Merge branch 'staging' into release-cross-fixes
This commit is contained in:
commit
872100cf41
|
@ -594,6 +594,7 @@ All parameters from `stdenv.mkDerivation` function are still supported. The foll
|
|||
* `catchConflicts ? true`: If `true`, abort package build if a package name appears more than once in dependency tree. Default is `true`.
|
||||
* `disabled` ? false: If `true`, package is not build for the particular Python interpreter version.
|
||||
* `dontWrapPythonPrograms ? false`: Skip wrapping of python programs.
|
||||
* `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment variable in wrapped programs.
|
||||
* `installFlags ? []`: A list of strings. Arguments to be passed to `pip install`. To pass options to `python setup.py install`, use `--install-option`. E.g., `installFlags=["--install-option='--cpp_implementation'"]`.
|
||||
* `format ? "setuptools"`: Format of the source. Valid options are `"setuptools"`, `"pyproject"`, `"flit"`, `"wheel"`, and `"other"`. `"setuptools"` is for when the source has a `setup.py` and `setuptools` is used to build a wheel, `flit`, in case `flit` should be used to build a wheel, and `wheel` in case a wheel is provided. Use `other` when a custom `buildPhase` and/or `installPhase` is needed.
|
||||
* `makeWrapperArgs ? []`: A list of strings. Arguments to be passed to `makeWrapper`, which wraps generated binaries. By default, the arguments to `makeWrapper` set `PATH` and `PYTHONPATH` environment variables before calling the binary. Additional arguments here can allow a developer to set environment variables which will be available when the binary is run. For example, `makeWrapperArgs = ["--set FOO BAR" "--set BAZ QUX"]`.
|
||||
|
@ -756,6 +757,7 @@ specified packages in its path.
|
|||
* `extraLibs`: List of packages installed inside the environment.
|
||||
* `postBuild`: Shell command executed after the build of environment.
|
||||
* `ignoreCollisions`: Ignore file collisions inside the environment (default is `false`).
|
||||
* `permitUserSite`: Skip setting the `PYTHONNOUSERSITE` environment variable in wrapped binaries in the environment.
|
||||
|
||||
#### `python.withPackages` function
|
||||
|
||||
|
|
13
doc/meta.xml
13
doc/meta.xml
|
@ -150,6 +150,19 @@ hello-2.3 A program that produces a familiar, friendly greeting
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<varname>changelog</varname>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
A link or a list of links to the location of Changelog for a package.
|
||||
A link may use expansion to refer to the correct changelog version.
|
||||
Example:
|
||||
<literal>"https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}"</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<varname>license</varname>
|
||||
|
|
|
@ -88,6 +88,9 @@ rec {
|
|||
config = "aarch64-unknown-linux-musl";
|
||||
};
|
||||
|
||||
gnu64 = { config = "x86_64-unknown-linux-gnu"; };
|
||||
gnu32 = { config = "i686-unknown-linux-gnu"; };
|
||||
|
||||
musl64 = { config = "x86_64-unknown-linux-musl"; };
|
||||
musl32 = { config = "i686-unknown-linux-musl"; };
|
||||
|
||||
|
|
|
@ -1747,6 +1747,11 @@
|
|||
github = "freepotion";
|
||||
name = "Free Potion";
|
||||
};
|
||||
freezeboy = {
|
||||
email = "freezeboy@users.noreply.github.com";
|
||||
github = "freezeboy";
|
||||
name = "freezeboy";
|
||||
};
|
||||
Fresheyeball = {
|
||||
email = "fresheyeball@gmail.com";
|
||||
github = "fresheyeball";
|
||||
|
@ -2603,6 +2608,11 @@
|
|||
github = "knl";
|
||||
name = "Nikola Knežević";
|
||||
};
|
||||
kolaente = {
|
||||
email = "k@knt.li";
|
||||
github = "kolaente";
|
||||
name = "Konrad Langenberg";
|
||||
};
|
||||
konimex = {
|
||||
email = "herdiansyah@netc.eu";
|
||||
github = "konimex";
|
||||
|
@ -3203,6 +3213,11 @@
|
|||
github = "mimadrid";
|
||||
name = "Miguel Madrid";
