland";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-uePCEYcYahsxcgA+GDcloqqo+dr7Y2N/9nps6Y79D58=";
+    sha256 = "sha256-25FfxGtPZ+KQCmXur6pwrb1l/xjCWgw69CMLPihnhAU=";
   };
-  cargoSha256 = "sha256-6fm1RWuTVWCE6nKgkC/SRQYRXGf9SGv7kAXWNqsdQS8=";
+  cargoSha256 = "sha256-CopfdjafWAhpbrdYSHJjKHKCLw94TSaiSAH4CVFOHi8=";
 
   # Install completions post-install
   nativeBuildInputs = [ installShellFiles ];

From 529b6eee47ea8ed038aa9432179a49b80241aa9b Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sat, 29 May 2021 20:38:07 +0100
Subject: [PATCH 052/126] yara: 4.0.5 -> 4.1.1

(cherry picked from commit 2d7f554229393ddb0441dd31e37db7ad7b48dab0)
---
 pkgs/tools/security/yara/default.nix | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix
index 506bf0f719d..3d4411d9087 100644
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -1,5 +1,4 @@
 { lib, stdenv
-, fetchpatch
 , fetchFromGitHub
 , autoreconfHook
 , pcre
@@ -14,14 +13,14 @@
 }:
 
 stdenv.mkDerivation rec {
-  version = "4.0.5";
+  version = "4.1.1";
   pname = "yara";
 
   src = fetchFromGitHub {
     owner = "VirusTotal";
     repo = "yara";
     rev = "v${version}";
-    sha256 = "1gkdll2ygdlqy1f27a5b84gw2bq75ss7acsx06yhiss90qwdaalq";
+    sha256 = "185j7firn7i5506rcp0va7sxdbminwrm06jsm4c70jf98qxmv522";
   };
 
   nativeBuildInputs = [ autoreconfHook pkg-config ];
@@ -34,19 +33,6 @@ stdenv.mkDerivation rec {
 
   preConfigure = "./bootstrap.sh";
 
-  # If static builds are disabled, `make all-am` will fail to find libyara.a and
-  # cause a build failure. It appears that somewhere between yara 4.0.1 and
-  # 4.0.5, linking the yara binaries dynamically against libyara.so was broken.
-  #
-  # This was already fixed in yara master. Backport the patch to yara 4.0.5.
-  patches = [
-    (fetchpatch {
-      name = "fix-build-with-no-static.patch";
-      url = "https://github.com/VirusTotal/yara/commit/52e6866023b9aca26571c78fb8759bc3a51ba6dc.diff";
-      sha256 = "074cf99j0rqiyacp60j1hkvjqxia7qwd11xjqgcr8jmfwihb38nr";
-    })
-  ];
-
   configureFlags = [
     (lib.withFeature withCrypto "crypto")
     (lib.enableFeature enableCuckoo "cuckoo")

From abc7f8ee129deb7422330561de66acb44afacc04 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sat, 29 May 2021 20:47:22 +0100
Subject: [PATCH 053/126] yara: add enableStatic mode

useful because tests can be enabled in this mode

(cherry picked from commit 8cda1cc59e7cd01ce2ff18bc78f6b7a0e7faed19)
---
 pkgs/tools/security/yara/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix
index 3d4411d9087..3eb5495d2c9 100644
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -10,6 +10,7 @@
 , enableDotNet ? true
 , enableMacho ? true
 , enableMagic ? true, file
+, enableStatic ? false
 }:
 
 stdenv.mkDerivation rec {
@@ -40,8 +41,11 @@ stdenv.mkDerivation rec {
     (lib.enableFeature enableDotNet "dotnet")
     (lib.enableFeature enableMacho "macho")
     (lib.enableFeature enableMagic "magic")
+    (lib.enableFeature enableStatic "static")
   ];
 
+  doCheck = enableStatic;
+
   meta = with lib; {
     description = "The pattern matching swiss knife for malware researchers";
     homepage = "http://Virustotal.github.io/yara/";

From d79039539356dbf2eba4538dcfe93fc37d233f4e Mon Sep 17 00:00:00 2001
From: Sandro <sandro.jaeckel@gmail.com>
Date: Tue, 1 Jun 2021 15:45:47 +0200
Subject: [PATCH 054/126] changelog: fix typo

(cherry picked from commit 8217ea50000728c55fe8b21454ca2572743d8302)
---
 nixos/doc/manual/release-notes/rl-2105.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 8e631d752cf..7412154bc34 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -786,7 +786,7 @@ environment.systemPackages = [
    <listitem>
     <para>
      In the <option>security.acme</option> module, use of <literal>--reuse-key</literal>
-     parameter  for Lego has been removed. It was introduced for HKPK, but this security
+     parameter for Lego has been removed. It was introduced for HKPK, but this security
      feature is now deprecated. It is a better security practice to rotate key pairs
      instead of always keeping the same. If you need to keep this parameter, you can add
      it back using <literal>extraLegoRenewFlags</literal> as an option for the

From 89e61ccf696a7de01bd2cc853dbcd301dbf84f0e Mon Sep 17 00:00:00 2001
From: Marco Sirabella <marco@sirabella.org>
Date: Thu, 27 May 2021 12:13:16 -0400
Subject: [PATCH 055/126] php.buildPecl: Add checkPhase

Also update phpPackages' to use NO_INTERACTION

(cherry picked from commit 3a66432f2616484c880b6daea2393bf1e9425a33)
---
 pkgs/build-support/build-pecl.nix | 1 +
 pkgs/top-level/php-packages.nix   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/build-support/build-pecl.nix b/pkgs/build-support/build-pecl.nix
index d75d3cf943a..d3a8cc54a14 100644
--- a/pkgs/build-support/build-pecl.nix
+++ b/pkgs/build-support/build-pecl.nix
@@ -33,4 +33,5 @@ stdenv.mkDerivation (args // {
       (dep: "mkdir -p ext; ln -s ${dep.dev}/include ext/${dep.extensionName}")
       internalDeps}
   '';
+  checkPhase = "NO_INTERACTON=yes make test";
 })
diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix
index 0f61402bb05..c59391ce290 100644
--- a/pkgs/top-level/php-packages.nix
+++ b/pkgs/top-level/php-packages.nix
@@ -235,7 +235,7 @@ lib.makeScope pkgs.newScope (self: with self; {
           (dep: "mkdir -p ext; ln -s ${dep.dev}/include ext/${dep.extensionName}")
           internalDeps}
       '';
-      checkPhase = "runHook preCheck; echo n | make test; runHook postCheck";
+      checkPhase = "runHook preCheck; NO_INTERACTON=yes make test; runHook postCheck";
       outputs = [ "out" "dev" ];
       installPhase = ''
         mkdir -p $out/lib/php/extensions

From 0121624e3b5dd4bd0b097211132328c7f7a8916c Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <pavol@rusnak.io>
Date: Mon, 31 May 2021 00:17:59 +0200
Subject: [PATCH 056/126] schismtracker: 20200412 -> 20210525

(cherry picked from commit 20b1b6e68ba4db1b39ac49280c0d83e811a5c19a)
---
 .../audio/schismtracker/default.nix             | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/pkgs/applications/audio/schismtracker/default.nix b/pkgs/applications/audio/schismtracker/default.nix
index 797d2c1d733..7e276e07224 100644
--- a/pkgs/applications/audio/schismtracker/default.nix
+++ b/pkgs/applications/audio/schismtracker/default.nix
@@ -1,16 +1,21 @@
-{ lib, stdenv, fetchFromGitHub
+{ lib
+, stdenv
+, fetchFromGitHub
 , autoreconfHook
-, alsaLib, python, SDL }:
+, alsaLib
+, python
+, SDL
+}:
 
 stdenv.mkDerivation rec {
   pname = "schismtracker";
-  version = "20200412";
+  version = "20210525";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = version;
-    sha256 = "1n6cgjiw3vkv7a1h1nki5syyjxjb6icknr9s049w2jrag10bxssn";
+    sha256 = "06ybkbqry7f7lmzgwb9s7ipafshl5gdj98lcjsjkcbnywj8r9b3h";
   };
 
   configureFlags = [ "--enable-dependency-tracking" ]
@@ -23,8 +28,8 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Music tracker application, free reimplementation of Impulse Tracker";
     homepage = "http://schismtracker.org/";
-    license = licenses.gpl2;
-    platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
+    license = licenses.gpl2Plus;
+    platforms = platforms.unix;
     maintainers = with maintainers; [ ftrvxmtrx ];
   };
 }

From 8c6a3a60e5e499236a9d0e64618afeae4d56cd79 Mon Sep 17 00:00:00 2001
From: Ben Wolsieffer <benwolsieffer@gmail.com>
Date: Sun, 30 May 2021 11:37:31 -0400
Subject: [PATCH 057/126] libccd: fix pkgconfig file paths

libccd has the common bug of assuming CMAKE_INSTALL_*DIR is relative. I have
submitted the fix upstream, but don't have much hope of getting it merged
because there have been no updates since 2018.

(cherry picked from commit 3d2092ab58fe83e89a3162728e9d4b733295b561)
---
 pkgs/development/libraries/libccd/default.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/libccd/default.nix b/pkgs/development/libraries/libccd/default.nix
index a9e0c2b3feb..c8e7c8af210 100644
--- a/pkgs/development/libraries/libccd/default.nix
+++ b/pkgs/development/libraries/libccd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, cmake }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake }:
 
 stdenv.mkDerivation rec {
   pname = "libccd";
@@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
     sha256 = "0sfmn5pd7k5kyhbxnd689xmsa5v843r7sska96dlysqpljd691jc";
   };
 
+  patches = [
+    # Fix pkgconfig file with absolute CMAKE_INSTALL_*DIR
+    # https://github.com/danfis/libccd/pull/76
+    (fetchpatch {
+      url = "https://github.com/danfis/libccd/commit/cd16c4f168ae308e4c77db66ac97a2eaf47e059e.patch";
+      sha256 = "02wj21c185kwf8bn4qi4cnna0ypzqm481xw9rr8jy1i0cb1r9idg";
+    })
+  ];
+
   nativeBuildInputs = [ cmake ];
 
   meta = with lib; {

From cd3aba49e9141d75abe3c7a1335f7e6522c923bb Mon Sep 17 00:00:00 2001
From: Jan Tojnar <jtojnar@gmail.com>
Date: Sun, 30 May 2021 23:46:01 +0200
Subject: [PATCH 058/126] =?UTF-8?q?ijq:=200.2.3=20=E2=86=92=200.3.4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://github.com/gpanders/ijq/compare/v0.2.3...v0.3.4
(cherry picked from commit 691a876749de1029f150b3ff7e23cf92403510a4)
---
 pkgs/development/tools/ijq/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/tools/ijq/default.nix b/pkgs/development/tools/ijq/default.nix
index 0b0af79301e..f3c0b6c7b1b 100644
--- a/pkgs/development/tools/ijq/default.nix
+++ b/pkgs/development/tools/ijq/default.nix
@@ -2,15 +2,15 @@
 
 buildGoModule rec {
   pname = "ijq";
-  version = "0.2.3";
+  version = "0.3.4";
 
   src = fetchgit {
     url = "https://git.sr.ht/~gpanders/ijq";
     rev = "v${version}";
-    sha256 = "14n54jh5387jf97zhc7aidn7w60zp5624xbvq4jdbsh96apg3bk1";
+    sha256 = "ZKxEK6SPxEC0S5yXSzITPn0HhpJa4Bcf9X8/N+ZZAeA=";
   };
 
-  vendorSha256 = "0xbni6lk6y3ig7pj2234fv7ra6b8qv0k8m3bvh59wwans8xpihzb";
+  vendorSha256 = "04KlXE2I8ZVDbyo9tBnFskLB6fo5W5/lPzSpo8KGqUU=";
 
   nativeBuildInputs = [ makeWrapper ];
 

From 047b146b74cfa8363ccef7b741b3500be5897857 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Tue, 1 Jun 2021 17:54:10 +0200
Subject: [PATCH 059/126] warzone2100: fix build

I'm not sure how the build broke[1] or how it worked before, but
the problem is zip is being used in place of p7zip, which obviously
fail as the flags have different meanings.

[1]: https://hydra.nixos.org/build/143354937

(cherry picked from commit 302d6b1b8b94f2082f9937d04e27c2aaefb93aa2)
---
 pkgs/games/warzone2100/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/games/warzone2100/default.nix b/pkgs/games/warzone2100/default.nix
index c0707ed5e86..7f2ad875d8c 100644
--- a/pkgs/games/warzone2100/default.nix
+++ b/pkgs/games/warzone2100/default.nix
@@ -3,7 +3,7 @@
 , fetchurl
 , cmake
 , ninja
-, zip
+, p7zip
 , pkg-config
 , asciidoctor
 , gettext
@@ -68,7 +68,7 @@ stdenv.mkDerivation rec {
     pkg-config
     cmake
     ninja
-    zip
+    p7zip
     asciidoctor
     gettext
     shaderc

From 1e157573849676d2a08fd711448e20603b9fd4d4 Mon Sep 17 00:00:00 2001
From: Nikolay Korotkiy <sikmir@gmail.com>
Date: Tue, 1 Jun 2021 03:46:28 +0300
Subject: [PATCH 060/126] =?UTF-8?q?stagit:=200.9.5=20=E2=86=92=200.9.6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit dd068ab0e09ffb311d1ab43a25f390497bd26810)
---
 pkgs/development/tools/stagit/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/tools/stagit/default.nix b/pkgs/development/tools/stagit/default.nix
index 85d64890180..cfbca202568 100644
--- a/pkgs/development/tools/stagit/default.nix
+++ b/pkgs/development/tools/stagit/default.nix
@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   pname = "stagit";
-  version = "0.9.5";
+  version = "0.9.6";
 
   src = fetchgit {
     url = "git://git.codemadness.org/stagit";
     rev = version;
-    sha256 = "1wlx5k0v464fr1ifjv04v7ccwb559s54xpsbxdda4whyx1v0fbq4";
+    sha256 = "sha256-0vkdxtKZv7LyEHKGPrB4uOI2lD74+haelEanq2sOjkE=";
   };
 
   makeFlags = [ "PREFIX=$(out)" ];

From 4a2d2ac6f1af1758c4a4c8ef27be76c78bd7ed1a Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 2 Jun 2021 01:17:41 +0200
Subject: [PATCH 061/126] botamusique: unstable-2021-05-19 ->
 unstable-2021-06-01

(cherry picked from commit dbb7e6bc8a6d35f8da7e74e5c47dce18a51955af)
---
 pkgs/tools/audio/botamusique/node-packages.nix | 2 +-
 pkgs/tools/audio/botamusique/src.json          | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/tools/audio/botamusique/node-packages.nix b/pkgs/tools/audio/botamusique/node-packages.nix
index 8857e1e76f9..c9bdb6f0097 100644
--- a/pkgs/tools/audio/botamusique/node-packages.nix
+++ b/pkgs/tools/audio/botamusique/node-packages.nix
@@ -4527,7 +4527,7 @@ let
     name = "botamusique";
     packageName = "botamusique";
     version = "0.0.0";
-    src = ../../../../../../../../../tmp/tmp.hWY9btrx5g;
+    src = ../../../../../../../../../tmp/tmp.UAoivnXH3n;
     dependencies = [
       sources."@babel/code-frame-7.10.4"
       sources."@babel/compat-data-7.12.7"
diff --git a/pkgs/tools/audio/botamusique/src.json b/pkgs/tools/audio/botamusique/src.json
index c7e61947460..d1337f5ae68 100644
--- a/pkgs/tools/audio/botamusique/src.json
+++ b/pkgs/tools/audio/botamusique/src.json
@@ -1,9 +1,9 @@
 {
   "url": "https://github.com/azlux/botamusique",
-  "rev": "33a9e75ba9d0a382f7a76d23a0ceb626924a8b49",
-  "date": "2021-05-19T22:37:39+08:00",
-  "path": "/nix/store/dqc2vjd43cixm49w8g66wvi9zmdfwsdd-botamusique",
-  "sha256": "18lbgslx9vdwd5nrbkqfjvzaikp2swvv375v9gql7cg8p46w7i11",
+  "rev": "ba02cdebf2e175dc371995361eafcb88ad2c1b52",
+  "date": "2021-06-01T23:39:44+02:00",
+  "path": "/nix/store/dp5vnj7zqv1sp1ab5xycvvqdpia9xb71-botamusique",
+  "sha256": "01d51y6h38hs4ynjgz050ryy14sp5y2c3n7f80mcv0a4ls8413qp",
   "fetchSubmodules": false,
   "deepClone": false,
   "leaveDotGit": false

From 8ab70f5edc1de3f0cfabca96399e504f14928211 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 2 Jun 2021 02:07:11 +0200
Subject: [PATCH 062/126] firefox-esr: 78.10.1esr -> 78.11.0esr

https://www.mozilla.org/en-US/firefox/78.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/
(cherry picked from commit f42ea75dec8fff9becbdf2094044485ec103dcd1)
---
 pkgs/applications/networking/browsers/firefox/packages.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix
index 05f2524f949..2fe567b6504 100644
--- a/pkgs/applications/networking/browsers/firefox/packages.nix
+++ b/pkgs/applications/networking/browsers/firefox/packages.nix
@@ -32,10 +32,10 @@ rec {
 
   firefox-esr-78 = common rec {
     pname = "firefox-esr";
-    ffversion = "78.10.1esr";
+    ffversion = "78.11.0esr";
     src = fetchurl {
       url = "mirror://mozilla/firefox/releases/${ffversion}/source/firefox-${ffversion}.source.tar.xz";
-      sha512 = "a22773d9b3f0dca253805257f358a906769d23f15115e3a8851024f701e27dee45f056f7d34ebf1fcde0a3f91ec299639c2a12556e938a232cdea9e59835fde1";
+      sha512 = "d02fc2eda587155b1c54ca12a6c5cde220a29f41f154f1c9b71ae8f966d8cc9439201a5b241e03fc0795b74e2479f7aa5d6b69f70b7639432e5382f321f7a6f4";
     };
 
     meta = {

From 32c5e04919862b40b4048402a0f395750b2df906 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Thu, 27 May 2021 09:59:49 +1000
Subject: [PATCH 063/126] docker: add clientOnly / docker-client

Currently the docker client is only available on non-linux platforms as `docker`,
this makes the client available on linux and other platforms as `docker-client`.

(cherry picked from commit 7233acd515546107e5902a8fef6832f4f319390c)
---
 pkgs/applications/virtualization/docker/default.nix | 9 +++++----
 pkgs/top-level/all-packages.nix                     | 1 +
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix
index 954404e5268..6b72653c347 100644
--- a/pkgs/applications/virtualization/docker/default.nix
+++ b/pkgs/applications/virtualization/docker/default.nix
@@ -17,6 +17,7 @@ rec {
       , btrfs-progs, iptables, e2fsprogs, xz, util-linux, xfsprogs, git
       , procps, libseccomp
       , nixosTests
+      , clientOnly ? !stdenv.isLinux
     }:
   let
     docker-runc = runc.overrideAttrs (oldAttrs: {
@@ -116,7 +117,7 @@ rec {
         ++ optional (libseccomp != null) "seccomp";
     });
   in
-    buildGoPackage ((optionalAttrs (stdenv.isLinux) {
+    buildGoPackage ((optionalAttrs (!clientOnly) {
 
     inherit docker-runc docker-containerd docker-proxy docker-tini moby;
 
@@ -137,7 +138,7 @@ rec {
     nativeBuildInputs = [
       makeWrapper pkg-config go-md2man go libtool installShellFiles
     ];
-    buildInputs = optionals (stdenv.isLinux) [
+    buildInputs = optionals (!clientOnly) [
       sqlite lvm2 btrfs-progs systemd libseccomp
     ] ++ optionals (buildxSupport) [ docker-buildx ];
 
@@ -177,7 +178,7 @@ rec {
 
       makeWrapper $out/libexec/docker/docker $out/bin/docker \
         --prefix PATH : "$out/libexec/docker:$extraPath"
-    '' + optionalString (stdenv.isLinux) ''
+    '' + optionalString (!clientOnly) ''
       # symlink docker daemon to docker cli derivation
       ln -s ${moby}/bin/dockerd $out/bin/dockerd
 
@@ -204,7 +205,7 @@ rec {
       installManPage man/*/*.[1-9]
     '';
 
-    passthru.tests = { inherit (nixosTests) docker; };
+    passthru.tests = lib.optionals (!clientOnly) { inherit (nixosTests) docker; };
 
     meta = {
       homepage = "https://www.docker.com/";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 9b9a0199fd6..6b690c6ccab 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -23020,6 +23020,7 @@ in
 
   docker = docker_20_10;
   docker-edge = docker_20_10;
+  docker-client = docker.override { clientOnly = true; };
 
   docker-proxy = callPackage ../applications/virtualization/docker/proxy.nix { };
 

From 2e0ff58c76608efa3fb81da9e7fc9eaae5b0222f Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Tue, 25 May 2021 15:03:49 +0200
Subject: [PATCH 064/126] dockerTools: Format

(cherry picked from commit 69de7cc12abfa1d0434750e5d346c299992a57ec)
---
 pkgs/build-support/docker/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 54eb13d38ff..5e66c81e4ff 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -786,7 +786,7 @@ rec {
     fakeRootCommands ? "",
     # We pick 100 to ensure there is plenty of room for extension. I
     # believe the actual maximum is 128.
-    maxLayers ? 100
+    maxLayers ? 100,
   }:
     assert
       (lib.assertMsg (maxLayers > 1)

From fb8409427c202e0686fe885251e6871a8a5f8ca8 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Tue, 25 May 2021 15:04:45 +0200
Subject: [PATCH 065/126] dockerTools: Allow omitting all store paths

Adds includeStorePaths, allowing the omission of the store paths.
You generally want to leave it on, but tooling may disable this
to insert the store paths more efficiently via other means, such
as bind mounting the host store.

(cherry picked from commit 5259d66b7487b94233821e28aafb0683ae3f1df6)
---
 nixos/tests/docker-tools.nix           | 14 ++++++++++++++
 pkgs/build-support/docker/default.nix  | 12 +++++++++++-
 pkgs/build-support/docker/examples.nix | 25 +++++++++++++++++++++++++
 3 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix
index 39b97b4cb99..831ef2fb77a 100644
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@@ -20,6 +20,20 @@ import ./make-test-python.nix ({ pkgs, ... }: {
 
     docker.wait_for_unit("sockets.target")
 
+    with subtest("includeStorePath"):
+        with subtest("assumption"):
+            docker.succeed("${examples.helloOnRoot} | docker load")
+            docker.succeed("set -euo pipefail; docker run --rm hello | grep -i hello")
+            docker.succeed("docker image rm hello:latest")
+        with subtest("includeStorePath = false; breaks example"):
+            docker.succeed("${examples.helloOnRootNoStore} | docker load")
+            docker.fail("set -euo pipefail; docker run --rm hello | grep -i hello")
+            docker.succeed("docker image rm hello:latest")
+        with subtest("includeStorePath = false; works with mounted store"):
+            docker.succeed("${examples.helloOnRootNoStore} | docker load")
+            docker.succeed("set -euo pipefail; docker run --rm --volume ${builtins.storeDir}:${builtins.storeDir}:ro hello | grep -i hello")
+            docker.succeed("docker image rm hello:latest")
+
     with subtest("Ensure Docker images use a stable date by default"):
         docker.succeed(
             "docker load --input='${examples.bash}'"
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 5e66c81e4ff..5bbf1b63f2b 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -37,6 +37,10 @@
 
 let
 
+  inherit (lib)
+    optionals
+    ;
+
   mkDbExtraCommand = contents: let
     contentsList = if builtins.isList contents then contents else [ contents ];
   in ''
@@ -787,6 +791,10 @@ rec {
     # We pick 100 to ensure there is plenty of room for extension. I
     # believe the actual maximum is 128.
     maxLayers ? 100,
+    # Whether to include store paths in the image. You generally want to leave
+    # this on, but tooling may disable this to insert the store paths more
+    # efficiently via other means, such as bind mounting the host store.
+    includeStorePaths ? true,
   }:
     assert
       (lib.assertMsg (maxLayers > 1)
@@ -834,7 +842,9 @@ rec {
         '';
       };
 
-      closureRoots = [ baseJson ] ++ contentsList;
+      closureRoots = optionals includeStorePaths /* normally true */ (
+        [ baseJson ] ++ contentsList
+      );
       overallClosure = writeText "closure" (lib.concatStringsSep " " closureRoots);
 
       # These derivations are only created as implementation details of docker-tools,
diff --git a/pkgs/build-support/docker/examples.nix b/pkgs/build-support/docker/examples.nix
index 7dbee38feeb..de90eab3ea1 100644
--- a/pkgs/build-support/docker/examples.nix
+++ b/pkgs/build-support/docker/examples.nix
@@ -516,4 +516,29 @@ rec {
     bash
     layeredImageWithFakeRootCommands
   ];
+
+  helloOnRoot = pkgs.dockerTools.streamLayeredImage {
+    name = "hello";
+    tag = "latest";
+    contents = [
+      (pkgs.buildEnv {
+        name = "hello-root";
+        paths = [ pkgs.hello ];
+      })
+    ];
+    config.Cmd = [ "hello" ];
+  };
+
+  helloOnRootNoStore = pkgs.dockerTools.streamLayeredImage {
+    name = "hello";
+    tag = "latest";
+    contents = [
+      (pkgs.buildEnv {
+        name = "hello-root";
+        paths = [ pkgs.hello ];
+      })
+    ];
+    config.Cmd = [ "hello" ];
+    includeStorePaths = false;
+  };
 }

From 2d5507fcd128374d528337e00369b6b7943a0e8b Mon Sep 17 00:00:00 2001
From: legendofmiracles <legendofmiracles@protonmail.com>
Date: Wed, 2 Jun 2021 00:48:03 -0600
Subject: [PATCH 066/126] matterbridge: 1.12.1 -> 1.12.2

(cherry picked from commit a08f23039cf98d5b8648e2c3d6b872b348bac9d9)
---
 pkgs/servers/matterbridge/default.nix | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkgs/servers/matterbridge/default.nix b/pkgs/servers/matterbridge/default.nix
index d6865df66cd..a3e898e048a 100644
--- a/pkgs/servers/matterbridge/default.nix
+++ b/pkgs/servers/matterbridge/default.nix
@@ -1,18 +1,18 @@
-{ lib, buildGoModule, fetchurl }:
+{ lib, buildGoModule, fetchFromGitHub }:
 
 buildGoModule rec {
   pname = "matterbridge";
-  version = "1.22.1";
+  version = "1.22.2";
+
+  src = fetchFromGitHub {
+    owner = "42wim";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-H6Cy6yvX57QLNfZPeansZv6IJ4uQVqr0h24QsAlrLx8=";
+  };
 
   vendorSha256 = null;
 
-  doCheck = false;
-
-  src = fetchurl {
-    url = "https://github.com/42wim/matterbridge/archive/v${version}.tar.gz";
-    sha256 = "sha256-yV805OWFNOxKIGd6t2kRcUzdB8xYWYHFK+W2u/QPTXg=";
-  };
-
   meta = with lib; {
     description = "Simple bridge between Mattermost, IRC, XMPP, Gitter, Slack, Discord, Telegram, Rocket.Chat, Hipchat(via xmpp), Matrix and Steam";
     homepage = "https://github.com/42wim/matterbridge";

From 508f877ab95fbec451e49a105407f7610bdd7279 Mon Sep 17 00:00:00 2001
From: cwyc <16950437+cwyc@users.noreply.github.com>
Date: Sat, 29 May 2021 15:52:57 -0400
Subject: [PATCH 067/126] antimony: add desktop item

(cherry picked from commit b80463f8d574bb4efff0392c94d63021c63916b9)
---
 .../graphics/antimony/default.nix             | 26 ++++++++++++++++++-
 .../graphics/antimony/mimetype.xml            |  7 +++++
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/applications/graphics/antimony/mimetype.xml

diff --git a/pkgs/applications/graphics/antimony/default.nix b/pkgs/applications/graphics/antimony/default.nix
index d92ad9998f2..8b482626c91 100644
--- a/pkgs/applications/graphics/antimony/default.nix
+++ b/pkgs/applications/graphics/antimony/default.nix
@@ -1,6 +1,7 @@
 { lib, stdenv, fetchFromGitHub, libpng, python3
 , libGLU, libGL, qtbase, wrapQtAppsHook, ncurses
 , cmake, flex, lemon
+, makeDesktopItem, copyDesktopItems
 }:
 
 let
@@ -27,12 +28,35 @@ in
        sed -i "s,python3,${python3.executable}," CMakeLists.txt
     '';
 
+    postInstall = lib.optionalString stdenv.isLinux ''
+      install -Dm644 $src/deploy/icon.svg $out/share/icons/hicolor/scalable/apps/antimony.svg
+      install -Dm644 ${./mimetype.xml} $out/share/mime/packages/antimony.xml
+    '';
+
     buildInputs = [
       libpng python3 python3.pkgs.boost
       libGLU libGL qtbase ncurses
     ];
 
-    nativeBuildInputs = [ cmake flex lemon wrapQtAppsHook ];
+    nativeBuildInputs = [ cmake flex lemon wrapQtAppsHook copyDesktopItems ];
+
+    desktopItems = [
+      (makeDesktopItem {
+        name = "antimony";
+        desktopName = "Antimony";
+        comment="Tree-based Modeler";
+        genericName = "CAD Application";
+        exec = "antimony %f";
+        icon = "antimony";
+        terminal = "false";
+        categories = "Graphics;Science;Engineering";
+        mimeType = "application/x-extension-sb;application/x-antimony;";
+        extraEntries = ''
+          StartupWMClass=antimony
+          Version=1.0
+        '';
+      })
+    ];
 
     cmakeFlags= [
       "-DGITREV=${gitRev}"
diff --git a/pkgs/applications/graphics/antimony/mimetype.xml b/pkgs/applications/graphics/antimony/mimetype.xml
new file mode 100644
index 00000000000..c6960fba9ab
--- /dev/null
+++ b/pkgs/applications/graphics/antimony/mimetype.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
+  <mime-type type="application/x-antimony">
+    <comment xml:lang="en">Antimony model</comment>
+    <glob pattern="*.sb"/>
+  </mime-type>
+</mime-info>

From 73f566b2add5839924107c92715d886e59df833d Mon Sep 17 00:00:00 2001
From: Mark Vainomaa <mikroskeem@mikroskeem.eu>
Date: Mon, 24 May 2021 14:03:37 +0300
Subject: [PATCH 068/126] maintainers: add mikroskeem

(cherry picked from commit f830b000fc8aafd14bf3151178919378584e87c9)
---
 maintainers/maintainer-list.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 202e166443a..e979e9efcf5 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -6587,6 +6587,16 @@
     githubId = 1387206;
     name = "Mike Sperber";
   };
+  mikroskeem = {
+    email = "mikroskeem@mikroskeem.eu";
+    github = "mikroskeem";
+    githubId = 3490861;
+    name = "Mark Vainomaa";
+    keys = [{
+      longkeyid = "rsa4096/0xDA015B05B5A11B22";
+      fingerprint = "DB43 2895 CF68 F0CE D4B7  EF60 DA01 5B05 B5A1 1B22";
+    }];
+  };
   milesbreslin = {
     email = "milesbreslin@gmail.com";
     github = "milesbreslin";

From d33aa3d0d34953152123c05d70dcfdab79617c10 Mon Sep 17 00:00:00 2001
From: Mark Vainomaa <mikroskeem@mikroskeem.eu>
Date: Mon, 24 May 2021 14:29:16 +0300
Subject: [PATCH 069/126] dnsname-cni: init at 1.1.1

(cherry picked from commit 5826e9020636c8ba3bc311294ce78b6466fd2b24)
---
 .../cluster/dnsname-cni/default.nix           | 32 +++++++++++++++++++
 .../dnsname-cni/hardcode-dnsmasq-path.patch   | 19 +++++++++++
 pkgs/top-level/all-packages.nix               |  2 ++
 3 files changed, 53 insertions(+)
 create mode 100644 pkgs/applications/networking/cluster/dnsname-cni/default.nix
 create mode 100644 pkgs/applications/networking/cluster/dnsname-cni/hardcode-dnsmasq-path.patch

diff --git a/pkgs/applications/networking/cluster/dnsname-cni/default.nix b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
new file mode 100644
index 00000000000..91ef8b68fb6
--- /dev/null
+++ b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
@@ -0,0 +1,32 @@
+{ buildGoModule, fetchFromGitHub, lib, dnsmasq }:
+
+buildGoModule rec {
+  pname = "cni-plugin-dnsname";
+  version = "1.1.1";
+
+  src = fetchFromGitHub {
+    owner = "containers";
+    repo = "dnsname";
+    rev = "v${version}";
+    sha256 = "090kpq2ppan9ayajdk5vwbvww30nphylgajn2p3441d4jg2nvsm3";
+  };
+
+  patches = [ ./hardcode-dnsmasq-path.patch ];
+
+  postPatch = ''
+    substituteInPlace plugins/meta/dnsname/service.go --replace '@DNSMASQ@' '${dnsmasq}/bin/dnsmasq'
+  '';
+
+  vendorSha256 = null;
+  subPackages = [ "plugins/meta/dnsname" ];
+
+  doCheck = false; # NOTE: requires root privileges
+
+  meta = with lib; {
+    description = "DNS name resolution for containers";
+    homepage = "https://github.com/containers/dnsname";
+    license = licenses.asl20;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ mikroskeem ];
+  };
+}
diff --git a/pkgs/applications/networking/cluster/dnsname-cni/hardcode-dnsmasq-path.patch b/pkgs/applications/networking/cluster/dnsname-cni/hardcode-dnsmasq-path.patch
new file mode 100644
index 00000000000..24ef5eb85d1
--- /dev/null
+++ b/pkgs/applications/networking/cluster/dnsname-cni/hardcode-dnsmasq-path.patch
@@ -0,0 +1,19 @@
+diff --git a/plugins/meta/dnsname/service.go b/plugins/meta/dnsname/service.go
+index fc05f75..f6b4caf 100644
+--- a/plugins/meta/dnsname/service.go
++++ b/plugins/meta/dnsname/service.go
+@@ -16,10 +16,14 @@ import (
+ 
+ // newDNSMasqFile creates a new instance of a dnsNameFile
+ func newDNSMasqFile(domainName, networkInterface, networkName string) (dnsNameFile, error) {
++	/*
+ 	dnsMasqBinary, err := exec.LookPath("dnsmasq")
+ 	if err != nil {
+ 		return dnsNameFile{}, errors.Errorf("the dnsmasq cni plugin requires the dnsmasq binary be in PATH")
+ 	}
++	*/
++	_ = errors.Errorf // XXX(mikroskeem): reduce diff
++	dnsMasqBinary := "@DNSMASQ@"
+ 	masqConf := dnsNameFile{
+ 		ConfigFile:       makePath(networkName, confFileName),
+ 		Domain:           domainName,
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 6b690c6ccab..abc4aee9dab 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -22851,6 +22851,8 @@ in
   cni = callPackage ../applications/networking/cluster/cni {};
   cni-plugins = callPackage ../applications/networking/cluster/cni/plugins.nix {};
 
+  dnsname-cni = callPackage ../applications/networking/cluster/dnsname-cni {};
+
   cntr = callPackage ../applications/virtualization/cntr { };
 
   communi = libsForQt5.callPackage ../applications/networking/irc/communi { };

From 0919b5c41961a5c5e70114694e149f9859f01649 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Wed, 26 May 2021 23:56:20 +0800
Subject: [PATCH 070/126] podman: add systemd to rpath

(cherry picked from commit ada45ac3aee664265759611d09443d549250bd70)
---
 pkgs/applications/virtualization/podman/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
index c8b8467def5..f392fd98c43 100644
--- a/pkgs/applications/virtualization/podman/default.nix
+++ b/pkgs/applications/virtualization/podman/default.nix
@@ -75,6 +75,11 @@ buildGoModule rec {
     runHook postInstall
   '';
 
+  postFixup = lib.optionalString stdenv.isLinux ''
+    RPATH=$(patchelf --print-rpath $out/bin/podman)
+    patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman
+  '';
+
   passthru.tests = { inherit (nixosTests) podman; };
 
   meta = with lib; {

From 17ba99dd686395191c4876049145c7801ccb4bb8 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Sun, 30 May 2021 11:14:03 +1000
Subject: [PATCH 071/126] podman: install cni config

(cherry picked from commit fd59022ee9eb8d08b65df563c65e4218a68fca3c)
---
 pkgs/applications/virtualization/podman/default.nix | 1 +
 pkgs/applications/virtualization/podman/wrapper.nix | 1 +
 2 files changed, 2 insertions(+)

diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
index f392fd98c43..c72a3577bf8 100644
--- a/pkgs/applications/virtualization/podman/default.nix
+++ b/pkgs/applications/virtualization/podman/default.nix
@@ -69,6 +69,7 @@ buildGoModule rec {
     installShellCompletion --zsh completions/zsh/*
     MANDIR=$man/share/man make install.man-nobuild
   '' + lib.optionalString stdenv.isLinux ''
+    install -Dm644 cni/87-podman-bridge.conflist -t $out/etc/cni/net.d
     install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
     install -Dm644 contrib/systemd/system/podman.{socket,service} -t $out/lib/systemd/system
   '' + ''
diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix
index ae163583e69..9f3e1943b56 100644
--- a/pkgs/applications/virtualization/podman/wrapper.nix
+++ b/pkgs/applications/virtualization/podman/wrapper.nix
@@ -48,6 +48,7 @@ in runCommand podman.name {
   ln -s ${podman.man} $man
 
   mkdir -p $out/bin
+  ln -s ${podman-unwrapped}/etc $out/etc
   ln -s ${podman-unwrapped}/lib $out/lib
   ln -s ${podman-unwrapped}/share $out/share
   makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \

From f63aff597b99ebf9c132dc01a712b0c54376ca5d Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Sun, 30 May 2021 11:15:02 +1000
Subject: [PATCH 072/126] nixos/podman: install cni config from package

(cherry picked from commit 30ae7e4ba983de461c7b71d02274d184ab55244d)
---
 nixos/modules/virtualisation/podman.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix
index d6421d488b8..d485f993fb3 100644
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, utils, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.virtualisation.podman;
   toml = pkgs.formats.toml { };
@@ -92,7 +92,7 @@ in
       environment.systemPackages = [ cfg.package ]
         ++ lib.optional cfg.dockerCompat dockerCompat;
 
-      environment.etc."cni/net.d/87-podman-bridge.conflist".source = utils.copyFile "${pkgs.podman-unwrapped.src}/cni/87-podman-bridge.conflist";
+      environment.etc."cni/net.d/87-podman-bridge.conflist".source = "${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist";
 
       virtualisation.containers = {
         enable = true; # Enable common /etc/containers configuration

From db05ed8b0d87d11535514e5b9853652bf33e7aca Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Tue, 25 May 2021 10:22:29 +0200
Subject: [PATCH 073/126] nixos/podman: Change podman socket to new podman
 group

(cherry picked from commit fb8b0a38433c8e83a53c1dc0a739c5a7ad64e2fc)
---
 nixos/modules/virtualisation/podman.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix
index d485f993fb3..05c9075fa73 100644
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@@ -111,8 +111,19 @@ in
       };
 
       systemd.sockets.podman.wantedBy = [ "sockets.target" ];
+      systemd.sockets.podman.socketConfig.SocketGroup = "podman";
 
-      systemd.tmpfiles.packages = [ cfg.package ];
+      systemd.tmpfiles.packages = [
+        # The /run/podman rule interferes with our podman group, so we remove
+        # it and let the systemd socket logic take care of it.
+        (pkgs.runCommand "podman-tmpfiles-nixos" { package = cfg.package; } ''
+          mkdir -p $out/lib/tmpfiles.d/
+          grep -v 'D! /run/podman 0700 root root' \
+            <$package/lib/tmpfiles.d/podman.conf \
+            >$out/lib/tmpfiles.d/podman.conf
+        '') ];
+
+      users.groups.podman = {};
 
       assertions = [
         {

From 0c5e6d0beab9c41c4795eb721fbd9d60889b9563 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Tue, 25 May 2021 10:26:28 +0200
Subject: [PATCH 074/126] nixos/podman: Add dockerSocket.enable

(cherry picked from commit ff4d83a66727ad13da0f51d00db4eda8a8c50590)
---
 nixos/modules/virtualisation/podman.nix | 25 +++++++++++++++++
 nixos/tests/podman.nix                  | 37 +++++++++++++++++++++++--
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix
index 05c9075fa73..076d28eb5ba 100644
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@@ -46,6 +46,20 @@ in
         '';
       };
 
+    dockerSocket.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Make the Podman socket available in place of the Docker socket, so
+        Docker tools can find the Podman socket.
+
+        Podman implements the Docker API.
+
+        Users must be in the <code>podman</code> group in order to connect. As
+        with Docker, members of this group can gain root access.
+      '';
+    };
+
     dockerCompat = mkOption {
       type = types.bool;
       default = false;
@@ -123,6 +137,11 @@ in
             >$out/lib/tmpfiles.d/podman.conf
         '') ];
 
+      systemd.tmpfiles.rules =
+        lib.optionals cfg.dockerSocket.enable [
+          "L! /run/docker.sock - - - - /run/podman/podman.sock"
+        ];
+
       users.groups.podman = {};
 
       assertions = [
@@ -130,6 +149,12 @@ in
           assertion = cfg.dockerCompat -> !config.virtualisation.docker.enable;
           message = "Option dockerCompat conflicts with docker";
         }
+        {
+          assertion = cfg.dockerSocket.enable -> !config.virtualisation.docker.enable;
+          message = ''
+            The options virtualisation.podman.dockerSocket.enable and virtualisation.docker.enable conflict, because only one can serve the socket.
+          '';
+        }
       ];
     }
   ]);
diff --git a/nixos/tests/podman.nix b/nixos/tests/podman.nix
index 6078a936ede..343ecbe14b2 100644
--- a/nixos/tests/podman.nix
+++ b/nixos/tests/podman.nix
@@ -13,10 +13,23 @@ import ./make-test-python.nix (
         {
           virtualisation.podman.enable = true;
 