|
||||
};
|
||||
minijackson = {
|
||||
email = "minijackson@riseup.net";
|
||||
github = "minijackson";
|
||||
name = "Rémi Nicole";
|
||||
};
|
||||
mirdhyn = {
|
||||
email = "mirdhyn@gmail.com";
|
||||
github = "mirdhyn";
|
||||
|
@ -3333,6 +3348,11 @@
|
|||
github = "fstamour";
|
||||
name = "Francis St-Amour";
|
||||
};
|
||||
mredaelli = {
|
||||
email = "massimo@typish.io";
|
||||
github = "mredaelli";
|
||||
name = "Massimo Redaelli";
|
||||
};
|
||||
mrkkrp = {
|
||||
email = "markkarpov92@gmail.com";
|
||||
github = "mrkkrp";
|
||||
|
@ -4126,6 +4146,11 @@
|
|||
github = "retrry";
|
||||
name = "Tadas Barzdžius";
|
||||
};
|
||||
rexim = {
|
||||
email = "reximkut@gmail.com";
|
||||
github = "rexim";
|
||||
name = "Alexey Kutepov";
|
||||
};
|
||||
rht = {
|
||||
email = "rhtbot@protonmail.com";
|
||||
github = "rht";
|
||||
|
@ -4464,6 +4489,11 @@
|
|||
github = "shawndellysse";
|
||||
name = "Shawn Dellysse";
|
||||
};
|
||||
shazow = {
|
||||
email = "andrey.petrov@shazow.net";
|
||||
github = "shazow";
|
||||
name = "Andrey Petrov";
|
||||
};
|
||||
sheenobu = {
|
||||
email = "sheena.artrip@gmail.com";
|
||||
github = "sheenobu";
|
||||
|
@ -4484,6 +4514,11 @@
|
|||
github = "shlevy";
|
||||
name = "Shea Levy";
|
||||
};
|
||||
shmish111 = {
|
||||
email = "shmish111@gmail.com";
|
||||
github = "shmish111";
|
||||
name = "David Smith";
|
||||
};
|
||||
shou = {
|
||||
email = "x+g@shou.io";
|
||||
github = "Shou";
|
||||
|
@ -4649,6 +4684,11 @@
|
|||
github = "srghma";
|
||||
name = "Sergei Khoma";
|
||||
};
|
||||
srgom = {
|
||||
email = "srgom@users.noreply.github.com";
|
||||
github = "srgom";
|
||||
name = "SRGOM";
|
||||
};
|
||||
srhb = {
|
||||
email = "sbrofeldt@gmail.com";
|
||||
github = "srhb";
|
||||
|
@ -4873,6 +4913,11 @@
|
|||
github = "terlar";
|
||||
name = "Terje Larsen";
|
||||
};
|
||||
tesq0 = {
|
||||
email = "mikolaj.galkowski@gmail.com";
|
||||
github = "tesq0";
|
||||
name = "Mikolaj Galkowski";
|
||||
};
|
||||
teto = {
|
||||
email = "mcoudron@hotmail.com";
|
||||
github = "teto";
|
||||
|
@ -4922,6 +4967,11 @@
|
|||
github = "ctheune";
|
||||
name = "Christian Theune";
|
||||
};
|
||||
thiagokokada = {
|
||||
email = "thiagokokada@gmail.com";
|
||||
github = "thiagokokada";
|
||||
name = "Thiago K. Okada";
|
||||
};
|
||||
ThomasMader = {
|
||||
email = "thomas.mader@gmail.com";
|
||||
github = "ThomasMader";
|
||||
|
@ -5356,6 +5406,11 @@
|
|||
github = "xaverdh";
|
||||
name = "Dominik Xaver Hörl";
|
||||
};
|
||||
xbreak = {
|
||||
email = "xbreak@alphaware.se";
|
||||
github = "xbreak";
|
||||
name = "Calle Rosenquist";
|
||||
};
|
||||
xeji = {
|
||||
email = "xeji@cat3.de";
|
||||
github = "xeji";
|
||||
|
@ -5540,34 +5595,4 @@
|
|||
github = "zzamboni";
|
||||
name = "Diego Zamboni";
|
||||
};
|
||||
mredaelli = {
|
||||
email = "massimo@typish.io";
|
||||
github = "mredaelli";
|
||||
name = "Massimo Redaelli";
|
||||
};
|
||||
shmish111 = {
|
||||
email = "shmish111@gmail.com";
|
||||
github = "shmish111";
|
||||
name = "David Smith";
|
||||
};
|
||||
minijackson = {
|
||||
email = "minijackson@riseup.net";
|
||||
github = "minijackson";
|
||||
name = "Rémi Nicole";
|
||||
};
|
||||
shazow = {
|
||||
email = "andrey.petrov@shazow.net";
|
||||
github = "shazow";
|
||||
name = "Andrey Petrov";
|
||||
};
|
||||
freezeboy = {
|
||||
email = "freezeboy@users.noreply.github.com";
|
||||
github = "freezeboy";
|
||||
name = "freezeboy";
|
||||
};
|
||||
tesq0 = {
|
||||
email = "mikolaj.galkowski@gmail.com";
|
||||
github = "tesq0";
|
||||
name = "Mikolaj Galkowski";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,9 +2,12 @@
|
|||
ansicolors,
|
||||
argparse,
|
||||
basexx,
|
||||
binaryheap,
|
||||
dkjson
|
||||
fifo
|
||||
http
|
||||
inspect
|
||||
ldoc
|
||||
lgi
|
||||
lpeg_patterns
|
||||
lpty
|
||||
|