+          # To test docker socket support
+          virtualisation.podman.dockerSocket.enable = true;
+          environment.systemPackages = [
+            pkgs.docker-client
+          ];
+
           users.users.alice = {
             isNormalUser = true;
             home = "/home/alice";
             description = "Alice Foobar";
+            extraGroups = [ "podman" ];
+          };
+
+          users.users.mallory = {
+            isNormalUser = true;
+            home = "/home/mallory";
+            description = "Mallory Foobar";
           };
 
         };
@@ -26,9 +39,9 @@ import ./make-test-python.nix (
       import shlex
 
 
-      def su_cmd(cmd):
+      def su_cmd(cmd, user = "alice"):
           cmd = shlex.quote(cmd)
-          return f"su alice -l -c {cmd}"
+          return f"su {user} -l -c {cmd}"
 
 
       podman.wait_for_unit("sockets.target")
@@ -105,6 +118,26 @@ import ./make-test-python.nix (
           assert pid == "1"
           pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip()
           assert pid == "2"
+
+      with subtest("A podman member can use the docker cli"):
+          podman.succeed(su_cmd("docker version"))
+
+      with subtest("Run container via docker cli"):
+          podman.succeed("docker network create default")
+          podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
+          podman.succeed(
+            "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
+          )
+          podman.succeed("docker ps | grep sleeping")
+          podman.succeed("podman ps | grep sleeping")
+          podman.succeed("docker stop sleeping")
+          podman.succeed("docker rm sleeping")
+
+      with subtest("A podman non-member can not use the docker cli"):
+          podman.fail(su_cmd("docker version", user="mallory"))
+
+      # TODO: add docker-compose test
+
     '';
   }
 )

From ffde2bb4a1cafa60290364cb9d2233d1af983bed Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Tue, 25 May 2021 10:16:30 +0200
Subject: [PATCH 075/126] nixos/podman: Add generic networkSocket interface

(cherry picked from commit 52844efcd67028a481a24103d8e93c7ef2bf4f08)
---
 .../virtualisation/podman-network-socket.nix  | 91 +++++++++++++++++++
 nixos/modules/virtualisation/podman.nix       |  1 +
 2 files changed, 92 insertions(+)
 create mode 100644 nixos/modules/virtualisation/podman-network-socket.nix

diff --git a/nixos/modules/virtualisation/podman-network-socket.nix b/nixos/modules/virtualisation/podman-network-socket.nix
new file mode 100644
index 00000000000..1429164630b
--- /dev/null
+++ b/nixos/modules/virtualisation/podman-network-socket.nix
@@ -0,0 +1,91 @@
+{ config, lib, pkg, ... }:
+let
+  inherit (lib)
+    mkOption
+    types
+    ;
+
+  cfg = config.virtualisation.podman.networkSocket;
+
+in
+{
+  options.virtualisation.podman.networkSocket = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Make the Podman and Docker compatibility API available over the network
+        with TLS client certificate authentication.
+
+        This allows Docker clients to connect with the equivalents of the Docker
+        CLI <code>-H</code> and <code>--tls*</code> family of options.
+
+        For certificate setup, see https://docs.docker.com/engine/security/protect-access/
+
+        This option is independent of <xref linkend="opt-virtualisation.podman.dockerSocket.enable"/>.
+      '';
+    };
+
+    server = mkOption {
+      type = types.enum [];
+      description = ''
+        Choice of TLS proxy server.
+      '';
+      example = "ghostunnel";
+    };
+
+    openFirewall = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to open the port in the firewall.
+      '';
+    };
+
+    tls.cacert = mkOption {
+      type = types.path;
+      description = ''
+        Path to CA certificate to use for client authentication.
+      '';
+    };
+
+    tls.cert = mkOption {
+      type = types.path;
+      description = ''
+        Path to certificate describing the server.
+      '';
+    };
+
+    tls.key = mkOption {
+      type = types.path;
+      description = ''
+        Path to the private key corresponding to the server certificate.
+
+        Use a string for this setting. Otherwise it will be copied to the Nix
+        store first, where it is readable by any system process.
+      '';
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 2376;
+      description = ''
+        TCP port number for receiving TLS connections.
+      '';
+    };
+    listenAddress = mkOption {
+      type = types.str;
+      default = "0.0.0.0";
+      description = ''
+        Interface address for receiving TLS connections.
+      '';
+    };
+  };
+
+  config = {
+    networking.firewall.allowedTCPPorts =
+      lib.optional (cfg.enable && cfg.openFirewall) cfg.port;
+  };
+
+  meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
+}
diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix
index 076d28eb5ba..b16afb66894 100644
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@@ -25,6 +25,7 @@ let
 in
 {
   imports = [
+    ./podman-network-socket.nix
     (lib.mkRenamedOptionModule [ "virtualisation" "podman" "libpod" ] [ "virtualisation" "containers" "containersConf" ])
   ];
 

From 833b005e3796ebd3ca7985d19d7ad458b4d891e5 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Tue, 25 May 2021 10:15:22 +0200
Subject: [PATCH 076/126] nixos/podman-network-socket-ghostunnel: init

(cherry picked from commit b6570e723836167640c9b7efc63f327ff17b0755)
---
 nixos/modules/module-list.nix                 |   1 +
 .../podman-network-socket-ghostunnel.nix      |  34 ++++
 nixos/tests/all-tests.nix                     |   1 +
 nixos/tests/podman-tls-ghostunnel.nix         | 150 ++++++++++++++++++
 .../virtualization/podman/default.nix         |   6 +-
 5 files changed, 191 insertions(+), 1 deletion(-)
 create mode 100644 nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix
 create mode 100644 nixos/tests/podman-tls-ghostunnel.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 7a0a90f4bd2..326428b95c3 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1111,6 +1111,7 @@
   ./virtualisation/openvswitch.nix
   ./virtualisation/parallels-guest.nix
   ./virtualisation/podman.nix
+  ./virtualisation/podman-network-socket-ghostunnel.nix
   ./virtualisation/qemu-guest-agent.nix
   ./virtualisation/railcar.nix
   ./virtualisation/spice-usb-redirection.nix
diff --git a/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix b/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix
new file mode 100644
index 00000000000..1f1ada7f089
--- /dev/null
+++ b/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkg, ... }:
+let
+  inherit (lib)
+    mkOption
+    types
+    ;
+
+  cfg = config.virtualisation.podman.networkSocket;
+
+in
+{
+  options.virtualisation.podman.networkSocket = {
+    server = mkOption {
+      type = types.enum [ "ghostunnel" ];
+    };
+  };
+
+  config = {
+
+    services.ghostunnel = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") {
+      enable = true;
+      servers."podman-socket" = {
+        inherit (cfg.tls) cert key cacert;
+        listen = "${cfg.listenAddress}:${toString cfg.port}";
+        target = "unix:/run/podman/podman.sock";
+        allowAll = lib.mkDefault true;
+      };
+    };
+    systemd.services.ghostunnel-server-podman-socket.serviceConfig.SupplementaryGroups = ["podman"];
+
+  };
+
+  meta.maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index e3f92ce451c..7f0a987f89c 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -334,6 +334,7 @@ in
   plotinus = handleTest ./plotinus.nix {};
   podgrab = handleTest ./podgrab.nix {};
   podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
+  podman-tls-ghostunnel = handleTestOn ["x86_64-linux"] ./podman-tls-ghostunnel.nix {};
   pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
   postfix = handleTest ./postfix.nix {};
   postfix-raise-smtpd-tls-security-level = handleTest ./postfix-raise-smtpd-tls-security-level.nix {};
diff --git a/nixos/tests/podman-tls-ghostunnel.nix b/nixos/tests/podman-tls-ghostunnel.nix
new file mode 100644
index 00000000000..0e687b199b2
--- /dev/null
+++ b/nixos/tests/podman-tls-ghostunnel.nix
@@ -0,0 +1,150 @@
+/*
+  This test runs podman as a backend for the Docker CLI.
+ */
+import ./make-test-python.nix (
+  { pkgs, lib, ... }:
+
+  let gen-ca = pkgs.writeScript "gen-ca" ''
+    # Create CA
+    PATH="${pkgs.openssl}/bin:$PATH"
+    openssl genrsa -out ca-key.pem 4096
+    openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca.pem
+
+    # Create service
+    openssl genrsa -out podman-key.pem 4096
+    openssl req -subj '/CN=podman' -sha256 -new -key podman-key.pem -out service.csr
+    echo subjectAltName = DNS:podman,IP:127.0.0.1 >> extfile.cnf
+    echo extendedKeyUsage = serverAuth >> extfile.cnf
+    openssl x509 -req -days 365 -sha256 -in service.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out podman-cert.pem -extfile extfile.cnf
+
+    # Create client
+    openssl genrsa -out client-key.pem 4096
+    openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
+    echo extendedKeyUsage = clientAuth > extfile-client.cnf
+    openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -extfile extfile-client.cnf
+
+    # Create CA 2
+    PATH="${pkgs.openssl}/bin:$PATH"
+    openssl genrsa -out ca-2-key.pem 4096
+    openssl req -new -x509 -days 365 -key ca-2-key.pem -sha256 -subj '/C=NL/ST=Zuid-Holland/L=The Hague/O=Stevige Balken en Planken B.V./OU=OpSec/CN=Certificate Authority' -out ca-2.pem
+
+    # Create client signed by CA 2
+    openssl genrsa -out client-2-key.pem 4096
+    openssl req -subj '/CN=client' -new -key client-2-key.pem -out client-2.csr
+    echo extendedKeyUsage = clientAuth > extfile-client.cnf
+    openssl x509 -req -days 365 -sha256 -in client-2.csr -CA ca-2.pem -CAkey ca-2-key.pem -CAcreateserial -out client-2-cert.pem -extfile extfile-client.cnf
+
+    '';
+  in
+  {
+    name = "podman-tls-ghostunnel";
+    meta = {
+      maintainers = lib.teams.podman.members ++ [ lib.maintainers.roberth ];
+    };
+
+    nodes = {
+      podman =
+        { pkgs, ... }:
+        {
+          virtualisation.podman.enable = true;
+          virtualisation.podman.dockerSocket.enable = true;
+          virtualisation.podman.networkSocket = {
+            enable = true;
+            openFirewall = true;
+            server = "ghostunnel";
+            tls.cert = "/root/podman-cert.pem";
+            tls.key = "/root/podman-key.pem";
+            tls.cacert = "/root/ca.pem";
+          };
+
+          environment.systemPackages = [
+            pkgs.docker-client
+          ];
+
+          users.users.alice = {
+            isNormalUser = true;
+            home = "/home/alice";
+            description = "Alice Foobar";
+            extraGroups = ["podman"];
+          };
+
+        };
+
+      client = { ... }: {
+        environment.systemPackages = [
+          # Installs the docker _client_ only
+          # Normally, you'd want `virtualisation.docker.enable = true;`.
+          pkgs.docker-client
+        ];
+        environment.variables.DOCKER_HOST = "podman:2376";
+        environment.variables.DOCKER_TLS_VERIFY = "1";
+      };
+    };
+
+    testScript = ''
+      import shlex
+
+
+      def su_cmd(user, cmd):
+          cmd = shlex.quote(cmd)
+          return f"su {user} -l -c {cmd}"
+
+      def cmd(command):
+        print(f"+{command}")
+        r = os.system(command)
+        if r != 0:
+          raise Exception(f"Command {command} failed with exit code {r}")
+
+      start_all()
+      cmd("${gen-ca}")
+
+      podman.copy_from_host("ca.pem", "/root/ca.pem")
+      podman.copy_from_host("podman-cert.pem", "/root/podman-cert.pem")
+      podman.copy_from_host("podman-key.pem", "/root/podman-key.pem")
+
+      client.copy_from_host("ca.pem", "/root/.docker/ca.pem")
+      # client.copy_from_host("podman-cert.pem", "/root/podman-cert.pem")
+      client.copy_from_host("client-cert.pem", "/root/.docker/cert.pem")
+      client.copy_from_host("client-key.pem", "/root/.docker/key.pem")
+
+      # TODO (ghostunnel): add file watchers so the restart isn't necessary
+      podman.succeed("systemctl reset-failed && systemctl restart ghostunnel-server-podman-socket.service")
+
+      podman.wait_for_unit("sockets.target")
+      podman.wait_for_unit("ghostunnel-server-podman-socket.service")
+
+      with subtest("Create default network"):
+          podman.succeed("docker network create default")
+
+      with subtest("Root docker cli also works"):
+          podman.succeed("docker version")
+
+      with subtest("A podman member can also still use the docker cli"):
+          podman.succeed(su_cmd("alice", "docker version"))
+
+      with subtest("Run container remotely via docker cli"):
+          client.succeed("docker version")
+
+          # via socket would be nicer
+          podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
+
+          client.succeed(
+            "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
+          )
+          client.succeed("docker ps | grep sleeping")
+          podman.succeed("docker ps | grep sleeping")
+          client.succeed("docker stop sleeping")
+          client.succeed("docker rm sleeping")
+
+      with subtest("Clients without cert will be denied"):
+          client.succeed("rm /root/.docker/{cert,key}.pem")
+          client.fail("docker version")
+
+      with subtest("Clients with wrong cert will be denied"):
+          client.copy_from_host("client-2-cert.pem", "/root/.docker/cert.pem")
+          client.copy_from_host("client-2-key.pem", "/root/.docker/key.pem")
+          client.fail("docker version")
+
+    '';
+  }
+)
diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
index c72a3577bf8..6c518ab8934 100644
--- a/pkgs/applications/virtualization/podman/default.nix
+++ b/pkgs/applications/virtualization/podman/default.nix
@@ -81,7 +81,11 @@ buildGoModule rec {
     patchelf --set-rpath "${lib.makeLibraryPath [ systemd ]}":$RPATH $out/bin/podman
   '';
 
-  passthru.tests = { inherit (nixosTests) podman; };
+  passthru.tests = {
+    inherit (nixosTests) podman;
+    # related modules
+    inherit (nixosTests) podman-tls-ghostunnel;
+  };
 
   meta = with lib; {
     homepage = "https://podman.io/";

From 29ee113277541edadc946b8f3c3dbce388195b7f Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Tue, 25 May 2021 17:39:23 +0200
Subject: [PATCH 077/126] podman: Add iproute2, fixing docker network rm

(cherry picked from commit db31d8354d9c1988968f076c4e01843330162e03)
---
 nixos/tests/podman.nix                              | 1 +
 pkgs/applications/virtualization/podman/wrapper.nix | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/nixos/tests/podman.nix b/nixos/tests/podman.nix
index 343ecbe14b2..7eae575fd7f 100644
--- a/nixos/tests/podman.nix
+++ b/nixos/tests/podman.nix
@@ -132,6 +132,7 @@ import ./make-test-python.nix (
           podman.succeed("podman ps | grep sleeping")
           podman.succeed("docker stop sleeping")
           podman.succeed("docker rm sleeping")
+          podman.succeed("docker network rm default")
 
       with subtest("A podman non-member can not use the docker cli"):
           podman.fail(su_cmd("docker version", user="mallory"))
diff --git a/pkgs/applications/virtualization/podman/wrapper.nix b/pkgs/applications/virtualization/podman/wrapper.nix
index 9f3e1943b56..c9ec18593df 100644
--- a/pkgs/applications/virtualization/podman/wrapper.nix
+++ b/pkgs/applications/virtualization/podman/wrapper.nix
@@ -12,6 +12,7 @@
 , util-linux # nsenter
 , cni-plugins # not added to path
 , iptables
+, iproute2
 }:
 
 let
@@ -25,6 +26,7 @@ let
     fuse-overlayfs
     util-linux
     iptables
+    iproute2
   ] ++ extraPackages);
 
 in runCommand podman.name {

From 03e08759f7bb0dc34e2df35a2bb952f20b780fb5 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Mon, 31 May 2021 08:32:21 +0200
Subject: [PATCH 078/126] dnsname-cni: Use wrapper instead of patch for dnsmasq

The patch proved to be an incomplete solution while developing
nixosTests.podman-dnsname

(cherry picked from commit 651777934941480a36f7df9c434e6044957d045d)
---
 .../cluster/dnsname-cni/default.nix           | 16 +++++++++++-----
 .../dnsname-cni/hardcode-dnsmasq-path.patch   | 19 -------------------
 2 files changed, 11 insertions(+), 24 deletions(-)
 delete mode 100644 pkgs/applications/networking/cluster/dnsname-cni/hardcode-dnsmasq-path.patch

diff --git a/pkgs/applications/networking/cluster/dnsname-cni/default.nix b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
index 91ef8b68fb6..2770617db7e 100644
--- a/pkgs/applications/networking/cluster/dnsname-cni/default.nix
+++ b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
@@ -1,4 +1,11 @@
-{ buildGoModule, fetchFromGitHub, lib, dnsmasq }:
+{
+  buildGoModule,
+  dnsmasq,
+  fetchFromGitHub,
+  lib,
+  nixosTests,
+  makeWrapper,
+}:
 
 buildGoModule rec {
   pname = "cni-plugin-dnsname";
@@ -11,10 +18,9 @@ buildGoModule rec {
     sha256 = "090kpq2ppan9ayajdk5vwbvww30nphylgajn2p3441d4jg2nvsm3";
   };
 
-  patches = [ ./hardcode-dnsmasq-path.patch ];
-
-  postPatch = ''
-    substituteInPlace plugins/meta/dnsname/service.go --replace '@DNSMASQ@' '${dnsmasq}/bin/dnsmasq'
+  nativeBuildInputs = [ makeWrapper ];
+  postInstall = ''
+    wrapProgram $out/bin/dnsname --prefix PATH : ${lib.makeBinPath [ dnsmasq ]}
   '';
 
   vendorSha256 = null;
diff --git a/pkgs/applications/networking/cluster/dnsname-cni/hardcode-dnsmasq-path.patch b/pkgs/applications/networking/cluster/dnsname-cni/hardcode-dnsmasq-path.patch
deleted file mode 100644
index 24ef5eb85d1..00000000000
--- a/pkgs/applications/networking/cluster/dnsname-cni/hardcode-dnsmasq-path.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/plugins/meta/dnsname/service.go b/plugins/meta/dnsname/service.go
-index fc05f75..f6b4caf 100644
---- a/plugins/meta/dnsname/service.go
-+++ b/plugins/meta/dnsname/service.go
-@@ -16,10 +16,14 @@ import (
- 
- // newDNSMasqFile creates a new instance of a dnsNameFile
- func newDNSMasqFile(domainName, networkInterface, networkName string) (dnsNameFile, error) {
-+	/*
- 	dnsMasqBinary, err := exec.LookPath("dnsmasq")
- 	if err != nil {
- 		return dnsNameFile{}, errors.Errorf("the dnsmasq cni plugin requires the dnsmasq binary be in PATH")
- 	}
-+	*/
-+	_ = errors.Errorf // XXX(mikroskeem): reduce diff
-+	dnsMasqBinary := "@DNSMASQ@"
- 	masqConf := dnsNameFile{
- 		ConfigFile:       makePath(networkName, confFileName),
- 		Domain:           domainName,

From f28df17dfa98b32737bd309e71d7ca04bf6722e7 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 27 May 2021 13:00:09 +0200
Subject: [PATCH 079/126] nixos/containers: Add
 virtualisation.containers.containersConf.cniPlugins

(cherry picked from commit efba949352271ec77d9d5e7d54f2d16b9c53ee4f)
---
 nixos/modules/virtualisation/containers.nix | 22 ++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 3974caf2233..45d4f877ae5 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -48,6 +48,23 @@ in
       description = "containers.conf configuration";
     };
 
+    containersConf.cniPlugins = mkOption {
+      type = types.listOf types.package;
+      defaultText = ''
+        [
+          pkgs.cni-plugins
+        ]
+      '';
+      example = lib.literalExample ''
+        [
+          pkgs.cniPlugins.dnsname
+        ]
+      '';
+      description = ''
+        CNI plugins to install on the system.
+      '';
+    };
+
     registries = {
       search = mkOption {
         type = types.listOf types.str;
@@ -97,8 +114,11 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+
+    virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ];
+
     virtualisation.containers.containersConf.settings = {
-      network.cni_plugin_dirs = [ "${pkgs.cni-plugins}/bin/" ];
+      network.cni_plugin_dirs = map (p: "${lib.getBin p}/bin") cfg.containersConf.cniPlugins;
       engine = {
         init_path = "${pkgs.catatonit}/bin/catatonit";
       } // lib.optionalAttrs cfg.ociSeccompBpfHook.enable {

From 9e4729617b0c2b47ca1ef8b256cd361e6cee5f04 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 27 May 2021 16:19:01 +0200
Subject: [PATCH 080/126] nixos/podman: Add defaultNetwork.extraPlugins

(cherry picked from commit d81631fb98ea35b107d86f5de287cf727d0dfc18)
---
 nixos/modules/virtualisation/podman.nix | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix
index b16afb66894..ee9565abc24 100644
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@@ -2,6 +2,7 @@
 let
   cfg = config.virtualisation.podman;
   toml = pkgs.formats.toml { };
+  json = pkgs.formats.json { };
 
   inherit (lib) mkOption types;
 
@@ -22,6 +23,19 @@ let
     done
   '';
 
+  net-conflist = pkgs.runCommand "87-podman-bridge.conflist" {
+    nativeBuildInputs = [ pkgs.jq ];
+    extraPlugins = builtins.toJSON cfg.defaultNetwork.extraPlugins;
+    jqScript = ''
+      . + { "plugins": (.plugins + $extraPlugins) }
+    '';
+  } ''
+    jq <${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist \
+      --argjson extraPlugins "$extraPlugins" \
+      "$jqScript" \
+      >$out
+  '';
+
 in
 {
   imports = [
@@ -99,6 +113,13 @@ in
       '';
     };
 
+    defaultNetwork.extraPlugins = lib.mkOption {
+      type = types.listOf json.type;
+      default = [];
+      description = ''
+        Extra CNI plugin configurations to add to podman's default network.
+      '';
+    };
 
   };
 
@@ -107,7 +128,7 @@ in
       environment.systemPackages = [ cfg.package ]
         ++ lib.optional cfg.dockerCompat dockerCompat;
 
-      environment.etc."cni/net.d/87-podman-bridge.conflist".source = "${cfg.package}/etc/cni/net.d/87-podman-bridge.conflist";
+      environment.etc."cni/net.d/87-podman-bridge.conflist".source = net-conflist;
 
       virtualisation.containers = {
         enable = true; # Enable common /etc/containers configuration

From c758b6937516cbd761a53ba90deb60b16d9cd568 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 27 May 2021 16:22:28 +0200
Subject: [PATCH 081/126] nixos/podman-dnsname: init

(cherry picked from commit 54f2f1e5f1c7fd34e564a84443e8490477e26eb7)
---
 .../modules/virtualisation/podman-dnsname.nix | 36 ++++++++++++++++
 nixos/modules/virtualisation/podman.nix       |  1 +
 nixos/tests/all-tests.nix                     |  1 +
 nixos/tests/podman-dnsname.nix                | 42 +++++++++++++++++++
 .../cluster/dnsname-cni/default.nix           |  4 ++
 5 files changed, 84 insertions(+)
 create mode 100644 nixos/modules/virtualisation/podman-dnsname.nix
 create mode 100644 nixos/tests/podman-dnsname.nix

diff --git a/nixos/modules/virtualisation/podman-dnsname.nix b/nixos/modules/virtualisation/podman-dnsname.nix
new file mode 100644
index 00000000000..beef1975507
--- /dev/null
+++ b/nixos/modules/virtualisation/podman-dnsname.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+let
+  inherit (lib)
+    mkOption
+    mkIf
+    types
+    ;
+
+  cfg = config.virtualisation.podman;
+
+in
+{
+  options = {
+    virtualisation.podman = {
+
+      defaultNetwork.dnsname.enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable DNS resolution in the default podman network.
+        '';
+      };
+
+    };
+  };
+
+  config = {
+    virtualisation.containers.containersConf.cniPlugins = mkIf cfg.defaultNetwork.dnsname.enable [ pkgs.dnsname-cni ];
+    virtualisation.podman.defaultNetwork.extraPlugins =
+      lib.optional cfg.defaultNetwork.dnsname.enable {
+        type = "dnsname";
+        domainName = "dns.podman";
+        capabilities.aliases = true;
+      };
+  };
+}
diff --git a/nixos/modules/virtualisation/podman.nix b/nixos/modules/virtualisation/podman.nix
index ee9565abc24..e245004e04a 100644
--- a/nixos/modules/virtualisation/podman.nix
+++ b/nixos/modules/virtualisation/podman.nix
@@ -39,6 +39,7 @@ let
 in
 {
   imports = [
+    ./podman-dnsname.nix
     ./podman-network-socket.nix
     (lib.mkRenamedOptionModule [ "virtualisation" "podman" "libpod" ] [ "virtualisation" "containers" "containersConf" ])
   ];
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 7f0a987f89c..917d2f54efe 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -334,6 +334,7 @@ in
   plotinus = handleTest ./plotinus.nix {};
   podgrab = handleTest ./podgrab.nix {};
   podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
+  podman-dnsname = handleTestOn ["x86_64-linux"] ./podman-dnsname.nix {};
   podman-tls-ghostunnel = handleTestOn ["x86_64-linux"] ./podman-tls-ghostunnel.nix {};
   pomerium = handleTestOn ["x86_64-linux"] ./pomerium.nix {};
   postfix = handleTest ./postfix.nix {};
diff --git a/nixos/tests/podman-dnsname.nix b/nixos/tests/podman-dnsname.nix
new file mode 100644
index 00000000000..dd352f754dc
--- /dev/null
+++ b/nixos/tests/podman-dnsname.nix
@@ -0,0 +1,42 @@
+import ./make-test-python.nix (
+  { pkgs, lib, ... }:
+  let
+    inherit (pkgs) writeTextDir python3 curl;
+    webroot = writeTextDir "index.html" "<h1>Hi</h1>";
+  in
+  {
+    name = "podman-dnsname";
+    meta = {
+      maintainers = with lib.maintainers; [ roberth ] ++ lib.teams.podman.members;
+    };
+
+    nodes = {
+      podman = { pkgs, ... }: {
+        virtualisation.podman.enable = true;
+        virtualisation.podman.defaultNetwork.dnsname.enable = true;
+      };
+    };
+
+    testScript = ''
+      podman.wait_for_unit("sockets.target")
+
+      with subtest("DNS works"): # also tests inter-container tcp routing
+        podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
+        podman.succeed(
+          "podman run -d --name=webserver -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin -w ${webroot} scratchimg ${python3}/bin/python -m http.server 8000"
+        )
+        podman.succeed("podman ps | grep webserver")
+        podman.succeed("""
+          for i in `seq 0 120`; do
+            podman run --rm --name=client -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg ${curl}/bin/curl http://webserver:8000 >/dev/console \
+              && exit 0
+            sleep 0.5
+          done
+          exit 1
+        """)
+        podman.succeed("podman stop webserver")
+        podman.succeed("podman rm webserver")
+
+    '';
+  }
+)
diff --git a/pkgs/applications/networking/cluster/dnsname-cni/default.nix b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
index 2770617db7e..27b37fdee0c 100644
--- a/pkgs/applications/networking/cluster/dnsname-cni/default.nix
+++ b/pkgs/applications/networking/cluster/dnsname-cni/default.nix
@@ -28,6 +28,10 @@ buildGoModule rec {
 
   doCheck = false; # NOTE: requires root privileges
 
+  passthru.tests = {
+    inherit (nixosTests) podman-dnsname;
+  };
+
   meta = with lib; {
     description = "DNS name resolution for containers";
     homepage = "https://github.com/containers/dnsname";

From eeefa0a65d69e9761a18e58f25b91f08e65686ad Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Mon, 31 May 2021 09:40:04 +0200
Subject: [PATCH 082/126] podman: Add nixosTests.podman-dnsname to tests

(cherry picked from commit 1d781e5c80d3c392933479a114e9e3857a1d9529)
---
 pkgs/applications/virtualization/podman/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkgs/applications/virtualization/podman/default.nix b/pkgs/applications/virtualization/podman/default.nix
index 6c518ab8934..10a6d726aef 100644
--- a/pkgs/applications/virtualization/podman/default.nix
+++ b/pkgs/applications/virtualization/podman/default.nix
@@ -84,7 +84,10 @@ buildGoModule rec {
   passthru.tests = {
     inherit (nixosTests) podman;
     # related modules
-    inherit (nixosTests) podman-tls-ghostunnel;
+    inherit (nixosTests)
+      podman-tls-ghostunnel
+      podman-dnsname
+      ;
   };
 
   meta = with lib; {

From 0684f78698e9f565254f8ce0d737b544cb892bf8 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Mon, 31 May 2021 22:57:39 +1000
Subject: [PATCH 083/126] nixos/podman-network-socket-ghostunnel: move
 condition to include socket

(cherry picked from commit 72f54c32a6114a69caec30170a29837c91434aff)
---
 .../virtualisation/podman-network-socket-ghostunnel.nix       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix b/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix
index 1f1ada7f089..a0e7e433164 100644
--- a/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix
+++ b/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix
@@ -15,9 +15,9 @@ in
     };
   };
 
-  config = {
+  config = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") {
 
-    services.ghostunnel = lib.mkIf (cfg.enable && cfg.server == "ghostunnel") {
+    services.ghostunnel = {
       enable = true;
       servers."podman-socket" = {
         inherit (cfg.tls) cert key cacert;

From 5dfad380ada8c7a30797472818d393242472a9db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 26 May 2021 23:25:55 +0200
Subject: [PATCH 084/126] containerd: fix checksum

---
 pkgs/applications/virtualization/containerd/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/virtualization/containerd/default.nix b/pkgs/applications/virtualization/containerd/default.nix
index fa504511513..5435c88f58d 100644
--- a/pkgs/applications/virtualization/containerd/default.nix
+++ b/pkgs/applications/virtualization/containerd/default.nix
@@ -16,7 +16,7 @@ buildGoPackage rec {
     owner = "containerd";
     repo = "containerd";
     rev = "v${version}";
-    sha256 = "sha256-1u+H/gJaQhltf/pq7uaAPEUlQ5R6ZByall2neNkon8s=";
+    sha256 = "sha256-jVyg+fyMuDnV/TM0Z2t+Cr17a6XBv11aWijhsqMnA5s=";
   };
 
   goPackagePath = "github.com/containerd/containerd";

From 0894deca29135de401bfe59f010a04e5c6a81d1a Mon Sep 17 00:00:00 2001
From: Thomas Depierre <depierre.thomas@gmail.com>
Date: Mon, 17 May 2021 10:09:51 +0200
Subject: [PATCH 085/126] beam-packages: drop erlang R18 R19 R20 and cuter

(cherry picked from commit f55c3e2f21073be564fed477847ad5bd649c9fb9)
---
 doc/languages-frameworks/beam.section.md      |  4 +-
 nixos/doc/manual/release-notes/rl-2105.xml    |  8 ++++
 pkgs/development/beam-modules/default.nix     |  4 --
 pkgs/development/interpreters/erlang/R18.nix  | 34 -------------
 pkgs/development/interpreters/erlang/R19.nix  | 19 --------
 pkgs/development/interpreters/erlang/R20.nix  | 10 ----
 .../tools/erlang/cuter/default.nix            | 46 ------------------
 pkgs/top-level/all-packages.nix               |  6 +--
 pkgs/top-level/beam-packages.nix              | 48 +------------------
 9 files changed, 14 insertions(+), 165 deletions(-)
 delete mode 100644 pkgs/development/interpreters/erlang/R18.nix
 delete mode 100644 pkgs/development/interpreters/erlang/R19.nix
 delete mode 100644 pkgs/development/interpreters/erlang/R20.nix
 delete mode 100644 pkgs/development/tools/erlang/cuter/default.nix

diff --git a/doc/languages-frameworks/beam.section.md b/doc/languages-frameworks/beam.section.md
index 2a4753a1199..c8dd3f9ed11 100644
--- a/doc/languages-frameworks/beam.section.md
+++ b/doc/languages-frameworks/beam.section.md
@@ -8,9 +8,9 @@ In this document and related Nix expressions, we use the term, _BEAM_, to descri
 
 All BEAM-related expressions are available via the top-level `beam` attribute, which includes:
 
-- `interpreters`: a set of compilers running on the BEAM, including multiple Erlang/OTP versions (`beam.interpreters.erlangR19`, etc), Elixir (`beam.interpreters.elixir`) and LFE (Lisp Flavoured Erlang) (`beam.interpreters.lfe`).
+- `interpreters`: a set of compilers running on the BEAM, including multiple Erlang/OTP versions (`beam.interpreters.erlangR22`, etc), Elixir (`beam.interpreters.elixir`) and LFE (Lisp Flavoured Erlang) (`beam.interpreters.lfe`).
 
-- `packages`: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. `beam.packages.erlangR19`.
+- `packages`: a set of package builders (Mix and rebar3), each compiled with a specific Erlang/OTP version, e.g. `beam.packages.erlang22`.
 
 The default Erlang compiler, defined by `beam.interpreters.erlang`, is aliased as `erlang`. The default BEAM package set is defined by `beam.packages.erlang` and aliased at the top level as `beamPackages`.
 
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 7412154bc34..78338f51a0a 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -1244,6 +1244,14 @@ environment.systemPackages = [
      Nixpkgs now contains <link xlink:href="https://github.com/NixOS/nixpkgs/pull/118232">automatically packaged GNOME Shell extensions</link> from the <link xlink:href="https://extensions.gnome.org/">GNOME Extensions</link> portal. You can find them, filed by their UUID, under <literal>gnome38Extensions</literal> attribute for GNOME 3.38 and under <literal>gnome40Extensions</literal> for GNOME 40. Finally, the <literal>gnomeExtensions</literal> attribute contains extensions for the latest GNOME Shell version in Nixpkgs, listed under a more human-friendly name. The unqualified attribute scope also contains manually packaged extensions. Note that the automatically packaged extensions are provided for convenience and are not checked or guaranteed to work.
     </para>
    </listitem>
+   <listitem>
+    <para>
+     Erlang/OTP versions older than R21 got dropped. We also dropped the cuter package, as it was purely an example of how to build a package.
+     We also dropped <literal>lfe_1_2</literal> as it could not build with R21+.
+     Moving forward, we expect to only support 3 yearly releases of OTP.
+    </para>
+   </listitem>
+
   </itemizedlist>
  </section>
 </section>
diff --git a/pkgs/development/beam-modules/default.nix b/pkgs/development/beam-modules/default.nix
index 601505e1f48..a2c8f79b8eb 100644
--- a/pkgs/development/beam-modules/default.nix
+++ b/pkgs/development/beam-modules/default.nix
@@ -73,7 +73,6 @@ let
       # https://hexdocs.pm/elixir/compatibility-and-deprecations.html
 
       lfe = lfe_1_3;
-      lfe_1_2 = lib'.callLFE ../interpreters/lfe/1.2.nix { inherit erlang buildRebar3 buildHex; };
       lfe_1_3 = lib'.callLFE ../interpreters/lfe/1.3.nix { inherit erlang buildRebar3 buildHex; };
 
       # Non hex packages. Examples how to build Rebar/Mix packages with and
@@ -81,9 +80,6 @@ let
       hex = callPackage ./hex { };
       webdriver = callPackage ./webdriver { };
       relxExe = callPackage ../tools/erlang/relx-exe { };
-
-      # An example of Erlang/C++ package.
-      cuter = callPackage ../tools/erlang/cuter { };
     };
 in
 makeExtensible packages
diff --git a/pkgs/development/interpreters/erlang/R18.nix b/pkgs/development/interpreters/erlang/R18.nix
deleted file mode 100644
index c99596ea026..00000000000
--- a/pkgs/development/interpreters/erlang/R18.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ mkDerivation, fetchpatch }:
-
-let
-  rmAndPwdPatch = fetchpatch {
-     url = "https://github.com/erlang/otp/commit/98b8650d22e94a5ff839170833f691294f6276d0.patch";
-     sha256 = "0zjs7as83prgq4d5gaw2cmnajnsprdk8cjl5kklknx0pc2b3hfg5";
-  };
-
-  envAndCpPatch = fetchpatch {
-     url = "https://github.com/erlang/otp/commit/9f9841eb7327c9fe73e84e197fd2965a97b639cf.patch";
-     sha256 = "00fx5wc88ki3z71z5q4xzi9h3whhjw1zblpn09w995ygn07m9qhm";
-  };
-
-  makeOrderingPatch = fetchpatch {
-     url = "https://github.com/erlang/otp/commit/2f1a37f1011ff9d129bc35a6efa0ab937a2aa0e9.patch";
-     sha256 = "0xfa6hzxh9d7qllkyidcgh57xrrx11w65y7s1hyg52alm06l6b9n";
-  };
-
-  makeParallelInstallPatch = fetchpatch {
-     url ="https://github.com/erlang/otp/commit/de8fe86f67591dd992bae33f7451523dab36e5bd.patch";
-     sha256 = "1cj9fjhdng6yllajjm3gkk04ag9bwyb3n70hrb5nk6c292v8a45c";
-  };
-
-in mkDerivation {
-  version = "18.3.4.11";
-  sha256 = "190xbv77v5x2g8xkzdg9bpwa1ylkc18d03ag2a0frcwcv76x53k1";
-
-  patches = [
-    rmAndPwdPatch
-    envAndCpPatch
-    makeOrderingPatch
-    makeParallelInstallPatch
-  ];
-}
diff --git a/pkgs/development/interpreters/erlang/R19.nix b/pkgs/development/interpreters/erlang/R19.nix
deleted file mode 100644
index 65ac57413f6..00000000000
--- a/pkgs/development/interpreters/erlang/R19.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ mkDerivation, fetchpatch }:
-
-mkDerivation {
-  version = "19.3.6.13";
-  sha256 = "1zbg54p7pdr8bjyrxvi7vs41vgamqa8lsynnm6ac6845q0xwpwid";
-
-  patches = [
-    # macOS 10.13 crypto fix from OTP-20.1.2
-    (fetchpatch {
-      name = "darwin-crypto.patch";
-      url = "https://github.com/erlang/otp/commit/882c90f72ba4e298aa5a7796661c28053c540a96.patch";
-      sha256 = "1gggzpm8ssamz6975z7px0g8qq5i4jqw81j846ikg49c5cxvi0hi";
-    })
-  ];
-
-  prePatch = ''
-    substituteInPlace configure.in --replace '`sw_vers -productVersion`' "''${MACOSX_DEPLOYMENT_TARGET:-10.12}"
-  '';
-}
diff --git a/pkgs/development/interpreters/erlang/R20.nix b/pkgs/development/interpreters/erlang/R20.nix
deleted file mode 100644
index dfa363c0f25..00000000000
--- a/pkgs/development/interpreters/erlang/R20.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ mkDerivation }:
-
-mkDerivation {
-  version = "20.3.8.26";
-  sha256 = "062405s59hkdkmw2dryq0qc1k03jsncj7yqisgj35x9sqpzm4w7a";
-
-  prePatch = ''
-    substituteInPlace configure.in --replace '`sw_vers -productVersion`' "''${MACOSX_DEPLOYMENT_TARGET:-10.12}"
-  '';
-}
diff --git a/pkgs/development/tools/erlang/cuter/default.nix b/pkgs/development/tools/erlang/cuter/default.nix
deleted file mode 100644
index 44ed61ac1d5..00000000000
--- a/pkgs/development/tools/erlang/cuter/default.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ lib, stdenv, autoreconfHook, which, writeText, makeWrapper, fetchFromGitHub, erlang
-, z3, python }:
-
-stdenv.mkDerivation rec {
-  pname = "cuter";
-  version = "0.1";
-
-  src = fetchFromGitHub {
-    owner = "aggelgian";
-    repo = "cuter";
-    rev = "v${version}";
-    sha256 = "1ax1pj6ji4w2mg3p0nh2lzmg3n9mgfxk4cf07pll51yrcfpfrnfv";
-  };
-
-  setupHook = writeText "setupHook.sh" ''
-    addToSearchPath ERL_LIBS "$1/lib/erlang/lib/"
-  '';
-
-  nativeBuildInputs = [ autoreconfHook makeWrapper which ];
-  buildInputs = [ python python.pkgs.setuptools z3.python erlang ];
-
-  buildFlags = [ "PWD=$(out)/lib/erlang/lib/cuter-${version}" "cuter_target" ];
-  configurePhase = ''
-    autoconf
-    ./configure --prefix $out
-  '';
-
-  installPhase = ''
-    mkdir -p "$out/lib/erlang/lib/cuter-${version}"
-    mkdir -p "$out/bin"
-    cp -r * "$out/lib/erlang/lib/cuter-${version}"
-    cp cuter "$out/bin/cuter"
-    wrapProgram $out/bin/cuter \
-      --prefix PATH : "${python}/bin" \
-      --suffix PYTHONPATH : "${z3}/${python.sitePackages}" \
-      --suffix ERL_LIBS : "$out/lib/erlang/lib"
-  '';
-
-  meta = {
-    description = "A concolic testing tool for the Erlang functional programming language";
-    license = lib.licenses.gpl3;
-    homepage = "https://github.com/aggelgian/cuter";
-    maintainers = with lib.maintainers; [ ericbmerritt ];
-    platforms = with lib.platforms; unix;
-  };
-}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 9b9a0199fd6..bd387a47638 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12030,7 +12030,7 @@ in
   beam_nox = callPackage ./beam-packages.nix { wxSupport = false; };
 
   inherit (beam.interpreters)
-    erlang erlangR24 erlangR23 erlangR22 erlangR21 erlangR20 erlangR19 erlangR18
+    erlang erlangR24 erlangR23 erlangR22 erlangR21
     erlang_odbc erlang_javac erlang_odbc_javac erlang_basho_R16B02
     elixir elixir_1_11 elixir_1_10 elixir_1_9 elixir_1_8 elixir_1_7
     elixir_ls;
@@ -12043,8 +12043,6 @@ in
     fetchHex beamPackages
     relxExe;
 