@ -22,6 +25,7 @@ luaevent,
|
|||
luacheck
|
||||
luaffi,,http://luarocks.org/dev,
|
||||
luuid,
|
||||
markdown,
|
||||
penlight,
|
||||
rapidjson,
|
||||
say,
|
||||
|
|
|
|
@ -76,11 +76,7 @@ FOOTER="
|
|||
function convert_pkg () {
|
||||
nix_pkg_name="$1"
|
||||
lua_pkg_name="$2"
|
||||
server=""
|
||||
if [ ! -z "$3" ]; then
|
||||
server=" --server=$3"
|
||||
fi
|
||||
|
||||
server="${3:+--server=$3}"
|
||||
version="${4:-}"
|
||||
|
||||
echo "looking at $lua_pkg_name (version $version) from server [$server]" >&2
|
||||
|
@ -101,15 +97,15 @@ echo "$HEADER" | tee "$TMP_FILE"
|
|||
# name,server,version
|
||||
while IFS=, read -r nix_pkg_name lua_pkg_name server version
|
||||
do
|
||||
if [ "${nix_pkg_name:0:1}" == "#" ]; then
|
||||
echo "Skipping comment ${nix_pkg_name}" >&2
|
||||
continue
|
||||
fi
|
||||
if [ -z "$lua_pkg_name" ]; then
|
||||
echo "Using nix_name as lua_pkg_name" >&2
|
||||
lua_pkg_name="$nix_pkg_name"
|
||||
fi
|
||||
convert_pkg "$nix_pkg_name" "$lua_pkg_name" "$server" "$version"
|
||||
if [ "${nix_pkg_name:0:1}" == "#" ]; then
|
||||
echo "Skipping comment ${nix_pkg_name}" >&2
|
||||
continue
|
||||
fi
|
||||
if [ -z "$lua_pkg_name" ]; then
|
||||
echo "Using nix_name as lua_pkg_name" >&2
|
||||
lua_pkg_name="$nix_pkg_name"
|
||||
fi
|
||||
convert_pkg "$nix_pkg_name" "$lua_pkg_name" "$server" "$version"
|
||||
done < "$CSV_FILE"
|
||||
|
||||
# close the set
|
||||
|
|
|
@ -0,0 +1,86 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.environment.memoryAllocator;
|
||||
|
||||
# The set of alternative malloc(3) providers.
|
||||
providers = {
|
||||
"graphene-hardened" = rec {
|
||||
libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
|
||||
description = ''
|
||||
An allocator designed to mitigate memory corruption attacks, such as
|
||||
those caused by use-after-free bugs.
|
||||
'';
|
||||
};
|
||||
|
||||
"jemalloc" = {
|
||||
libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
|
||||
description = ''
|
||||
A general purpose allocator that emphasizes fragmentation avoidance
|
||||
and scalable concurrency support.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
providerConf = providers."${cfg.provider}";
|
||||
|
||||
# An output that contains only the shared library, to avoid
|
||||
# needlessly bloating the system closure
|
||||
mallocLib = pkgs.runCommand "malloc-provider-${cfg.provider}"
|
||||
rec {
|
||||
preferLocalBuild = true;
|
||||
allowSubstitutes = false;
|
||||
origLibPath = providerConf.libPath;
|
||||
libName = baseNameOf origLibPath;
|
||||
}
|
||||
''
|
||||
mkdir -p $out/lib
|
||||
cp -L $origLibPath $out/lib/$libName
|
||||
'';
|
||||
|
||||
# The full path to the selected provider shlib.
|
||||
providerLibPath = "${mallocLib}/lib/${mallocLib.libName}";
|
||||
in
|
||||
|
||||
{
|
||||
meta = {
|
||||
maintainers = [ maintainers.joachifm ];
|
||||
};
|
||||
|
||||
options = {
|
||||
environment.memoryAllocator.provider = mkOption {
|
||||
type = types.enum ([ "libc" ] ++ attrNames providers);
|
||||
default = "libc";
|
||||
description = ''
|
||||
The system-wide memory allocator.
|
||||
|
||||
Briefly, the system-wide memory allocator providers are:
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>libc</literal>: the standard allocator provided by libc</para></listitem>
|
||||
${toString (mapAttrsToList
|
||||
(name: value: "<listitem><para><literal>${name}</literal>: ${value.description}</para></listitem>")
|
||||
providers)}
|
||||
</itemizedlist>
|
||||
|
||||
<warning>
|
||||
<para>
|
||||
Selecting an alternative allocator (i.e., anything other than
|
||||
<literal>libc</literal>) may result in instability, data loss,
|
||||
and/or service failure.
|
||||
</para>
|
||||
</warning>
|
||||
|
||||
<note>
|
||||
<para>
|
||||
Changing this option does not affect the current session.