-  inherit (beam.packages.erlangR19) cuter lfe_1_2;
-
   inherit (beam.packages.erlangR21) lfe lfe_1_3;
 
   groovy = callPackage ../development/interpreters/groovy { };
@@ -19870,7 +19868,7 @@ in
   xwayland = callPackage ../servers/x11/xorg/xwayland.nix { };
 
   yaws = callPackage ../servers/http/yaws {
-    erlang = erlangR18;
+    erlang = erlangR21;
   };
 
   youtrack = callPackage ../servers/jetbrains/youtrack.nix { };
diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix
index 688d1607240..cb6e68c2890 100644
--- a/pkgs/top-level/beam-packages.nix
+++ b/pkgs/top-level/beam-packages.nix
@@ -1,4 +1,4 @@
-{ callPackage, wxGTK30, openssl_1_0_2, buildPackages, wxSupport ? true }:
+{ callPackage, wxGTK30, buildPackages, wxSupport ? true }:
 
 rec {
   lib = callPackage ../development/beam-modules/lib.nix { };
@@ -72,47 +72,6 @@ rec {
       odbcSupport = true;
     };
 
-    # R20
-    erlangR20 = lib.callErlang ../development/interpreters/erlang/R20.nix {
-      wxGTK = wxGTK30;
-      autoconf = buildPackages.autoconf269;
-      inherit wxSupport;
-    };
-    erlangR20_odbc = erlangR20.override { odbcSupport = true; };
-    erlangR20_javac = erlangR20.override { javacSupport = true; };
-    erlangR20_odbc_javac = erlangR20.override {
-      javacSupport = true;
-      odbcSupport = true;
-    };
-
-    # R19
-    erlangR19 = lib.callErlang ../development/interpreters/erlang/R19.nix {
-      wxGTK = wxGTK30;
-      openssl = openssl_1_0_2;
-      autoconf = buildPackages.autoconf269;
-      inherit wxSupport;
-    };
-    erlangR19_odbc = erlangR19.override { odbcSupport = true; };
-    erlangR19_javac = erlangR19.override { javacSupport = true; };
-    erlangR19_odbc_javac = erlangR19.override {
-      javacSupport = true;
-      odbcSupport = true;
-    };
-
-    # R18
-    erlangR18 = lib.callErlang ../development/interpreters/erlang/R18.nix {
-      wxGTK = wxGTK30;
-      openssl = openssl_1_0_2;
-      autoconf = buildPackages.autoconf269;
-      inherit wxSupport;
-    };
-    erlangR18_odbc = erlangR18.override { odbcSupport = true; };
-    erlangR18_javac = erlangR18.override { javacSupport = true; };
-    erlangR18_odbc_javac = erlangR18.override {
-      javacSupport = true;
-      odbcSupport = true;
-    };
-
     # Basho fork, using custom builder.
     erlang_basho_R16B02 =
       lib.callErlang ../development/interpreters/erlang/R16B02-basho.nix {
@@ -128,7 +87,7 @@ rec {
     inherit (packages.erlang)
       elixir elixir_1_11 elixir_1_10 elixir_1_9 elixir_1_8 elixir_1_7 elixir_ls;
 
-    inherit (packages.erlang) lfe lfe_1_2 lfe_1_3;
+    inherit (packages.erlang) lfe lfe_1_3;
   };
 
   # Helper function to generate package set with a specific Erlang version.
@@ -145,8 +104,5 @@ rec {
     erlangR23 = packagesWith interpreters.erlangR23;
     erlangR22 = packagesWith interpreters.erlangR22;
     erlangR21 = packagesWith interpreters.erlangR21;
-    erlangR20 = packagesWith interpreters.erlangR20;
-    erlangR19 = packagesWith interpreters.erlangR19;
-    erlangR18 = packagesWith interpreters.erlangR18;
   };
 }

From 22e2e017df971c03a1db7c79c6363f47af9ab94f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <dev@schuetz-co.de>
Date: Tue, 1 Jun 2021 22:39:59 +0200
Subject: [PATCH 086/126] qutebrowser: 2.2.2 -> 2.2.3

https://github.com/qutebrowser/qutebrowser/releases/tag/v2.2.3
(cherry picked from commit 29043644b0119bd3c5e695fb90ea5e52b4656045)
---
 pkgs/applications/networking/browsers/qutebrowser/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/browsers/qutebrowser/default.nix b/pkgs/applications/networking/browsers/qutebrowser/default.nix
index 15e759c8b62..1f03184eeed 100644
--- a/pkgs/applications/networking/browsers/qutebrowser/default.nix
+++ b/pkgs/applications/networking/browsers/qutebrowser/default.nix
@@ -31,12 +31,12 @@ let
 
 in mkDerivationWith python3Packages.buildPythonApplication rec {
   pname = "qutebrowser";
-  version = "2.2.2";
+  version = "2.2.3";
 
   # the release tarballs are different from the git checkout!
   src = fetchurl {
     url = "https://github.com/qutebrowser/qutebrowser/releases/download/v${version}/${pname}-${version}.tar.gz";
-    sha256 = "11vjp20gzmdjj09b7wxzn7ar6viih0bk76y618yqsyqqkffylmbq";
+    sha256 = "sha256-BoP168jxj94nvkrcgC83fPw/TPRsI2PbCooqzWNF62I=";
   };
 
   # Needs tox

From 5b6ba9f4929eeb1b79f0fb606fb750d9b95e00b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <dev@schuetz-co.de>
Date: Wed, 2 Jun 2021 11:51:02 +0200
Subject: [PATCH 087/126] python3Packages.adblock: fix build on Darwin

(cherry picked from commit 9f9de0069cf323533375286468e44f134c117234)
---
 pkgs/development/python-modules/adblock/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/python-modules/adblock/default.nix b/pkgs/development/python-modules/adblock/default.nix
index 8fc697828f0..59d1f2e4e7a 100644
--- a/pkgs/development/python-modules/adblock/default.nix
+++ b/pkgs/development/python-modules/adblock/default.nix
@@ -8,6 +8,7 @@
 , openssl
 , publicsuffix-list
 , isPy27
+, libiconv
 , CoreFoundation
 , Security
 }:
@@ -37,7 +38,7 @@ buildPythonPackage rec {
     ++ (with rustPlatform; [ cargoSetupHook maturinBuildHook ]);
 
   buildInputs = [ openssl ]
-    ++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ];
+    ++ lib.optionals stdenv.isDarwin [ libiconv CoreFoundation Security ];
 
   PSL_PATH = "${publicsuffix-list}/share/publicsuffix/public_suffix_list.dat";
 
@@ -49,7 +50,7 @@ buildPythonPackage rec {
   meta = with lib; {
     description = "Python wrapper for Brave's adblocking library, which is written in Rust";
     homepage = "https://github.com/ArniDagur/python-adblock/";
-    maintainers = with maintainers; [ petabyteboy ];
+    maintainers = with maintainers; [ petabyteboy dotlambda ];
     license = with licenses; [ asl20 mit ];
   };
 }

From bdf95a994e4af4237843ed4fe2b791c3387e32ff Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 2 Jun 2021 16:49:11 +0200
Subject: [PATCH 088/126] lasso: Fix signature verification in AuthnResponse
 messages

Fixes: CVE-2021-28091
---
 pkgs/development/libraries/lasso/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/lasso/default.nix b/pkgs/development/libraries/lasso/default.nix
index 24efa689c58..eaea748c714 100644
--- a/pkgs/development/libraries/lasso/default.nix
+++ b/pkgs/development/libraries/lasso/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, autoconf, automake, autoreconfHook, fetchurl, glib, gobject-introspection, gtk-doc, libtool, libxml2, libxslt, openssl, pkg-config, python27Packages, xmlsec, zlib }:
+{ lib, stdenv, autoconf, automake, autoreconfHook, fetchurl, fetchpatch, glib, gobject-introspection, gtk-doc, libtool, libxml2, libxslt, openssl, pkg-config, python27Packages, xmlsec, zlib }:
 
 stdenv.mkDerivation rec {
 
@@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
 
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-28091.patch";
+      url = "https://git.entrouvert.org/lasso.git/patch/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a";
+      sha256 = "0070x01pir30hsb21mp69pf9pxingadl3y4w0afw07a5c57drhn4";
+    })
+  ];
+
   nativeBuildInputs = [ autoreconfHook pkg-config ];
   buildInputs = [ autoconf automake glib gobject-introspection gtk-doc libtool libxml2 libxslt openssl python27Packages.six xmlsec zlib ];
 

From fc30ee8ce7dcb00856356438ed427c4d32311c93 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Tue, 1 Jun 2021 14:42:21 +0200
Subject: [PATCH 089/126] dockerTools: Fix passthru image tag

It should match the actual image tag.
This fixes the problem introduced in 00996b5e03f33bebafc2b17c41a175d3726a9bde
https://github.com/NixOS/nixpkgs/pull/115491#pullrequestreview-672789901

(cherry picked from commit ff55c41facaa6812f9cc879a49f6929321881d4f)
---
 pkgs/build-support/docker/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 5bbf1b63f2b..89510cd6330 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -536,7 +536,7 @@ rec {
         passthru.layer = layer;
         passthru.imageTag =
           if tag != null
-            then lib.toLower tag
+            then tag
             else
               lib.head (lib.strings.splitString "-" (baseNameOf result.outPath));
         # Docker can't be made to run darwin binaries

From aedd9a2dc68694c7b863406aa89f00362fb92332 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eduardo=20S=C3=A1nchez=20Mu=C3=B1oz?= <esm@eduardosm.net>
Date: Tue, 1 Jun 2021 17:27:24 +0200
Subject: [PATCH 090/126] dr14_tmeter: use ffmpeg 4

migrate away from ffmpeg_3 (https://github.com/NixOS/nixpkgs/issues/120705)

(cherry picked from commit 0b32978596d24542e6561a31b5f134ddcc6b811c)
---
 pkgs/applications/audio/dr14_tmeter/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/applications/audio/dr14_tmeter/default.nix b/pkgs/applications/audio/dr14_tmeter/default.nix
index 80b2cff3ce0..649c0f39097 100644
--- a/pkgs/applications/audio/dr14_tmeter/default.nix
+++ b/pkgs/applications/audio/dr14_tmeter/default.nix
@@ -14,7 +14,7 @@ python3Packages.buildPythonApplication rec {
   };
 
   propagatedBuildInputs = with pkgs; [
-    python3Packages.numpy flac vorbis-tools ffmpeg_3 faad2 lame
+    python3Packages.numpy flac vorbis-tools ffmpeg faad2 lame
   ];
 
   # There are no tests

From 98f321b5bb43afd520b2df94ae027466439f599d Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Wed, 2 Jun 2021 17:17:39 +0200
Subject: [PATCH 091/126] pdns-recursor: disable on i686-linux

Support for 32-bit platforms with no 64-bit time_t has ended.
See https://mailman.powerdns.com/pipermail/pdns-users/2021-May/027220.html

(cherry picked from commit cbfd8831a1082f6bea819f92c8bfd6ec688c9fc4)
---
 pkgs/servers/dns/pdns-recursor/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/servers/dns/pdns-recursor/default.nix b/pkgs/servers/dns/pdns-recursor/default.nix
index fa8723ea965..ee3d8aafa1c 100644
--- a/pkgs/servers/dns/pdns-recursor/default.nix
+++ b/pkgs/servers/dns/pdns-recursor/default.nix
@@ -33,6 +33,9 @@ stdenv.mkDerivation rec {
     description = "A recursive DNS server";
     homepage = "https://www.powerdns.com/";
     platforms = platforms.linux;
+    badPlatforms = [
+      "i686-linux"  # a 64-bit time_t is needed
+    ];
     license = licenses.gpl2;
     maintainers = with maintainers; [ rnhmjoj ];
   };

From 3f68a16c3ec670e2d86e253de07e416f5796fc40 Mon Sep 17 00:00:00 2001
From: Sumner Evans <me@sumnerevans.com>
Date: Tue, 25 May 2021 12:08:42 -0600
Subject: [PATCH 092/126] synapse: 1.34.0 -> 1.35.0

(cherry picked from commit c6a546e996d7dce5a688a6718ee7baeca694ddde)
---
 pkgs/servers/matrix-synapse/default.nix | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix
index c1444ecb6b3..0141d6eb7a2 100644
--- a/pkgs/servers/matrix-synapse/default.nix
+++ b/pkgs/servers/matrix-synapse/default.nix
@@ -12,11 +12,11 @@ let
 in
 buildPythonApplication rec {
   pname = "matrix-synapse";
-  version = "1.34.0";
+  version = "1.35.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-lXVJfhcH9lKOCHn5f4Lc/OjgEYa5IpauKRhBsFXNWLw=";
+    sha256 = "sha256-McgLJoOS8h8C7mcbLaF0hiMkfthpDRUKyB5Effzk2ds=";
   };
 
   patches = [
@@ -27,12 +27,13 @@ buildPythonApplication rec {
   buildInputs = [ openssl ];
 
   propagatedBuildInputs = [
-    setuptools
+    authlib
     bcrypt
     bleach
     canonicaljson
     daemonize
     frozendict
+    ijson
     jinja2
     jsonschema
     lxml
@@ -44,20 +45,20 @@ buildPythonApplication rec {
     psutil
     psycopg2
     pyasn1
+    pyjwt
     pymacaroons
     pynacl
     pyopenssl
     pysaml2
     pyyaml
     requests
+    setuptools
     signedjson
     sortedcontainers
     treq
     twisted
-    unpaddedbase64
     typing-extensions
-    authlib
-    pyjwt
+    unpaddedbase64
   ] ++ lib.optional enableSystemd systemd
     ++ lib.optional enableRedis hiredis;
 
@@ -66,7 +67,6 @@ buildPythonApplication rec {
   doCheck = !stdenv.isDarwin;
 
   checkPhase = ''
-    ${lib.optionalString (!enableRedis) "rm -r tests/replication # these tests need the optional dependency 'hiredis'"}
     PYTHONPATH=".:$PYTHONPATH" ${python3.interpreter} -m twisted.trial tests
   '';
 

From 7c5300402658e6ad3575937b9badfab076672456 Mon Sep 17 00:00:00 2001
From: "(cdep)illabout" <cdep.illabout@gmail.com>
Date: Fri, 28 May 2021 10:47:40 +0900
Subject: [PATCH 093/126] haskellPackages.cabal2nix-unstable: update to latest
 version from github

(cherry picked from commit 259177f1097be0f8de5969242e98f8e026df8037)
---
 pkgs/development/haskell-modules/cabal2nix-unstable.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/haskell-modules/cabal2nix-unstable.nix b/pkgs/development/haskell-modules/cabal2nix-unstable.nix
index 1ec16eaf5eb..00bd9061f01 100644
--- a/pkgs/development/haskell-modules/cabal2nix-unstable.nix
+++ b/pkgs/development/haskell-modules/cabal2nix-unstable.nix
@@ -8,10 +8,10 @@
 }:
 mkDerivation {
   pname = "cabal2nix";
-  version = "unstable-2021-05-06";
+  version = "unstable-2021-05-28";
   src = fetchzip {
-    url = "https://github.com/NixOS/cabal2nix/archive/b598bc4682b0827554b5780acdd6f948d320283b.tar.gz";
-    sha256 = "04afm56cyhj2l41cvq4z11k92jjchr21a8vg9pjaz438pma7jgw1";
+    url = "https://github.com/NixOS/cabal2nix/archive/5fb325e094af91328e02cc2ecfd211feaeb135a7.tar.gz";
+    sha256 = "1zbd336s99rgk24yjqlp012d0f66s5nf190sjmsl7mfhqx9j2y4l";
   };
   isLibrary = true;
   isExecutable = true;

From 29a8095f13ee51d706731a30a96f023947892a6e Mon Sep 17 00:00:00 2001
From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org>
Date: Thu, 3 Jun 2021 00:33:11 +0200
Subject: [PATCH 094/126] hackage-packages.nix: Regenerate based on current
 config

This commit has been generated by maintainers/scripts/haskell/regenerate-hackage-packages.sh

Main point here is to apply the new cabal2nix-unstable generation with
a libNixName entry for libXScrnSaver, so greenclip builds again.
---
 .../haskell-modules/hackage-packages.nix         | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix
index 95399b7ba50..bf083d390f7 100644
--- a/pkgs/development/haskell-modules/hackage-packages.nix
+++ b/pkgs/development/haskell-modules/hackage-packages.nix
@@ -41557,7 +41557,7 @@ self: {
        license = lib.licenses.bsd3;
        hydraPlatforms = lib.platforms.none;
        broken = true;
-     }) {wlc = null;};
+     }) {inherit (pkgs) wlc;};
 
   "bindings-yices" = callPackage
     ({ mkDerivation, base, gmp, yices }:
@@ -110752,9 +110752,9 @@ self: {
 
   "greenclip" = callPackage
     ({ mkDerivation, base, binary, bytestring, directory, exceptions
-     , hashable, libXau, microlens, microlens-mtl, protolude, text
-     , tomland, unix, vector, wordexp, X11, xcb, xdmcp, xlibsWrapper
-     , xscrnsaver
+     , hashable, libXau, libXScrnSaver, microlens, microlens-mtl
+     , protolude, text, tomland, unix, vector, wordexp, X11, xcb, xdmcp
+     , xlibsWrapper
      }:
      mkDerivation {
        pname = "greenclip";
@@ -110767,14 +110767,14 @@ self: {
          microlens-mtl protolude text tomland unix vector wordexp X11
        ];
        executablePkgconfigDepends = [
-         libXau xcb xdmcp xlibsWrapper xscrnsaver
+         libXau libXScrnSaver xcb xdmcp xlibsWrapper
        ];
        description = "Simple clipboard manager to be integrated with rofi";
        license = lib.licenses.bsd3;
        hydraPlatforms = lib.platforms.none;
        broken = true;
-     }) {inherit (pkgs.xorg) libXau; xcb = null; xdmcp = null; 
-         inherit (pkgs) xlibsWrapper; xscrnsaver = null;};
+     }) {inherit (pkgs.xorg) libXScrnSaver; inherit (pkgs.xorg) libXau; 
+         xcb = null; xdmcp = null; inherit (pkgs) xlibsWrapper;};
 
   "greg-client" = callPackage
     ({ mkDerivation, base, binary, bytestring, clock, hostname, network
@@ -280222,7 +280222,7 @@ self: {
        description = "Haskell bindings for the wlc library";
        license = lib.licenses.isc;
        hydraPlatforms = lib.platforms.none;
-     }) {wlc = null;};
+     }) {inherit (pkgs) wlc;};
 
   "wobsurv" = callPackage
     ({ mkDerivation, aeson, attoparsec, base-prelude, bytestring

From ca783d93bbc06f3ffe70550535c22413a2265a99 Mon Sep 17 00:00:00 2001
From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org>
Date: Thu, 3 Jun 2021 00:38:33 +0200
Subject: [PATCH 095/126] haskellPackages.greenclip: unmark as broken

libXScrnSaver is passed correctly now, so greenclip builds again.
---
 .../haskell-modules/configuration-hackage2nix/broken.yaml       | 1 -
 pkgs/development/haskell-modules/hackage-packages.nix           | 2 --
 2 files changed, 3 deletions(-)

diff --git a/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml b/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
index 8faaff9ddc5..ad6dd7115ae 100644
--- a/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
+++ b/pkgs/development/haskell-modules/configuration-hackage2nix/broken.yaml
@@ -1675,7 +1675,6 @@ broken-packages:
   - grasp
   - gray-code
   - greencard
-  - greenclip
   - greg-client
   - gremlin-haskell
   - Grempa
diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix
index bf083d390f7..198ce1cc4a5 100644
--- a/pkgs/development/haskell-modules/hackage-packages.nix
+++ b/pkgs/development/haskell-modules/hackage-packages.nix
@@ -110771,8 +110771,6 @@ self: {
        ];
        description = "Simple clipboard manager to be integrated with rofi";
        license = lib.licenses.bsd3;
-       hydraPlatforms = lib.platforms.none;
-       broken = true;
      }) {inherit (pkgs.xorg) libXScrnSaver; inherit (pkgs.xorg) libXau; 
          xcb = null; xdmcp = null; inherit (pkgs) xlibsWrapper;};
 

From 4691b50a4e8b055a11d900b18ad94bfe70376def Mon Sep 17 00:00:00 2001
From: Milan <me@pbb.lc>
Date: Thu, 3 Jun 2021 00:53:34 +0200
Subject: [PATCH 096/126] gitlab: 13.12.0 -> 13.12.2

https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Backport of #125271
(cherry picked from commit 2a1c29ef4bacac06f9b677931027bf053952618c)
---
 pkgs/applications/version-management/gitlab/data.json  | 10 +++++-----
 .../version-management/gitlab/gitaly/default.nix       |  4 ++--
 .../gitlab/gitlab-workhorse/default.nix                |  2 +-
 .../version-management/gitlab/rubyEnv/Gemfile.lock     |  2 +-
 .../version-management/gitlab/rubyEnv/gemset.nix       |  4 ++--
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json
index 05d18631e5c..40af0656fe6 100644
--- a/pkgs/applications/version-management/gitlab/data.json
+++ b/pkgs/applications/version-management/gitlab/data.json
@@ -1,13 +1,13 @@
 {
-  "version": "13.12.0",
-  "repo_hash": "060bmfvpqh6zdrwdh4lx4xr1nbg0f7hcp8zh6k9qplv48szhj8m9",
+  "version": "13.12.2",
+  "repo_hash": "1wzbjw21pan5cfiz1jd03c3w9sgyvmn35f6dm2sr2k54acsw034p",
   "owner": "gitlab-org",
   "repo": "gitlab",
-  "rev": "v13.12.0-ee",
+  "rev": "v13.12.2-ee",
   "passthru": {
-    "GITALY_SERVER_VERSION": "13.12.0",
+    "GITALY_SERVER_VERSION": "13.12.2",
     "GITLAB_PAGES_VERSION": "1.39.0",
     "GITLAB_SHELL_VERSION": "13.18.0",
-    "GITLAB_WORKHORSE_VERSION": "13.12.0"
+    "GITLAB_WORKHORSE_VERSION": "13.12.2"
   }
 }
diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix
index 20695409f47..994683c2e2b 100644
--- a/pkgs/applications/version-management/gitlab/gitaly/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix
@@ -21,14 +21,14 @@ let
       };
   };
 in buildGoModule rec {
-  version = "13.12.0";
+  version = "13.12.2";
   pname = "gitaly";
 
   src = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitaly";
     rev = "v${version}";
-    sha256 = "sha256-MGK0WjAeqApf2xUsbF1mtyzYMhJHC5LFtj8LSb0NQKI=";
+    sha256 = "sha256-jZg/OlecYlGjDxlxsayAuqzptil1OPtyPjOe1WYT0HY=";
   };
 
   vendorSha256 = "sha256-drS0L0olEFHYJVC0VYwEZeNYa8fjwrfxlhrEQa4pqzY=";
diff --git a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
index 747cb79e59b..c6302be8d18 100644
--- a/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitlab-workhorse/default.nix
@@ -5,7 +5,7 @@ in
 buildGoModule rec {
   pname = "gitlab-workhorse";
 
-  version = "13.12.0";
+  version = "13.12.2";
 
   src = fetchFromGitLab {
     owner = data.owner;
diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
index 3e97365f588..6f40a15a64b 100644
--- a/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
+++ b/pkgs/applications/version-management/gitlab/rubyEnv/Gemfile.lock
@@ -139,7 +139,7 @@ GEM
       coderay (>= 1.0.0)
       erubi (>= 1.0.0)
       rack (>= 0.9.0)
-    bindata (2.4.8)
+    bindata (2.4.10)
     binding_ninja (0.2.3)
     bootsnap (1.4.6)
       msgpack (~> 1.0)
diff --git a/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix b/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
index f2e5c9adea4..9500febc856 100644
--- a/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
+++ b/pkgs/applications/version-management/gitlab/rubyEnv/gemset.nix
@@ -557,10 +557,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1bmlqjb5h1ry6wm2d903d6yxibpqzzxwqczvlicsqv0vilaca5ic";
+      sha256 = "06lqi4svq5qls9f7nnvd2zmjdqmi2sf82sq78ci5d78fq0z5x2vr";
       type = "gem";
     };
-    version = "2.4.8";
+    version = "2.4.10";
   };
   binding_ninja = {
     groups = ["default" "development" "test"];

From 6feba09c5361b20a968e506aacbc013e98024017 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 3 Jun 2021 00:45:22 -0400
Subject: [PATCH 097/126] redis: 6.2.3 -> 6.2.4 (#125444)

https://github.com/redis/redis/releases/tag/6.2.4
(cherry picked from commit 8d34fb204ce256c124b35968f6bf3ee940bb36fc)

Co-authored-by: Mario Rodas <marsam@users.noreply.github.com>
---
 pkgs/servers/nosql/redis/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix
index 5856d0d17b5..a1b2b0570c3 100644
--- a/pkgs/servers/nosql/redis/default.nix
+++ b/pkgs/servers/nosql/redis/default.nix
@@ -5,11 +5,11 @@
 
 stdenv.mkDerivation rec {
   pname = "redis";
-  version = "6.2.3";
+  version = "6.2.4";
 
   src = fetchurl {
     url = "https://download.redis.io/releases/${pname}-${version}.tar.gz";
-    sha256 = "sha256-mO19UytelnH13wglu3Hw83SDoWVGNkBJOExj24dkUSs=";
+    sha256 = "0vp1d9mlfsppry3nsj9f7bmh9wjgsy3jggp24sac1hhgl43c8cms";
   };
 
   # Cross-compiling fixes

From eab4608a67a09c63ff7b74d515dcfa8cffd9faf8 Mon Sep 17 00:00:00 2001
From: Jonas Carpay <jonascarpay@gmail.com>
Date: Thu, 3 Jun 2021 10:31:14 +0900
Subject: [PATCH 098/126] blender: 2.92.0 -> 2.93.0

(cherry picked from commit ff60dfcc7f700a9f60c5ff3ebbcf61781c17671e)
---
 pkgs/applications/misc/blender/default.nix | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkgs/applications/misc/blender/default.nix b/pkgs/applications/misc/blender/default.nix
index 8d345cdefe0..055abab0b8b 100644
--- a/pkgs/applications/misc/blender/default.nix
+++ b/pkgs/applications/misc/blender/default.nix
@@ -1,7 +1,7 @@
 { config, stdenv, lib, fetchurl, fetchzip, boost, cmake, ffmpeg, gettext, glew
 , ilmbase, libXi, libX11, libXext, libXrender
 , libjpeg, libpng, libsamplerate, libsndfile
-, libtiff, libGLU, libGL, openal, opencolorio, openexr, openimagedenoise, openimageio2, openjpeg, python3Packages
+, libtiff, libGLU, libGL, openal, opencolorio, openexr, openimagedenoise, openimageio2, openjpeg, python39Packages
 , openvdb, libXxf86vm, tbb, alembic
 , zlib, fftw, opensubdiv, freetype, jemalloc, ocl-icd, addOpenGLRunpath
 , jackaudioSupport ? false, libjack2
@@ -17,7 +17,7 @@
 
 with lib;
 let
-  python = python3Packages.python;
+  python = python39Packages.python;
   optix = fetchzip {
     url = "https://developer.download.nvidia.com/redist/optix/v7.0/OptiX-7.0.0-include.zip";
     sha256 = "1b3ccd3197anya2bj3psxdrvrpfgiwva5zfv2xmyrl73nb2dvfr7";
@@ -26,16 +26,16 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "blender";
-  version = "2.92.0";
+  version = "2.93.0";
 
   src = fetchurl {
     url = "https://download.blender.org/source/${pname}-${version}.tar.xz";
-    sha256 = "15a5vffn18a920286x0avbc2rap56k6y531wgibq68r90g2cz4g7";
+    sha256 = "0f2rpqa39sir6g90khd2d2fs4kss0zhk7vya1nscf5yp8r566fxs";
   };
 
   patches = lib.optional stdenv.isDarwin ./darwin.patch;
 
-  nativeBuildInputs = [ cmake makeWrapper python3Packages.wrapPython llvmPackages.llvm.dev ]
+  nativeBuildInputs = [ cmake makeWrapper python39Packages.wrapPython llvmPackages.llvm.dev ]
     ++ optionals cudaSupport [ addOpenGLRunpath ];
   buildInputs =
     [ boost ffmpeg gettext glew ilmbase
@@ -64,7 +64,7 @@ stdenv.mkDerivation rec {
     ++ optional cudaSupport cudatoolkit
     ++ optional colladaSupport opencollada
     ++ optional spaceNavSupport libspnav;
-  pythonPath = with python3Packages; [ numpy requests ];
+  pythonPath = with python39Packages; [ numpy requests ];
 
   postPatch = ''
     # allow usage of dynamically linked embree
@@ -87,7 +87,7 @@ stdenv.mkDerivation rec {
         --replace '${"$"}{LIBDIR}/opencollada' \
                   '${opencollada}' \
         --replace '${"$"}{PYTHON_LIBPATH}/site-packages/numpy' \
-                  '${python3Packages.numpy}/${python.sitePackages}/numpy'
+                  '${python39Packages.numpy}/${python.sitePackages}/numpy'
     '' else ''
       substituteInPlace extern/clew/src/clew.c --replace '"libOpenCL.so"' '"${ocl-icd}/lib/libOpenCL.so"'
     '');
@@ -109,8 +109,8 @@ stdenv.mkDerivation rec {
       "-DPYTHON_VERSION=${python.pythonVersion}"
       "-DWITH_PYTHON_INSTALL=OFF"
       "-DWITH_PYTHON_INSTALL_NUMPY=OFF"
-      "-DPYTHON_NUMPY_PATH=${python3Packages.numpy}/${python.sitePackages}"
-      "-DPYTHON_NUMPY_INCLUDE_DIRS=${python3Packages.numpy}/${python.sitePackages}/numpy/core/include"
+      "-DPYTHON_NUMPY_PATH=${python39Packages.numpy}/${python.sitePackages}"
+      "-DPYTHON_NUMPY_INCLUDE_DIRS=${python39Packages.numpy}/${python.sitePackages}/numpy/core/include"
       "-DWITH_PYTHON_INSTALL_REQUESTS=OFF"
       "-DWITH_OPENVDB=ON"
       "-DWITH_TBB=ON"

From 2d1b9ef5e79e84fe1f47f4eb09522101d5730d20 Mon Sep 17 00:00:00 2001
From: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
Date: Thu, 3 Jun 2021 00:43:02 -0400
Subject: [PATCH 099/126] blender: fix darwin build

(cherry picked from commit dca87350f4e00539e52731628b98cbcc15c4319a)
---
 pkgs/applications/misc/blender/darwin.patch | 19 +++++++++----------
 pkgs/applications/misc/blender/default.nix  |  4 ----
 2 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/pkgs/applications/misc/blender/darwin.patch b/pkgs/applications/misc/blender/darwin.patch
index da2d6fa4a3d..72db7924594 100644
--- a/pkgs/applications/misc/blender/darwin.patch
+++ b/pkgs/applications/misc/blender/darwin.patch
@@ -1,5 +1,4 @@
 diff --git a/build_files/cmake/platform/platform_apple.cmake b/build_files/cmake/platform/platform_apple.cmake
-index 31da529..90308aa 100644
 --- a/build_files/cmake/platform/platform_apple.cmake
 +++ b/build_files/cmake/platform/platform_apple.cmake
 @@ -77,7 +77,6 @@ else()
@@ -10,7 +9,7 @@ index 31da529..90308aa 100644
  endif()
  
  # Prefer lib directory paths
-@@ -113,10 +112,6 @@ if(WITH_CODEC_SNDFILE)
+@@ -114,10 +113,6 @@ if(WITH_CODEC_SNDFILE)
    find_library(_sndfile_VORBIS_LIBRARY NAMES vorbis HINTS ${LIBDIR}/ffmpeg/lib)
    find_library(_sndfile_VORBISENC_LIBRARY NAMES vorbisenc HINTS ${LIBDIR}/ffmpeg/lib)
    list(APPEND LIBSNDFILE_LIBRARIES
@@ -21,16 +20,16 @@ index 31da529..90308aa 100644
    )
  
    print_found_status("SndFile libraries" "${LIBSNDFILE_LIBRARIES}")
-@@ -133,7 +128,7 @@ if(WITH_PYTHON)
+@@ -134,7 +129,7 @@ if(WITH_PYTHON)
      # normally cached but not since we include them with blender
-     set(PYTHON_INCLUDE_DIR "${LIBDIR}/python/include/python${PYTHON_VERSION}m")
-     set(PYTHON_EXECUTABLE "${LIBDIR}/python/bin/python${PYTHON_VERSION}m")
--    set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}m.a)
-+    set(PYTHON_LIBRARY "${LIBDIR}/python/lib/libpython${PYTHON_VERSION}m.dylib")
+     set(PYTHON_INCLUDE_DIR "${LIBDIR}/python/include/python${PYTHON_VERSION}")
+     set(PYTHON_EXECUTABLE "${LIBDIR}/python/bin/python${PYTHON_VERSION}")
+-    set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}.a)
++    set(PYTHON_LIBRARY ${LIBDIR}/python/lib/libpython${PYTHON_VERSION}.dylib)
      set(PYTHON_LIBPATH "${LIBDIR}/python/lib/python${PYTHON_VERSION}")
      # set(PYTHON_LINKFLAGS "-u _PyMac_Error")  # won't  build with this enabled
    else()
-@@ -174,9 +169,7 @@ endif()
+@@ -175,9 +170,7 @@ endif()
  if(WITH_CODEC_FFMPEG)
    set(FFMPEG_FIND_COMPONENTS
      avcodec avdevice avformat avutil
@@ -41,7 +40,7 @@ index 31da529..90308aa 100644
    find_package(FFmpeg)
  endif()
  
-@@ -267,7 +260,6 @@ if(WITH_BOOST)
+@@ -275,7 +268,6 @@ if(WITH_BOOST)
  endif()
  
  if(WITH_INTERNATIONAL OR WITH_CODEC_FFMPEG)
@@ -49,7 +48,7 @@ index 31da529..90308aa 100644
  endif()
  
  if(WITH_PUGIXML)
-@@ -451,7 +443,7 @@ else()
+@@ -476,7 +468,7 @@ else()
    set(CMAKE_CXX_FLAGS_RELEASE "-O2 -mdynamic-no-pic")
  endif()
  
diff --git a/pkgs/applications/misc/blender/default.nix b/pkgs/applications/misc/blender/default.nix
index 055abab0b8b..cf5ede1c7fe 100644
--- a/pkgs/applications/misc/blender/default.nix
+++ b/pkgs/applications/misc/blender/default.nix
@@ -78,10 +78,6 @@ stdenv.mkDerivation rec {
         --replace '${"$"}{LIBDIR}/openmp' \
                   '${llvmPackages.openmp}'
       substituteInPlace build_files/cmake/platform/platform_apple.cmake \
-        --replace 'set(PYTHON_VERSION 3.7)' \
-                  'set(PYTHON_VERSION ${python.pythonVersion})' \
-        --replace '${"$"}{PYTHON_VERSION}m' \
-                  '${"$"}{PYTHON_VERSION}' \
         --replace '${"$"}{LIBDIR}/python' \
                   '${python}' \
         --replace '${"$"}{LIBDIR}/opencollada' \

From e3e37d20ceb5efbc98ecad66d10db4a11d3f700b Mon Sep 17 00:00:00 2001
From: Patrick Hilhorst <git@hilhorst.be>
Date: Wed, 2 Jun 2021 14:19:08 +0200
Subject: [PATCH 100/126] nixos/tests/test-driver: add shell_interact

(cherry picked from commit 5a589b5ba8941d734e9c3aebbf2be2f50d7c32a5)
---
 nixos/lib/test-driver/test-driver.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py
index e216e566f28..90ae2e558ef 100644
--- a/nixos/lib/test-driver/test-driver.py
+++ b/nixos/lib/test-driver/test-driver.py
@@ -21,6 +21,7 @@ import shutil
 import socket
 import subprocess
 import sys
+import telnetlib
 import tempfile
 import time
 import traceback
@@ -455,6 +456,15 @@ class Machine:
                 return (status_code, output)
             output += chunk
 
+    def shell_interact(self) -> None:
+        """Allows you to interact with the guest shell
+
+        Should only be used during testing, not in the production test."""
+        self.connect()
+        telnet = telnetlib.Telnet()
+        telnet.sock = self.shell  # type: ignore
+        telnet.interact()
+
     def succeed(self, *commands: str) -> str:
         """Execute each command and check that it succeeds."""
         output = ""

From 90469965436d93465080d551e2e251ff291cec1d Mon Sep 17 00:00:00 2001
From: Patrick Hilhorst <git@hilhorst.be>
Date: Wed, 2 Jun 2021 14:49:59 +0200
Subject: [PATCH 101/126] nixos/tests/test-driver: document shell_interact

(cherry picked from commit 9469433e341f7337308468bb4b9ccfff84b2951b)
---
 nixos/doc/manual/development/writing-nixos-tests.xml | 11 +++++++++++
 nixos/lib/test-driver/test-driver.py                 |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml
index 5a95436915f..c29f2b01064 100644
--- a/nixos/doc/manual/development/writing-nixos-tests.xml
+++ b/nixos/doc/manual/development/writing-nixos-tests.xml
@@ -436,6 +436,17 @@ machine.systemctl("list-jobs --no-pager", "any-user") # spawns a shell for `any-
      </para>
     </listitem>
    </varlistentry>
+   <varlistentry>
+    <term>
+     <methodname>shell_interact</methodname>
+    </term>
+    <listitem>
+     <para>
+      Allows you to directly interact with the guest shell.
+      This should only be used during test development, not in production tests.
+     </para>
+    </listitem>
+   </varlistentry>
   </variablelist>
  </para>
 
diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py
index 90ae2e558ef..6669c914f76 100644
--- a/nixos/lib/test-driver/test-driver.py
+++ b/nixos/lib/test-driver/test-driver.py
@@ -459,7 +459,7 @@ class Machine:
     def shell_interact(self) -> None:
         """Allows you to interact with the guest shell
 
-        Should only be used during testing, not in the production test."""
+        Should only be used during test development, not in the production test."""
         self.connect()
         telnet = telnetlib.Telnet()
         telnet.sock = self.shell  # type: ignore

From 5ed752dd354b38d7c99e827fc24058158c246798 Mon Sep 17 00:00:00 2001
From: Patrick Hilhorst <git@hilhorst.be>
Date: Wed, 2 Jun 2021 14:58:51 +0200
Subject: [PATCH 102/126] nixos/tests/test-driver: mention drawback

(cherry picked from commit 287144273162acd869f514f7770a3daae4649d37)
---
 nixos/doc/manual/development/writing-nixos-tests.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/doc/manual/development/writing-nixos-tests.xml b/nixos/doc/manual/development/writing-nixos-tests.xml
index c29f2b01064..32321deeddf 100644
--- a/nixos/doc/manual/development/writing-nixos-tests.xml
+++ b/nixos/doc/manual/development/writing-nixos-tests.xml
@@ -444,6 +444,7 @@ machine.systemctl("list-jobs --no-pager", "any-user") # spawns a shell for `any-
      <para>
       Allows you to directly interact with the guest shell.
       This should only be used during test development, not in production tests.
+      Killing the interactive session with <literal>Ctrl-d</literal> or <literal>Ctrl-c</literal> also ends the guest session.
      </para>
     </listitem>
    </varlistentry>

From 9452c8fb4b993823b32e45b3687fa26ab744c37e Mon Sep 17 00:00:00 2001
From: Patrick Hilhorst <git@hilhorst.be>
Date: Thu, 3 Jun 2021 11:20:26 +0200
Subject: [PATCH 103/126] nixos/tests/test-driver: make it clear when shell is
 ready
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Domen Kožar <domen@enlambda.com>
(cherry picked from commit fd739c4dee12fbe57199f73c44ec22db2355028e)
---
 nixos/lib/test-driver/test-driver.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/lib/test-driver/test-driver.py b/nixos/lib/test-driver/test-driver.py
index 6669c914f76..fd5b91e6e4d 100644
--- a/nixos/lib/test-driver/test-driver.py
+++ b/nixos/lib/test-driver/test-driver.py
@@ -461,6 +461,7 @@ class Machine:
 
         Should only be used during test development, not in the production test."""
         self.connect()
+        self.log("Terminal is ready (there is no prompt):")
         telnet = telnetlib.Telnet()
         telnet.sock = self.shell  # type: ignore
         telnet.interact()

From 8cb2ce0f524a0aa4117b512e7b9953d4b67fcebc Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Sat, 22 May 2021 18:16:42 -0400
Subject: [PATCH 104/126] iso-image: Force gfxmode

https://www.gnu.org/software/grub/manual/grub/html_node/gfxmode.html
(cherry picked from commit f93f0e72e9ef423ed591951030f08cafd209e637)
---
 nixos/modules/installer/cd-dvd/iso-image.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index 324b38070e4..3f5ac8a5113 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -185,6 +185,19 @@ let
     insmod gfxterm
     insmod png
     set gfxpayload=keep
+    set gfxmode=${concatStringsSep "," [
+      # GRUB will use the first valid mode listed here.
+      # `auto` will sometimes choose the smallest valid mode it detects.
+      # So instead we'll list a lot of possibly valid modes :/
+      #"3840x2160"
+      #"2560x1440"
+      "1920x1080"
+      "1366x768"
+      "1280x720"
+      "1024x768"
+      "800x600"
+      "auto"
+    ]}
 
     # Fonts can be loaded?
     # (This font is assumed to always be provided as a fallback by NixOS)

From 190f44da283bb614abb20ea38ee3f6994899324b Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Sat, 22 May 2021 18:38:31 -0400
Subject: [PATCH 105/126] iso-image: change date on all files

It may be that in some conditions dates earlier than 1980 on FAT on GRUB
2.06~ish will cause failures

https://github.com/NixOS/nixpkgs/issues/123376#issuecomment-845515035
(cherry picked from commit 15eaed0718515db3f2fa7d4ed71676e6069d3fb5)
---
 nixos/modules/installer/cd-dvd/iso-image.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index 3f5ac8a5113..be5db40e537 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -416,7 +416,9 @@ let
       mkdir ./boot
       cp -p "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}" \
         "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}" ./boot/
-      touch --date=@0 ./EFI ./boot
+
+      # Rewrite dates for everything in the FS
+      find . -exec touch --date=2000-01-01 {} +
 
       usage_size=$(du -sb --apparent-size . | tr -cd '[:digit:]')
       # Make the image 110% as big as the files need to make up for FAT overhead

From 2f5e4928c0601a3da974f8fb5913806f0834ea26 Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Sat, 22 May 2021 17:07:36 -0400
Subject: [PATCH 106/126] =?UTF-8?q?iso-image:=20unqualified=20root=20?=
 =?UTF-8?q?=E2=86=92=20($root)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This technically changes nothing. In practice `$root` is always the
"CWD", whether searched for automatically or not.