|
||||
</para>
|
||||
</note>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (cfg.provider != "libc") {
|
||||
environment.variables.LD_PRELOAD = providerLibPath;
|
||||
};
|
||||
}
|
|
@ -19,6 +19,7 @@
|
|||
./config/iproute2.nix
|
||||
./config/krb5/default.nix
|
||||
./config/ldap.nix
|
||||
./config/malloc.nix
|
||||
./config/networking.nix
|
||||
./config/no-x-libs.nix
|
||||
./config/nsswitch.nix
|
||||
|
@ -144,6 +145,7 @@
|
|||
./programs/xonsh.nix
|
||||
./programs/xss-lock.nix
|
||||
./programs/yabar.nix
|
||||
./programs/zmap.nix
|
||||
./programs/zsh/oh-my-zsh.nix
|
||||
./programs/zsh/zsh.nix
|
||||
./programs/zsh/zsh-autoenv.nix
|
||||
|
|
|
@ -14,6 +14,8 @@ with lib;
|
|||
|
||||
nix.allowedUsers = mkDefault [ "@users" ];
|
||||
|
||||
environment.memoryAllocator.provider = mkDefault "graphene-hardened";
|
||||
|
||||
security.hideProcessInformation = mkDefault true;
|
||||
|
||||
security.lockKernelModules = mkDefault true;
|
||||
|
|
|
@ -8,12 +8,23 @@ in
|
|||
{
|
||||
options.programs.xss-lock = {
|
||||
enable = mkEnableOption "xss-lock";
|
||||
|
||||
lockerCommand = mkOption {
|
||||
default = "${pkgs.i3lock}/bin/i3lock";
|
||||
example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
|
||||
type = types.string;
|
||||
description = "Locker to be used with xsslock";
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
default = [ ];
|
||||
example = [ "--ignore-sleep" ];
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
Additional command-line arguments to pass to
|
||||
<command>xss-lock</command>.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -21,7 +32,13 @@ in
|
|||
description = "XSS Lock Daemon";
|
||||
wantedBy = [ "graphical-session.target" ];
|
||||
partOf = [ "graphical-session.target" ];
|
||||
serviceConfig.ExecStart = "${pkgs.xss-lock}/bin/xss-lock ${cfg.lockerCommand}";
|
||||
serviceConfig.ExecStart = with lib;
|
||||
strings.concatStringsSep " " ([
|
||||
"${pkgs.xss-lock}/bin/xss-lock"
|
||||
] ++ (map escapeShellArg cfg.extraOptions) ++ [
|
||||
"--"
|
||||
cfg.lockerCommand
|
||||
]);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.programs.zmap;
|
||||
in {
|
||||
options.programs.zmap = {
|
||||
enable = mkEnableOption "ZMap";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.zmap ];
|
||||
|
||||
environment.etc."zmap/blacklist.conf".source = "${pkgs.zmap}/etc/zmap/blacklist.conf";
|
||||
environment.etc."zmap/zmap.conf".source = "${pkgs.zmap}/etc/zmap.conf";
|
||||
};
|
||||
}
|
|
@ -234,6 +234,9 @@ with lib;
|
|||
(mkRenamedOptionModule [ "hardware" "ckb" "enable" ] [ "hardware" "ckb-next" "enable" ])
|
||||
(mkRenamedOptionModule [ "hardware" "ckb" "package" ] [ "hardware" "ckb-next" "package" ])
|
||||
|
||||
# binfmt
|
||||
(mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
|
||||
|
||||
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
|
||||
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
|
||||
"snmpExporter" "unifiExporter" "varnishExporter" ]
|
||||
|
|
|
@ -29,6 +29,8 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.apparmor-utils ];
|
||||
|
||||
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
|
||||
|
||||
systemd.services.apparmor = let
|
||||
paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
|
||||
([ pkgs.apparmor-profiles ] ++ cfg.packages);
|
||||
|
|
|
@ -13,23 +13,17 @@ with lib;
|
|||
default = true;
|
||||
description = ''
|
||||
Whether to allow creation of user namespaces.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The motivation for disabling user namespaces is the potential
|
||||
presence of code paths where the kernel's permission checking
|
||||
logic fails to account for namespacing, instead permitting a
|
||||
namespaced process to act outside the namespace with the same
|
||||
privileges as it would have inside it. This is particularly
|
||||
damaging in the common case of running as root within the namespace.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When user namespace creation is disallowed, attempting to create a
|
||||
user namespace fails with "no space left on device" (ENOSPC).
|
||||
root may re-enable user namespace creation at runtime.
|
||||
</para>
|
||||
<para>
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -48,21 +42,15 @@ with lib;
|
|||
Whether to allow SMT/hyperthreading. Disabling SMT means that only
|
||||
physical CPU cores will be usable at runtime, potentially at
|
||||
significant performance cost.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The primary motivation for disabling SMT is to mitigate the risk of
|
||||
leaking data between threads running on the same CPU core (due to
|
||||
e.g., shared caches). This attack vector is unproven.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Disabling SMT is a supplement to the L1 data cache flushing mitigation
|
||||
(see <xref linkend="opt-security.virtualization.flushL1DataCache"/>)
|
||||
versus malicious VM guests (SMT could "bring back" previously flushed
|
||||
data).
|
||||
</para>
|
||||
<para>
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -73,10 +61,8 @@ with lib;
|
|||
Whether the hypervisor should flush the L1 data cache before
|
||||
entering guests.