But this serves to announce we are relying on `$root`... I guess...

(cherry picked from commit c9bb054dd68964b0eb9a38c51bdf824bfb212fc7)
---
 nixos/modules/installer/cd-dvd/iso-image.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index be5db40e537..321a03a0f0c 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -201,7 +201,7 @@ let
 
     # Fonts can be loaded?
     # (This font is assumed to always be provided as a fallback by NixOS)
-    if loadfont /EFI/boot/unicode.pf2; then
+    if loadfont (\$root)/EFI/boot/unicode.pf2; then
       set with_fonts=true
     fi
     if [ "\$textmode" != "true" -a "\$with_fonts" == "true" ]; then
@@ -225,11 +225,11 @@ let
     ${ # When there is a theme configured, use it, otherwise use the background image.
     if config.isoImage.grubTheme != null then ''
       # Sets theme.
-      set theme=/EFI/boot/grub-theme/theme.txt
+      set theme=(\$root)/EFI/boot/grub-theme/theme.txt
       # Load theme fonts
-      $(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont /EFI/boot/grub-theme/%P\n")
+      $(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont (\$root)/EFI/boot/grub-theme/%P\n")
     '' else ''
-      if background_image /EFI/boot/efi-background.png; then
+      if background_image (\$root)/EFI/boot/efi-background.png; then
         # Black background means transparent background when there
         # is a background image set... This seems undocumented :(
         set color_normal=black/black
@@ -307,12 +307,12 @@ let
     ${grubMenuCfg}
 
     hiddenentry 'Text mode' --hotkey 't' {
-      loadfont /EFI/boot/unicode.pf2
+      loadfont (\$root)/EFI/boot/unicode.pf2
       set textmode=true
       terminal_output gfxterm console
     }
     hiddenentry 'GUI mode' --hotkey 'g' {
-      $(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont /EFI/boot/grub-theme/%P\n")
+      $(find ${config.isoImage.grubTheme} -iname '*.pf2' -printf "loadfont (\$root)/EFI/boot/grub-theme/%P\n")
       set textmode=false
       terminal_output gfxterm
     }

From 7953561a9d080fafca989336c31a1c2aa5a0e776 Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Sat, 22 May 2021 20:01:07 -0400
Subject: [PATCH 107/126] iso-image: Improve disk detection

This should help in rare hardware-specific situations where the root is
not automatically detected properly.

We search using a marker file. This should help some weird UEFI setups
where the root is set to `(hd0,msdos2)` by default.

Defaulting to `(hd0)` by looking for the ESP **will break themeing**. It
is unclear why, but files in `(hd0,msdos2)` are not all present as they
should be.

This also fixes an issue introduced with cb5c4fcd3c5d4070f040d591b2dd1da580f234d1
where rEFInd stopped booting in many cases. This is because it ended up
using (hd0) rather than using the `search` which was happening
beforehand, which in turn uses (hd0,msdos2), which is the ESP.
Putting back the `search` here fixes that.

(cherry picked from commit 20b023b5ea63a6513a4dce7f162736a00bce5cc8)
---
 nixos/modules/installer/cd-dvd/iso-image.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index 321a03a0f0c..c2836b5a9a1 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -182,6 +182,9 @@ let
     # Menu configuration
     #
 
+    # Search using a "marker file"
+    search --set=root --file /EFI/nixos-installer-image
+
     insmod gfxterm
     insmod png
     set gfxpayload=keep
@@ -252,6 +255,9 @@ let
   } ''
     mkdir -p $out/EFI/boot/
 
+    # Add a marker so GRUB can find the filesystem.
+    touch $out/EFI/nixos-installer-image
+
     # ALWAYS required modules.
     MODULES="fat iso9660 part_gpt part_msdos \
              normal boot linux configfile loopback chain halt \
@@ -383,8 +389,10 @@ let
     ${lib.optionalString (refindBinary != null) ''
     # GRUB apparently cannot do "chainloader" operations on "CD".
     if [ "\$root" != "cd0" ]; then
+      # Force root to be the FAT partition
+      # Otherwise it breaks rEFInd's boot
+      search --set=root --no-floppy --fs-uuid 1234-5678
       menuentry 'rEFInd' --class refind {
-        # \$root defaults to the drive the EFI is found on.
         chainloader (\$root)/EFI/boot/${refindBinary}
       }
     fi

From b78bd862e3cc489cb65bc2a1d626747c7c0aedd9 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Tue, 1 Jun 2021 10:15:55 -0700
Subject: [PATCH 108/126] nixUnstable: 2.4pre20210503_6d2553a ->
 2.4pre20210601_5985b8b5

(cherry picked from commit f7fe3008d106b8b8834a4f64868ae386a9b26e08)
---
 pkgs/tools/package-management/nix/default.nix | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix
index 159fc5b39c1..29a418f3c85 100644
--- a/pkgs/tools/package-management/nix/default.nix
+++ b/pkgs/tools/package-management/nix/default.nix
@@ -119,9 +119,12 @@ common =
         [ "--with-store-dir=${storeDir}"
           "--localstatedir=${stateDir}"
           "--sysconfdir=${confDir}"
-          "--disable-init-state"
           "--enable-gc"
         ]
+        ++ lib.optionals (!is24) [
+          # option was removed in 2.4
+          "--disable-init-state"
+        ]
         ++ lib.optionals stdenv.isLinux [
           "--with-sandbox-shell=${sh}/bin/busybox"
         ]
@@ -208,23 +211,17 @@ in rec {
   nixUnstable = lib.lowPrio (callPackage common rec {
     pname = "nix";
     version = "2.4${suffix}";
-    suffix = "pre20210503_6d2553a";
+    suffix = "pre20210601_5985b8b";
 
     src = fetchFromGitHub {
       owner = "NixOS";
       repo = "nix";
-      rev = "6d2553ae1496288554e871c530836428f405fd67";
-      sha256 = "sha256-YeSeyOKhBAXHlkzo4mwYr8QIjIP9AgdpJ7YdhqOO2CA=";
+      rev = "5985b8b5275605ddd5e92e2f0a7a9f494ac6e35d";
+      sha256 = "sha256-2So7ZsD8QJlOXCYqdoj8naNgBw6O4Vw1MM2ORsaqlXc=";
     };
 
     inherit storeDir stateDir confDir boehmgc;
 
-    patches = [
-      (fetchpatch {
-        url = "https://github.com/NixOS/nix/commit/8c7e043de2f673bc355d83f1e873baa93f30be62.patch";
-        sha256 = "sha256-aTcUnZXheewnyCT7yQKnTqQDKS2uDoN9plMQgxJH8Ag=";
-      })
-    ];
   });
 
 }

From 592df52aa1537460064b5176b3fe5c01db10fe6d Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Wed, 2 Jun 2021 10:03:53 -0700
Subject: [PATCH 109/126] nix: 2.3.11 -> 2.3.12

(cherry picked from commit ff50095bd4121f35e1ca73b4df68912db1bff2a4)
---
 pkgs/tools/package-management/nix/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix
index 29a418f3c85..598d43bb840 100644
--- a/pkgs/tools/package-management/nix/default.nix
+++ b/pkgs/tools/package-management/nix/default.nix
@@ -199,10 +199,10 @@ in rec {
 
   nixStable = callPackage common (rec {
     pname = "nix";
-    version = "2.3.11";
+    version = "2.3.12";
     src = fetchurl {
       url = "https://nixos.org/releases/nix/${pname}-${version}/${pname}-${version}.tar.xz";
-      sha256 = "89a8d7995305a78b1561e6670bbf1879c791fc4904eb094bc4f180775a61c128";
+      sha256 = "sha256-ITp9ScRhB5syNh5NAI0kjX9o400syTR/Oo/5Ap+a+10=";
     };
 
     inherit storeDir stateDir confDir boehmgc;

From 3b96c770a82c9e8cd4f7435d78d79852b46ba32d Mon Sep 17 00:00:00 2001
From: "Ricardo M. Correia" <rcorreia@wizy.org>
Date: Thu, 3 Jun 2021 00:20:26 +0200
Subject: [PATCH 110/126] libraspberrypi: fix URL

(cherry picked from commit 3915d2fd27e2d8a62cff752bd1e4146317c76f31)
---
 pkgs/development/libraries/libraspberrypi/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/libraspberrypi/default.nix b/pkgs/development/libraries/libraspberrypi/default.nix
index 8ffe8f488b2..8a8f41981aa 100644
--- a/pkgs/development/libraries/libraspberrypi/default.nix
+++ b/pkgs/development/libraries/libraspberrypi/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
   patches = [
     (fetchpatch {
       # https://github.com/raspberrypi/userland/pull/670
-      url = "https://github.com/raspberrypi/userland/pull/670/commits/37cb44f314ab1209fe2a0a2449ef78893b1e5f62.patch";
+      url = "https://github.com/raspberrypi/userland/commit/37cb44f314ab1209fe2a0a2449ef78893b1e5f62.patch";
       sha256 = "1fbrbkpc4cc010ji8z4ll63g17n6jl67kdy62m74bhlxn72gg9rw";
     })
   ];

From 282a4d554e2cc45086151a51a1f8e66cf0b7ad62 Mon Sep 17 00:00:00 2001
From: Maxine Aubrey <maxeaubrey@gmail.com>
Date: Mon, 31 May 2021 18:41:25 +0200
Subject: [PATCH 111/126] samba: add missing python dependencies for ldap and
 domain controller

(cherry picked from commit b760ab8cfbac9894b8b8e472c2810f8d4ea60b91)
---
 pkgs/servers/samba/4.x.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix
index 7beaeb20943..3ae30699546 100644
--- a/pkgs/servers/samba/4.x.nix
+++ b/pkgs/servers/samba/4.x.nix
@@ -26,6 +26,7 @@
 , tdb
 , cmocka
 , rpcsvc-proto
+, python3Packages
 , nixosTests
 
 , enableLDAP ? false, openldap
@@ -91,10 +92,10 @@ stdenv.mkDerivation rec {
     libtasn1
     tdb
   ] ++ optionals stdenv.isLinux [ liburing systemd ]
-    ++ optional enableLDAP openldap
+    ++ optionals enableLDAP [ openldap.dev python3Packages.markdown ]
     ++ optional (enablePrinting && stdenv.isLinux) cups
     ++ optional enableMDNS avahi
-    ++ optionals enableDomainController [ gpgme lmdb ]
+    ++ optionals enableDomainController [ gpgme lmdb python3Packages.dnspython ]
     ++ optional enableRegedit ncurses
     ++ optional (enableCephFS && stdenv.isLinux) libceph
     ++ optionals (enableGlusterFS && stdenv.isLinux) [ glusterfs libuuid ]

From 58bf12dbbf03aaa74ade3162e924eb40d464d9d5 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 3 Jun 2021 04:34:04 +0200
Subject: [PATCH 112/126] samba4Full: disable glusterfs support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The samba package was marked as broken, when enableGlusterFS is true.

The samba build with glusterfs fails due to API breakage that I am
unable to debug:

[3562/4088] Compiling source3/modules/vfs_virusfilter.c
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_pread’:
../../source3/modules/vfs_glusterfs.c:856:8: error: too few arguments to function ‘glfs_pread’
  856 |  ret = glfs_pread(glfd, data, n, offset, 0);
      |        ^~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:713:1: note: declared here
  713 | glfs_pread(glfs_fd_t *fd, void *buf, size_t count, off_t offset, int flags,
      | ^~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_pread_do’:
../../source3/modules/vfs_glusterfs.c:938:16: error: too few arguments to function ‘glfs_pread’
  938 |   state->ret = glfs_pread(state->fd, state->buf, state->count,
      |                ^~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:713:1: note: declared here
  713 | glfs_pread(glfs_fd_t *fd, void *buf, size_t count, off_t offset, int flags,
      | ^~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_pwrite_do’:
../../source3/modules/vfs_glusterfs.c:1077:16: error: too few arguments to function ‘glfs_pwrite’
 1077 |   state->ret = glfs_pwrite(state->fd, state->buf, state->count,
      |                ^~~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:717:1: note: declared here
  717 | glfs_pwrite(glfs_fd_t *fd, const void *buf, size_t count, off_t offset,
      | ^~~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_pwrite’:
../../source3/modules/vfs_glusterfs.c:1161:8: error: too few arguments to function ‘glfs_pwrite’
 1161 |  ret = glfs_pwrite(glfd, data, n, offset, 0);
      |        ^~~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:717:1: note: declared here
  717 | glfs_pwrite(glfs_fd_t *fd, const void *buf, size_t count, off_t offset,
      | ^~~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_fsync_do’:
../../source3/modules/vfs_glusterfs.c:1287:16: error: too few arguments to function ‘glfs_fsync’
 1287 |   state->ret = glfs_fsync(state->fd);
      |                ^~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:790:1: note: declared here
  790 | glfs_fsync(glfs_fd_t *fd, struct glfs_stat *prestat,
      | ^~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_ftruncate’:
../../source3/modules/vfs_glusterfs.c:1621:8: error: too few arguments to function ‘glfs_ftruncate’
 1621 |  ret = glfs_ftruncate(glfd, offset);
      |        ^~~~~~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:768:1: note: declared here
  768 | glfs_ftruncate(glfs_fd_t *fd, off_t length, struct glfs_stat *prestat,
      | ^~~~~~~~~~~~~~

../../source3/modules/vfs_virusfilter.c: In function ‘quarantine_create_dir’:
../../source3/modules/vfs_virusfilter.c:132:13: warning: implicit declaration of function ‘strlcat’; did you mean ‘strncat’? [-Wimplicit-function-declaration]
  132 |   cat_len = strlcat(new_dir, "/", len + 1);
      |             ^~~~~~~
      |             strncat

Waf: Leaving directory `/build/samba-4.14.4/bin/default'
Build failed
 -> task in 'vfs_glusterfs.objlist' failed with exit status 1 (run with -v to display more information)

(cherry picked from commit fac761a55ad4d6c6a8498c468ec7e5c43b984264)
---
 pkgs/top-level/all-packages.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 59ccdefe724..0fbbc9b5633 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -19680,7 +19680,6 @@ in
     enableDomainController = true;
     enableRegedit = true;
     enableCephFS = !pkgs.stdenv.hostPlatform.isAarch64;
-    enableGlusterFS = true;
   });
 
   sambaFull = samba4Full;

From 47f12a400265131705582c4f76ec64260eabfbd2 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 3 Jun 2021 23:41:07 +0200
Subject: [PATCH 113/126] python3Packages.click-option-group: init at 0.5.3

(cherry picked from commit c06b1086c0962a5909432c5b9590fc510926802a)
---
 .../click-option-group/default.nix            | 47 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 +
 2 files changed, 49 insertions(+)
 create mode 100644 pkgs/development/python-modules/click-option-group/default.nix

diff --git a/pkgs/development/python-modules/click-option-group/default.nix b/pkgs/development/python-modules/click-option-group/default.nix
new file mode 100644
index 00000000000..cf39ba80845
--- /dev/null
+++ b/pkgs/development/python-modules/click-option-group/default.nix
@@ -0,0 +1,47 @@
+{ lib
+, buildPythonPackage
+, pythonOlder
+, fetchFromGitHub
+, click
+, pytestCheckHook
+}:
+
+buildPythonPackage rec {
+  pname = "click-option-group";
+  version = "0.5.3";
+  format = "setuptools";
+  disabled = pythonOlder "3.6";
+
+  src = fetchFromGitHub {
+    owner = "click-contrib";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "1w0692s8fabncpggpwl2d4dfqjjlmcia271rrb8hcz0r6nvw98ak";
+  };
+
+  propagatedBuildInputs = [
+    click
+  ];
+
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "click_option_group"
+  ];
+
+  meta = with lib; {
+    description = "Option groups missing in Click";
+    longDescription = ''
+      Option groups are convenient mechanism for logical structuring
+      CLI, also it allows you to set the specific behavior and set the
+      relationship among grouped options (mutually exclusive options
+      for example). Moreover, argparse stdlib package contains this
+      functionality out of the box.
+    '';
+    homepage = "https://github.com/click-contrib/click-option-group";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ hexa ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index e562c64b5ff..20a970ec6b4 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1411,6 +1411,8 @@ in {
 
   click-log = callPackage ../development/python-modules/click-log { };
 
+  click-option-group = callPackage ../development/python-modules/click-option-group { };
+
   click-plugins = callPackage ../development/python-modules/click-plugins { };
 
   click-spinner = callPackage ../development/python-modules/click-spinner { };

From 4827d347cc132933ab5a72b9e2a6e007fb4ef48d Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 3 Jun 2021 23:58:49 +0200
Subject: [PATCH 114/126] matrix-synapse.tools.synadm: init at 0.29

(cherry picked from commit 7efe82966df83ed82938912c4ecdf705ed49be4a)
---
 pkgs/servers/matrix-synapse/tools/default.nix |  2 +
 pkgs/servers/matrix-synapse/tools/synadm.nix  | 41 +++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 pkgs/servers/matrix-synapse/tools/synadm.nix

diff --git a/pkgs/servers/matrix-synapse/tools/default.nix b/pkgs/servers/matrix-synapse/tools/default.nix
index 43667f9e16d..defc35bc0e0 100644
--- a/pkgs/servers/matrix-synapse/tools/default.nix
+++ b/pkgs/servers/matrix-synapse/tools/default.nix
@@ -1,4 +1,6 @@
 { callPackage }:
 {
   rust-synapse-compress-state = callPackage ./rust-synapse-compress-state.nix { };
+
+  synadm = callPackage ./synadm.nix { };
 }
diff --git a/pkgs/servers/matrix-synapse/tools/synadm.nix b/pkgs/servers/matrix-synapse/tools/synadm.nix
new file mode 100644
index 00000000000..b9a0ff3acd9
--- /dev/null
+++ b/pkgs/servers/matrix-synapse/tools/synadm.nix
@@ -0,0 +1,41 @@
+{ lib
+, python3Packages
+}:
+
+with python3Packages; buildPythonApplication rec {
+  pname = "synadm";
+  version = "0.29";
+  format = "setuptools";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1vy30nwsns4jnv0s5i9jpyplxpclgwyw0gldpywv4z3fljs0lzik";
+  };
+
+  propagatedBuildInputs = [
+    click
+    click-option-group
+    tabulate
+    pyyaml
+    requests
+  ];
+
+  checkPhase = ''
+    runHook preCheck
+    export HOME=$TMPDIR
+    $out/bin/synadm -h > /dev/null
+    runHook postCheck
+  '';
+
+  meta = with lib; {
+    description = "Command line admin tool for Synapse";
+    longDescription = ''
+      A CLI tool to help admins of Matrix Synapse homeservers
+      conveniently issue commands available via its admin API's
+      (matrix-org/synapse@master/docs/admin_api)
+    '';
+    homepage = "https://github.com/JOJ0/synadm";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ hexa ];
+  };
+}

From 715c85757b1c87a87744f1b514d1051d89b07a2a Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 3 Jun 2021 21:28:49 +0200
Subject: [PATCH 115/126] polkit: Fix local privilege escalation vulnerability

Fixes a local privilege escalation using polkit_system_bus_name_get_creds_sync()

Fixes: CVE-2021-3560
(cherry picked from commit 26ac1d5db953292d78f0585dd8baccd9a36a44a4)
---
 pkgs/development/libraries/polkit/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix
index 7f0ad5acdce..bc7f7e80d9c 100644
--- a/pkgs/development/libraries/polkit/default.nix
+++ b/pkgs/development/libraries/polkit/default.nix
@@ -34,6 +34,13 @@ stdenv.mkDerivation rec {
       url = "https://gitlab.freedesktop.org/polkit/polkit/commit/5dd4e22efd05d55833c4634b56e473812b5acbf2.patch";
       sha256 = "17lv7xj5ksa27iv4zpm4zwd4iy8zbwjj4ximslfq3sasiz9kxhlp";
     })
+    (fetchpatch {
+      # https://www.openwall.com/lists/oss-security/2021/06/03/1
+      # https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/79
+      name = "CVE-2021-3560.patch";
+      url = "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81.patch";
+      sha256 = "157ddsizgr290jsb8fpafrc37gc1qw5pdvl351vnn3pzhqs7n6f4";
+    })
   ] ++ lib.optionals stdenv.hostPlatform.isMusl [
     # Make netgroup support optional (musl does not have it)
     # Upstream MR: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10