|
||||
See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<variablelist>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>null</literal></term>
|
||||
<listitem><para>uses the kernel default</para></listitem>
|
||||
|
@ -98,7 +84,7 @@ with lib;
|
|||
enters the guest. May incur significant performance cost.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</variablelist>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -42,6 +42,11 @@ in
|
|||
serviceConfig = {
|
||||
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
|
||||
+ optionalString cfg.debug " -d";
|
||||
NoNewPrivileges = true;
|
||||
PrivateNetwork = true;
|
||||
PrivateTmp = true;
|
||||
ProtectSystem = "full";
|
||||
ProtectHome = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -7,28 +7,23 @@ let
|
|||
|
||||
planDescription = ''
|
||||
The znapzend backup plan to use for the source.
|
||||
</para>
|
||||
<para>
|
||||
|
||||
The plan specifies how often to backup and for how long to keep the
|
||||
backups. It consists of a series of retention periodes to interval
|
||||
associations:
|
||||
</para>
|
||||
<para>
|
||||
|
||||
<literal>
|
||||
retA=>intA,retB=>intB,...
|
||||
</literal>
|
||||
</para>
|
||||
<para>
|
||||
Both intervals and retention periods are expressed in standard units
|
||||
of time or multiples of them. You can use both the full name or a
|
||||
shortcut according to the following listing:
|
||||
</para>
|
||||
<para>
|
||||
|
||||
Both intervals and retention periods are expressed in standard units
|
||||
of time or multiples of them. You can use both the full name or a
|
||||
shortcut according to the following listing:
|
||||
|
||||
<literal>
|
||||
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
|
||||
</literal>
|
||||
</para>
|
||||
<para>
|
||||
|
||||
See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info.
|
||||
'';
|
||||
planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";
|
||||
|
@ -139,12 +134,10 @@ let
|
|||
type = nullOr ints.u16;
|
||||
description = ''
|
||||
Port to use for <command>mbuffer</command>.
|
||||
</para>
|
||||
<para>
|
||||
|
||||
If this is null, it will run <command>mbuffer</command> through
|
||||
ssh.
|
||||
</para>
|
||||
<para>
|
||||
|
||||
If this is not null, it will run <command>mbuffer</command>
|
||||
directly through TCP, which is not encrypted but faster. In that
|
||||
case the given port needs to be open on the destination host.
|
||||
|
|
|
@ -5,11 +5,13 @@ with lib;
|
|||
let
|
||||
cfg = config.services.journalbeat;
|
||||
|
||||
lt6 = builtins.compareVersions cfg.package.version "6" < 0;
|
||||
|
||||
journalbeatYml = pkgs.writeText "journalbeat.yml" ''
|
||||
name: ${cfg.name}
|
||||
tags: ${builtins.toJSON cfg.tags}
|
||||
|
||||
journalbeat.cursor_state_file: ${cfg.stateDir}/cursor-state
|
||||
${optionalString lt6 "journalbeat.cursor_state_file: /var/lib/${cfg.stateDir}/cursor-state"}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
@ -22,6 +24,16 @@ in
|
|||
|
||||
enable = mkEnableOption "journalbeat";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.journalbeat;
|
||||
defaultText = "pkgs.journalbeat";
|
||||
example = literalExample "pkgs.journalbeat7";
|
||||
description = ''
|
||||
The journalbeat package to use
|
||||
'';
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "journalbeat";
|
||||
|
@ -36,13 +48,17 @@ in
|
|||
|
||||
stateDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/journalbeat";
|
||||
description = "The state directory. Journalbeat's own logs and other data are stored here.";
|
||||
default = "journalbeat";
|
||||
description = ''
|
||||
Directory below <literal>/var/lib/</literal> to store journalbeat's
|
||||
own logs and other data. This directory will be created automatically
|
||||
using systemd's StateDirectory mechanism.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = ''
|
||||
default = optionalString lt6 ''
|
||||
journalbeat:
|
||||
seek_position: cursor
|
||||
cursor_seek_fallback: tail
|
||||
|
@ -61,7 +77,16 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.services.journalbeat = with pkgs; {
|
||||
assertions = [
|
||||
{
|
||||
assertion = !hasPrefix "/" cfg.stateDir;
|
||||
message =
|
||||
"The option services.journalbeat.stateDir shouldn't be an absolute directory." +
|
||||
" It should be a directory relative to /var/lib/.";
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services.journalbeat = {
|
||||
description = "Journalbeat log shipper";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
|
@ -69,7 +94,13 @@ in
|
|||
mkdir -p ${cfg.stateDir}/logs
|
||||
'';
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.journalbeat}/bin/journalbeat -c ${journalbeatYml} -path.data ${cfg.stateDir}/data -path.logs ${cfg.stateDir}/logs";
|
||||
StateDirectory = cfg.stateDir;
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/journalbeat \
|
||||
-c ${journalbeatYml} \
|
||||
-path.data /var/lib/${cfg.stateDir}/data \
|
||||
-path.logs /var/lib/${cfg.stateDir}/logs'';
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -21,32 +21,23 @@ let
|
|||
|
||||
availableComponents = cfg.package.availableComponents;
|
||||
|
||||
# Given component "parentConfig.platform", returns whether config.parentConfig
|
||||
# is a list containing a set with set.platform == "platform".
|
||||
usedPlatforms = config:
|
||||
if isAttrs config then
|
||||
optional (config ? platform) config.platform
|
||||
++ concatMap usedPlatforms (attrValues config)
|
||||
else if isList config then
|
||||
concatMap usedPlatforms config
|
||||
else [ ];
|
||||
|
||||
# Given a component "platform", looks up whether it is used in the config
|
||||
# as `platform = "platform";`.
|
||||
#
|
||||
# For example, the component sensor.luftdaten is used as follows:
|
||||
# For example, the component mqtt.sensor is used as follows:
|
||||
# config.sensor = [ {
|
||||
# platform = "luftdaten";
|
||||
# platform = "mqtt";
|
||||
# ...
|
||||
# } ];
|
||||
#
|
||||
# Beginning with 0.87 Home Assistant is migrating their components to the
|
||||
# scheme "platform.subComponent", e.g. "hue.light" instead of "light.hue".
|
||||
# See https://developers.home-assistant.io/blog/2019/02/19/the-great-migration.html.
|
||||
# Hence, we also check whether we find an entry in the config when interpreting
|
||||
# the first part of the path as the component.
|
||||
useComponentPlatform = component:
|
||||
let
|
||||
path = splitString "." component;
|
||||
# old: platform is the last part of path
|
||||
parentConfig = attrByPath (init path) null cfg.config;
|
||||
platform = last path;
|
||||
# new: platform is the first part of the path
|
||||
parentConfig' = attrByPath (tail path) null cfg.config;
|
||||
platform' = head path;
|
||||
in
|
||||
(isList parentConfig && any (item: item.platform or null == platform) parentConfig)
|
||||
|| (isList parentConfig' && any (item: item.platform or null == platform') parentConfig');
|
||||
useComponentPlatform = component: elem component (usedPlatforms cfg.config);
|
||||
|
||||
# Returns whether component is used in config
|
||||
useComponent = component:
|
||||
|
|
|
@ -28,14 +28,29 @@ in {
|
|||
path = [ pkgs.coreutils ];
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
unitConfig.documentation = "man:vnstatd(1) man:vnstat(1) man:vnstat.conf(5)";
|
||||
documentation = [
|
||||
"man:vnstatd(1)"
|
||||
"man:vnstat(1)"
|
||||
"man:vnstat.conf(5)"
|
||||
];
|
||||
preStart = "chmod 755 /var/lib/vnstat";
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.vnstat}/bin/vnstatd -n";
|
||||
ExecReload = "${pkgs.procps}/bin/kill -HUP $MAINPID";
|
||||
ProtectHome = true;
|
||||
|
||||
# Hardening (from upstream example service)
|
||||
ProtectSystem = "strict";
|
||||
StateDirectory = "vnstat";
|
||||
PrivateDevices = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectKernelModules = true;
|
||||
PrivateTmp = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictNamespaces = true;
|
||||
|
||||
User = "vnstatd";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -26,28 +26,20 @@ in
|
|||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.dbus.packages = [ pkgs.fprintd ];
|
||||
|
||||
environment.systemPackages = [ pkgs.fprintd ];
|
||||
|
||||
systemd.services.fprintd = {
|
||||
description = "Fingerprint Authentication Daemon";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "dbus";
|
||||
BusName = "net.reactivated.Fprint";
|
||||
ExecStart = "${pkgs.fprintd}/libexec/fprintd";
|
||||
};
|
||||
};
|
||||
systemd.packages = [ pkgs.fprintd ];
|
||||
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (lib) mkOption types optionalString;
|
||||
|
||||
cfg = config.boot.binfmtMiscRegistrations;
|
||||
cfg = config.boot.binfmt;
|
||||
|
||||
makeBinfmtLine = name: { recognitionType, offset, magicOrExtension
|
||||
, mask, preserveArgvZero, openBinary
|
||||
|
@ -13,125 +13,249 @@ let
|
|||
mask' = toString mask;
|
||||
interpreter = "/run/binfmt/${name}";
|
||||
flags = if !(matchCredentials -> openBinary)
|
||||
then throw "boot.binfmtMiscRegistrations.${name}: you can't specify openBinary = false when matchCredentials = true."
|
||||
then throw "boot.binfmt.registrations.${name}: you can't specify openBinary = false when matchCredentials = true."