From 1de618903eb5fa9aace4aabf58fc25a730584fe1 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Thu, 3 Jun 2021 10:16:12 -0700
Subject: [PATCH 116/126] tdesktop: 2.7.4 -> 2.7.5

(cherry picked from commit be72f6a7ce5f2cefbfc7ade175669494e65c3d8a)
---
 .../telegram/tdesktop/default.nix             | 22 ++++++++++++-------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
index 372c00196a2..ae2da30fd00 100644
--- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
@@ -20,27 +20,33 @@ with lib;
 
 let
   tg_owt = callPackage ./tg_owt.nix {};
-  webviewPatch = fetchpatch {
-    url = "https://raw.githubusercontent.com/archlinux/svntogit-community/013eff77a13b6c2629a04e07a4d09dbe60c8ca48/trunk/fix-webview-includes.patch";
-    sha256 = "0112zaysf3f02dd4bgqc5hwg66h1bfj8r4yjzb06sfi0pl9vl96l";
-  };
-
 in mkDerivation rec {
   pname = "telegram-desktop";
-  version = "2.7.4";
+  version = "2.7.5";
 
   # Telegram-Desktop with submodules
   src = fetchurl {
     url = "https://github.com/telegramdesktop/tdesktop/releases/download/v${version}/tdesktop-${version}-full.tar.gz";
-    sha256 = "1cigqvxa8lp79y7sp2w2izmmikxaxzrq9bh5ns3cy16z985nyllp";
+    sha256 = "sha256-9GxBw5ii9Musjq7D3KMf/P5BA4h690EgXRbhynHwO98=";
   };
 
+  patches = [
+    # fixes issue with ffmpeg>=4.4 crashes, hasn't been upstreamed yet
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/gentoo/gentoo/1c91884873968997be4b0c954169d04dc839f1db/net-im/telegram-desktop/files/tdesktop-2.7.4-voice-crash.patch";
+      sha256 = "sha256-inLXcP70yJlkkmdeXlc3HRL7Vt+Sf00LLJG33gwBKdY=";
+    })
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/gentoo/gentoo/1c91884873968997be4b0c954169d04dc839f1db/net-im/telegram-desktop/files/tdesktop-2.7.4-voice-ffmpeg44.patch";
+      sha256 = "sha256-p57LipNf7BDhVvNKRuicVqx0vU6IBL/Cvr5BAfLF4Hs=";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace Telegram/lib_spellcheck/spellcheck/platform/linux/linux_enchant.cpp \
       --replace '"libenchant-2.so.2"' '"${enchant2}/lib/libenchant-2.so.2"'
     substituteInPlace Telegram/CMakeLists.txt \
       --replace '"''${TDESKTOP_LAUNCHER_BASENAME}.appdata.xml"' '"''${TDESKTOP_LAUNCHER_BASENAME}.metainfo.xml"'
-    patch -d Telegram/lib_webview -p1 < "${webviewPatch}"
   '';
 
   # We want to run wrapProgram manually (with additional parameters)

From d0db00124436d8791a03b6c399687f82d17c3642 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Thu, 3 Jun 2021 13:39:15 -0700
Subject: [PATCH 117/126] tdesktop: add optional dependencies

(cherry picked from commit fa3517c57a831f56fdb5c60f573ac1c70d5f16eb)
---
 .../instant-messengers/telegram/tdesktop/default.nix      | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
index ae2da30fd00..27af9698788 100644
--- a/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/telegram/tdesktop/default.nix
@@ -2,11 +2,11 @@
 , pkg-config, cmake, ninja, python3, wrapGAppsHook, wrapQtAppsHook, removeReferencesTo
 , qtbase, qtimageformats, gtk3, libsForQt5, enchant2, lz4, xxHash
 , dee, ffmpeg, openalSoft, minizip, libopus, alsaLib, libpulseaudio, range-v3
-, tl-expected, hunspell, glibmm, webkitgtk
+, tl-expected, hunspell, glibmm, webkitgtk, libtgvoip
 # Transitive dependencies:
 , pcre, xorg, util-linux, libselinux, libsepol, epoxy
 , at-spi2-core, libXtst, libthai, libdatrie
-, xdg-utils
+, xdg-utils, libsysprof-capture, libpsl, brotli
 }:
 
 with lib;
@@ -59,10 +59,10 @@ in mkDerivation rec {
     qtbase qtimageformats gtk3 libsForQt5.kwayland libsForQt5.libdbusmenu enchant2 lz4 xxHash
     dee ffmpeg openalSoft minizip libopus alsaLib libpulseaudio range-v3
     tl-expected hunspell glibmm webkitgtk
-    tg_owt
+    tg_owt libtgvoip
     # Transitive dependencies:
     pcre xorg.libpthreadstubs xorg.libXdmcp util-linux libselinux libsepol epoxy
-    at-spi2-core libXtst libthai libdatrie
+    at-spi2-core libXtst libthai libdatrie libsysprof-capture libpsl brotli
   ];
 
   cmakeFlags = [

From 4c2e84394c0f372c019e941e95d6fbe21835719b Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Thu, 3 Jun 2021 13:57:25 -0700
Subject: [PATCH 118/126] linuxPackages.ati_drivers_x11: move to alias set

(cherry picked from commit 095e6fdd126c91f3196bf19cbbc5caf8d6c292a9)
---
 pkgs/top-level/all-packages.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 0fbbc9b5633..4d9fbbfbed6 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -20502,8 +20502,6 @@ in
 
     bbswitch = callPackage ../os-specific/linux/bbswitch {};
 
-    ati_drivers_x11 = throw "ati drivers are no longer supported by any kernel >=4.1"; # added 2021-05-18
-
     chipsec = callPackage ../tools/security/chipsec {
       inherit kernel;
       withDriver = true;
@@ -20675,6 +20673,9 @@ in
     zfs = zfsStable;
 
     can-isotp = callPackage ../os-specific/linux/can-isotp { };
+  } // lib.optionalAttrs (config.allowAliases or false) {
+    # aliases or removed packages
+    ati_drivers_x11 = throw "ati drivers are no longer supported by any kernel >=4.1"; # added 2021-05-18
   });
 
   # The current default kernel / kernel modules.

From b5cec505c110fdc4a100a31b9485e77758c8be6d Mon Sep 17 00:00:00 2001
From: Sumner Evans <me@sumnerevans.com>
Date: Thu, 3 Jun 2021 11:06:47 -0600
Subject: [PATCH 119/126] matrix-synapse: 1.35.0 -> 1.35.1

(cherry picked from commit 10cbea574d4882a8b58b74fd594ae55c64540797)
---
 pkgs/servers/matrix-synapse/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix
index 0141d6eb7a2..0fce9981967 100644
--- a/pkgs/servers/matrix-synapse/default.nix
+++ b/pkgs/servers/matrix-synapse/default.nix
@@ -12,11 +12,11 @@ let
 in
 buildPythonApplication rec {
   pname = "matrix-synapse";
-  version = "1.35.0";
+  version = "1.35.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-McgLJoOS8h8C7mcbLaF0hiMkfthpDRUKyB5Effzk2ds=";
+    sha256 = "sha256-MJ3RG60rWbcfQxhj34k99AFg8TsPd3ECEw/x2+xU1js=";
   };
 
   patches = [

From 19f959fccb132f790e3741795eb8a0524c8c3560 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <andersk@mit.edu>
Date: Thu, 3 Jun 2021 10:13:48 -0700
Subject: [PATCH 120/126] nixos/release-notes: Fix link to GNOME 40 release
 notes

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
(cherry picked from commit a681951902631d20e439fc60f53100967ba1cc72)
---
 nixos/doc/manual/release-notes/rl-2105.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 78338f51a0a..124ede12726 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -56,7 +56,7 @@
     <itemizedlist>
      <listitem>
       <para>
-        Gnome: 3.36 -> 3.40, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.40/">release notes</link>
+        GNOME: 3.36 -> 40, see its <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">release notes</link>
       </para>
      </listitem>
      <listitem>

From 96882387e589691d389fffc24a01410c05b60e36 Mon Sep 17 00:00:00 2001
From: fortuneteller2k <lythe1107@gmail.com>
Date: Wed, 2 Jun 2021 23:33:27 +0800
Subject: [PATCH 121/126] win-spice: say yes to all 7z dialogs

(cherry picked from commit 0c245a39a9ab4eb0ed98892645ae5d726ee8c50c)
---
 .../virtualization/driver/win-spice/default.nix        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/applications/virtualization/driver/win-spice/default.nix b/pkgs/applications/virtualization/driver/win-spice/default.nix
index ba823fa2a41..67ba9b74fbb 100644
--- a/pkgs/applications/virtualization/driver/win-spice/default.nix
+++ b/pkgs/applications/virtualization/driver/win-spice/default.nix
@@ -36,15 +36,15 @@ stdenv.mkDerivation  {
 
   buildPhase = ''
     mkdir -p usbdk/x86 usbdk/amd64
-    (cd usbdk/x86; ${p7zip}/bin/7z x ${src_usbdk_x86})
-    (cd usbdk/amd64; ${p7zip}/bin/7z x ${src_usbdk_amd64})
+    (cd usbdk/x86; ${p7zip}/bin/7z x -y ${src_usbdk_x86})
+    (cd usbdk/amd64; ${p7zip}/bin/7z x -y ${src_usbdk_amd64})
 
     mkdir -p vdagent/x86 vdagent/amd64
-    (cd vdagent/x86; ${p7zip}/bin/7z x ${src_vdagent_x86}; mv vdagent_0_7_3_x86/* .; rm -r vdagent_0_7_3_x86)
-    (cd vdagent/amd64; ${p7zip}/bin/7z x ${src_vdagent_amd64}; mv vdagent_0_7_3_x64/* .; rm -r vdagent_0_7_3_x64)
+    (cd vdagent/x86; ${p7zip}/bin/7z x -y ${src_vdagent_x86}; mv vdagent_0_7_3_x86/* .; rm -r vdagent_0_7_3_x86)
+    (cd vdagent/amd64; ${p7zip}/bin/7z x -y ${src_vdagent_amd64}; mv vdagent_0_7_3_x64/* .; rm -r vdagent_0_7_3_x64)
 
     mkdir -p qxlwddm
-    (cd qxlwddm; ${p7zip}/bin/7z x ${src_qxlwddm}; mv Win8 w8.1; cd w8.1; mv x64 amd64)
+    (cd qxlwddm; ${p7zip}/bin/7z x -y ${src_qxlwddm}; mv Win8 w8.1; cd w8.1; mv x64 amd64)
     '';
 
   installPhase =

From 467ae337e8b51c1cd42898bca8e1fc885c37b692 Mon Sep 17 00:00:00 2001
From: "Zak B. Elep" <zakame@zakame.net>
Date: Fri, 4 Jun 2021 13:36:16 +0800
Subject: [PATCH 122/126] perlPackages.Mojolicious: 9.17 -> 9.19

(cherry picked from commit 15f6e4ed3b734d00066e5a1401e45f554fc9c7bd)
---
 pkgs/top-level/perl-packages.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index 7bcdf6190c8..7b0c8b5fe9a 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -13677,10 +13677,10 @@ let
 
   Mojolicious = buildPerlPackage {
     pname = "Mojolicious";
-    version = "9.17";
+    version = "9.19";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/S/SR/SRI/Mojolicious-9.17.tar.gz";
-      sha256 = "13dxjhr03dhh1f5bbxbb3jiwdv7jby96qqb97l3arf5x043yd9hd";
+      url = "mirror://cpan/authors/id/S/SR/SRI/Mojolicious-9.19.tar.gz";
+      sha256 = "15qs99sl3ckzqwpqk4kawhamdm6160bzxyikf3blym4fn1k6s1a5";
     };
     meta = {
       homepage = "https://mojolicious.org";

From f52ff6ed96bc35418643a63fed483cbe4a03a56a Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 3 Jun 2021 22:36:30 +0200
Subject: [PATCH 123/126] arion: 0.1.2.0 -> 0.1.3.0

---
 .../virtualization/arion/arion-compose.nix    | 27 +++++++++++++++++++
 .../haskell-modules/non-hackage-packages.nix  | 12 +++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 pkgs/applications/virtualization/arion/arion-compose.nix

diff --git a/pkgs/applications/virtualization/arion/arion-compose.nix b/pkgs/applications/virtualization/arion/arion-compose.nix
new file mode 100644
index 00000000000..d36425f9250
--- /dev/null
+++ b/pkgs/applications/virtualization/arion/arion-compose.nix
@@ -0,0 +1,27 @@
+{ mkDerivation, aeson, aeson-pretty, async, base, bytestring
+, directory, hspec, lens, lens-aeson, lib, optparse-applicative
+, process, protolude, QuickCheck, temporary, text, unix
+}:
+mkDerivation {
+  pname = "arion-compose";
+  version = "0.1.3.0";
+  sha256 = "9e18448f8489303f0d9fee020ad1ceb896f4e71eedb537c0c0ef0f1f3ade80df";
+  isLibrary = true;
+  isExecutable = true;
+  enableSeparateDataOutput = true;
+  libraryHaskellDepends = [
+    aeson aeson-pretty async base bytestring directory lens lens-aeson
+    process protolude temporary text unix
+  ];
+  executableHaskellDepends = [
+    aeson aeson-pretty async base bytestring directory lens lens-aeson
+    optparse-applicative process protolude temporary text unix
+  ];
+  testHaskellDepends = [
+    aeson aeson-pretty async base bytestring directory hspec lens
+    lens-aeson process protolude QuickCheck temporary text unix
+  ];
+  homepage = "https://github.com/hercules-ci/arion#readme";
+  description = "Run docker-compose with help from Nix/NixOS";
+  license = lib.licenses.asl20;
+}
diff --git a/pkgs/development/haskell-modules/non-hackage-packages.nix b/pkgs/development/haskell-modules/non-hackage-packages.nix
index 1882d68f234..1e657d89a17 100644
--- a/pkgs/development/haskell-modules/non-hackage-packages.nix
+++ b/pkgs/development/haskell-modules/non-hackage-packages.nix
@@ -36,4 +36,16 @@ self: super: {
   # Unofficial fork until PRs are merged https://github.com/pcapriotti/optparse-applicative/pulls/roberth
   # cabal2nix --maintainer roberth https://github.com/hercules-ci/optparse-applicative.git > pkgs/development/misc/haskell/hercules-ci-optparse-applicative.nix
   hercules-ci-optparse-applicative = self.callPackage ../misc/haskell/hercules-ci-optparse-applicative.nix {};
+
+  #
+  # Backports
+  #
+
+  # This file overrides packages in `hackage-packages.nix`.
+
+  # Backport arion, to support Podman instead of Docker, for those who need NixOS-based containers.
+  # Generated with:
+  # nix-shell -I nixpkgs=$PWD -p cabal-install -p cabal2nix --run 'cabal update; cabal2nix cabal://arion-compose > pkgs/applications/virtualization/arion/arion-compose.nix'
+  arion-compose = self.callPackage ../../applications/virtualization/arion/arion-compose.nix {};
+
 }

From 619cf60d25d6b7852dcedc52e802ea04c0d95ff2 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Thu, 3 Jun 2021 12:37:48 +0200
Subject: [PATCH 124/126] nixos/rspamd-exporter: fix metrics

In 0.3.0 of the json-exporter[1] it was switched to a different jsonpath
library which made some changes - especially for spaces in keys -
necessary. Also I decided to remove the pretty-printed JSON as this
would interfere with the bash quoting too much. If one needs
pretty-printed output, they can still pipe the output to `jq`.

[1] https://github.com/prometheus-community/json_exporter/releases/tag/v0.3.0

(cherry picked from commit 976d668e5c5566c3e96b17d667830a0f3ed1bbb5)
---
 .../prometheus/exporters/rspamd.nix           | 36 +++++++++----------
 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix b/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
index d95e5ed9e83..994670a376e 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix
@@ -5,21 +5,19 @@ with lib;
 let
   cfg = config.services.prometheus.exporters.rspamd;
 
-  prettyJSON = conf:
-    pkgs.runCommand "rspamd-exporter-config.yml" { } ''
-      echo '${builtins.toJSON conf}' | ${pkgs.buildPackages.jq}/bin/jq '.' > $out
-    '';
+  mkFile = conf:
+    pkgs.writeText "rspamd-exporter-config.yml" (builtins.toJSON conf);
 
   generateConfig = extraLabels: {
     metrics = (map (path: {
-      name = "rspamd_${replaceStrings [ "." " " ] [ "_" "_" ] path}";
+      name = "rspamd_${replaceStrings [ "[" "." " " "]" "\\" "'" ] [ "_" "_" "_" "" "" "" ] path}";
       path = "{ .${path} }";
       labels = extraLabels;
     }) [
-      "actions.'add header'"
-      "actions.'no action'"
-      "actions.'rewrite subject'"
-      "actions.'soft reject'"
+      "actions['add\\ header']"
+      "actions['no\\ action']"
+      "actions['rewrite\\ subject']"
+      "actions['soft\\ reject']"
       "actions.greylist"
       "actions.reject"
       "bytes_allocated"
@@ -40,18 +38,18 @@ let
     ]) ++ [{
       name = "rspamd_statfiles";
       type = "object";
-      path = "$.statfiles[*]";
+      path = "{.statfiles[*]}";
       labels = recursiveUpdate {
-        symbol = "$.symbol";
-        type = "$.type";
+        symbol = "{.symbol}";
+        type = "{.type}";
       } extraLabels;
       values = {
-        revision = "$.revision";
-        size = "$.size";
-        total = "$.total";
-        used = "$.used";
-        languages = "$.languages";
-        users = "$.users";
+        revision = "{.revision}";
+        size = "{.size}";
+        total = "{.total}";
+        used = "{.used}";
+        languages = "{.languages}";
+        users = "{.users}";
       };
     }];
   };
@@ -76,7 +74,7 @@ in
   };
   serviceOpts.serviceConfig.ExecStart = ''
     ${pkgs.prometheus-json-exporter}/bin/json_exporter \
-      --config.file ${prettyJSON (generateConfig cfg.extraLabels)} \
+      --config.file ${mkFile (generateConfig cfg.extraLabels)} \
       --web.listen-address "${cfg.listenAddress}:${toString cfg.port}" \
       ${concatStringsSep " \\\n  " cfg.extraFlags}
   '';

From d7fbcd60a341bd86d3ff4c828ef92cc45da3f526 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Thu, 3 Jun 2021 13:01:11 +0200
Subject: [PATCH 125/126] nixos/dovecot-exporter: fix documentation for old
 stats

(cherry picked from commit 6fb847c55643780c1ba3a98c57ba57541ed33d14)
---
 .../monitoring/prometheus/exporters/dovecot.nix | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix b/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix
index aba3533e439..472652fe8a7 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix
@@ -35,13 +35,28 @@ in
         {
           <xref linkend="opt-services.prometheus.exporters.dovecot.enable" /> = true;
           <xref linkend="opt-services.prometheus.exporters.dovecot.socketPath" /> = "/var/run/dovecot2/old-stats";
+          <xref linkend="opt-services.dovecot2.mailPlugins.globally.enable" /> = [ "old_stats" ];
           <xref linkend="opt-services.dovecot2.extraConfig" /> = '''
-            mail_plugins = $mail_plugins old_stats
             service old-stats {
               unix_listener old-stats {
                 user = dovecot-exporter
                 group = dovecot-exporter
+                mode = 0660
               }
+              fifo_listener old-stats-mail {
+                mode = 0660
+                user = dovecot
+                group = dovecot
+              }
+              fifo_listener old-stats-user {
+                mode = 0660
+                user = dovecot
+                group = dovecot
+              }
+            }
+            plugin {
+              old_stats_refresh = 30 secs
+              old_stats_track_cmds = yes
             }
           ''';
         }

From 3c8dcd902a4bb0d545681bd01a436f495c40cc04 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Thu, 3 Jun 2021 13:10:23 +0200
Subject: [PATCH 126/126] nixos/mail-exporter: add note about rspamd marking
 probe mails as spam

(cherry picked from commit ba9768f3143c728a47515d0548025a103fca9013)
---
 .../monitoring/prometheus/exporters/mail.nix   | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/nixos/modules/services/monitoring/prometheus/exporters/mail.nix b/nixos/modules/services/monitoring/prometheus/exporters/mail.nix
index 18c5c4dd162..7e196149fbb 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/mail.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/mail.nix
@@ -112,6 +112,24 @@ let
       '';
       description = ''
         List of servers that should be probed.
+
+        <emphasis>Note:</emphasis> if your mailserver has <citerefentry>
+        <refentrytitle>rspamd</refentrytitle><manvolnum>8</manvolnum></citerefentry> configured,
+        it can happen that emails from this exporter are marked as spam.
+
+        It's possible to work around the issue with a config like this:
+        <programlisting>
+        {
+          <link linkend="opt-services.rspamd.locals._name_.text">services.rspamd.locals."multimap.conf".text</link> = '''
+            ALLOWLIST_PROMETHEUS {
+              filter = "email:domain:tld";
+              type = "from";
+              map = "''${pkgs.writeText "allowmap" "domain.tld"}";
+              score = -100.0;
+            }
+          ''';
+        }
+        </programlisting>
       '';
     };
   };