|
||||
else optionalString preserveArgvZero "P" +
|
||||
optionalString (openBinary && !matchCredentials) "O" +
|
||||
optionalString matchCredentials "C" +
|
||||
optionalString fixBinary "F";
|
||||
in ":${name}:${type}:${offset'}:${magicOrExtension}:${mask'}:${interpreter}:${flags}";
|
||||
|
||||
binfmtFile = builtins.toFile "binfmt_nixos.conf"
|
||||
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine cfg));
|
||||
|
||||
activationSnippet = name: { interpreter, ... }:
|
||||
"ln -sf ${interpreter} /run/binfmt/${name}";
|
||||
activationScript = ''
|
||||
mkdir -p -m 0755 /run/binfmt
|
||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet cfg)}
|
||||
'';
|
||||
in {
|
||||
options = {
|
||||
boot.binfmtMiscRegistrations = mkOption {
|
||||
default = {};
|
||||
|
||||
description = ''
|
||||
Extra binary formats to register with the kernel.
|
||||
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
|
||||
'';
|
||||
getEmulator = system: (lib.systems.elaborate { inherit system; }).emulator pkgs;
|
||||
|
||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
recognitionType = mkOption {
|
||||
default = "magic";
|
||||
description = "Whether to recognize executables by magic number or extension.";
|
||||
type = types.enum [ "magic" "extension" ];
|
||||
};
|
||||
|
||||
offset = mkOption {
|
||||
default = null;
|
||||
description = "The byte offset of the magic number used for recognition.";
|
||||
type = types.nullOr types.int;
|
||||
};
|
||||
|
||||
magicOrExtension = mkOption {
|
||||
description = "The magic number or extension to match on.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
mask = mkOption {
|
||||
default = null;
|
||||
description =
|
||||
"A mask to be ANDed with the byte sequence of the file before matching";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
interpreter = mkOption {
|
||||
description = ''
|
||||
The interpreter to invoke to run the program.
|
||||
|
||||
Note that the actual registration will point to
|
||||
/run/binfmt/''${name}, so the kernel interpreter length
|
||||
limit doesn't apply.
|
||||
'';
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
preserveArgvZero = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to pass the original argv[0] to the interpreter.
|
||||
|
||||
See the description of the 'P' flag in the kernel docs
|
||||
for more details;
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
openBinary = mkOption {
|
||||
default = config.matchCredentials;
|
||||
description = ''
|
||||
Whether to pass the binary to the interpreter as an open
|
||||
file descriptor, instead of a path.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
matchCredentials = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to launch with the credentials and security
|
||||
token of the binary, not the interpreter (e.g. setuid
|
||||
bit).
|
||||
|
||||
See the description of the 'C' flag in the kernel docs
|
||||
for more details.
|
||||
|
||||
Implies/requires openBinary = true.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
fixBinary = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to open the interpreter file as soon as the
|
||||
registration is loaded, rather than waiting for a
|
||||
relevant file to be invoked.
|
||||
|
||||
See the description of the 'F' flag in the kernel docs
|
||||
for more details.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
}));
|
||||
# Mapping of systems to “magicOrExtension” and “mask”. Mostly taken from:
|
||||
# - https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix
|
||||
# and
|
||||
# - https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
|
||||
# TODO: maybe put these in a JSON file?
|
||||
magics = {
|
||||
armv6l-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
armv7l-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
aarch64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
aarch64_be-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
i386-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
i486-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
i586-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
i686-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
x86_64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
alpha-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
sparc64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
sparc-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x12'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
powerpc-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
powerpc64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
powerpc64le-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00'';
|
||||
};
|
||||
mips-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
mipsel-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
mips64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
|
||||
};
|
||||
mips64el-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
riscv32-linux = {
|
||||
magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
riscv64-linux = {
|
||||
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'';
|
||||
mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
|
||||
};
|
||||
x86_64-windows = {
|
||||
magicOrExtension = ".exe";
|
||||
recognitionType = "extension";
|
||||
};
|
||||
i686-windows = {
|
||||
magicOrExtension = ".exe";
|
||||
recognitionType = "extension";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf (cfg != {}) {
|
||||
environment.etc."binfmt.d/nixos.conf".source = binfmtFile;
|
||||
system.activationScripts.binfmt = activationScript;
|
||||
systemd.additionalUpstreamSystemUnits =
|
||||
in {
|
||||
options = {
|
||||
boot.binfmt = {
|
||||
registrations = mkOption {
|
||||
default = {};
|
||||
|
||||
description = ''
|
||||
Extra binary formats to register with the kernel.
|
||||
See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
|
||||
'';
|
||||
|
||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
recognitionType = mkOption {
|
||||
default = "magic";
|
||||
description = "Whether to recognize executables by magic number or extension.";
|
||||
type = types.enum [ "magic" "extension" ];
|
||||
};
|
||||
|
||||
offset = mkOption {
|
||||
default = null;
|
||||
description = "The byte offset of the magic number used for recognition.";
|
||||
type = types.nullOr types.int;
|
||||
};
|
||||
|
||||
magicOrExtension = mkOption {
|
||||
description = "The magic number or extension to match on.";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
mask = mkOption {
|
||||
default = null;
|
||||
description =
|
||||
"A mask to be ANDed with the byte sequence of the file before matching";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
interpreter = mkOption {
|
||||
description = ''
|
||||
The interpreter to invoke to run the program.
|
||||
|
||||
Note that the actual registration will point to
|
||||
/run/binfmt/''${name}, so the kernel interpreter length
|
||||
limit doesn't apply.
|
||||
'';
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
preserveArgvZero = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to pass the original argv[0] to the interpreter.
|
||||
|
||||
See the description of the 'P' flag in the kernel docs
|
||||
for more details;
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
openBinary = mkOption {
|
||||
default = config.matchCredentials;
|
||||
description = ''
|
||||
Whether to pass the binary to the interpreter as an open
|
||||
file descriptor, instead of a path.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
matchCredentials = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to launch with the credentials and security
|
||||
token of the binary, not the interpreter (e.g. setuid
|
||||
bit).
|
||||
|
||||
See the description of the 'C' flag in the kernel docs
|
||||
for more details.
|
||||
|
||||
Implies/requires openBinary = true.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
fixBinary = mkOption {
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to open the interpreter file as soon as the
|
||||
registration is loaded, rather than waiting for a
|
||||
relevant file to be invoked.
|
||||
|
||||
See the description of the 'F' flag in the kernel docs
|
||||
for more details.
|
||||
'';
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
emulatedSystems = mkOption {
|
||||
default = [];
|
||||
description = ''
|
||||
List of systems to emulate. Will also configure Nix to
|
||||
support your new systems.
|
||||
'';
|
||||
type = types.listOf types.string;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
boot.binfmt.registrations = builtins.listToAttrs (map (system: {
|
||||
name = system;
|
||||
value = {
|
||||
interpreter = getEmulator system;
|
||||
} // (magics.${system} or (throw "Cannot create binfmt registration for system ${system}"));
|
||||
}) cfg.emulatedSystems);
|
||||
# TODO: add a nix.extraPlatforms option to NixOS!
|
||||
nix.extraOptions = lib.mkIf (cfg.emulatedSystems != []) ''
|
||||
extra-platforms = ${toString (cfg.emulatedSystems ++ lib.optional pkgs.stdenv.hostPlatform.isx86_64 "i686-linux")}
|
||||
'';
|
||||
nix.sandboxPaths = lib.mkIf (cfg.emulatedSystems != [])
|
||||
([ "/run/binfmt" ] ++ (map (system: dirOf (dirOf (getEmulator system))) cfg.emulatedSystems));
|
||||
|
||||
environment.etc."binfmt.d/nixos.conf".source = builtins.toFile "binfmt_nixos.conf"
|
||||
(lib.concatStringsSep "\n" (lib.mapAttrsToList makeBinfmtLine config.boot.binfmt.registrations));
|
||||
system.activationScripts.binfmt = ''
|
||||
mkdir -p -m 0755 /run/binfmt
|
||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList activationSnippet config.boot.binfmt.registrations)}
|
||||
'';
|
||||
systemd.additionalUpstreamSystemUnits = lib.mkIf (config.boot.binfmt.registrations != {})
|
||||
[ "proc-sys-fs-binfmt_misc.automount"
|
||||
"proc-sys-fs-binfmt_misc.mount"
|
||||
];
|
||||
|
|
|
@ -62,8 +62,7 @@ in {
|
|||
|
||||
description = ''
|
||||
The resolution of the console. The following values are valid:
|
||||
</para>
|
||||
<para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<literal>"0"</literal>: Standard UEFI 80x25 mode
|
||||
|
|
|
@ -76,6 +76,33 @@ let
|
|||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
wait_gpgcard() {
|
||||
local secs="''${1:-10}"
|
||||
|
||||
gpg --card-status > /dev/null 2> /dev/null
|
||||
if [ $? != 0 ]; then
|
||||
echo -n "Waiting $secs seconds for GPG Card to appear"
|
||||
local success=false
|
||||
for try in $(seq $secs); do
|
||||
echo -n .
|
||||
sleep 1
|
||||
gpg --card-status > /dev/null 2> /dev/null
|
||||
if [ $? == 0 ]; then
|
||||
success=true
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ $success == true ]; then
|
||||
echo " - success";
|
||||
return 0
|
||||
else
|
||||
echo " - failure";
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
'';
|
||||
|
||||
preCommands = ''
|
||||
|
@ -93,6 +120,13 @@ let
|
|||
# For Yubikey salt storage
|
||||
mkdir -p /crypt-storage
|
||||
|
||||
${optionalString luks.gpgSupport ''
|
||||
export GPG_TTY=$(tty)
|
||||
export GNUPGHOME=/crypt-ramfs/.gnupg
|
||||
|
||||
gpg-agent --daemon --scdaemon-program $out/bin/scdaemon > /dev/null 2> /dev/null
|
||||
''}
|
||||
|
||||
# Disable all input echo for the whole stage. We could use read -s
|
||||
# instead but that would ocasionally leak characters between read
|
||||
# invocations.
|
||||
|
@ -105,7 +139,7 @@ let
|
|||
umount /crypt-ramfs 2>/dev/null
|
||||
'';
|
||||
|
||||
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, fallbackToPassword, ... }: assert name' == name;
|
||||
openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fallbackToPassword, ... }: assert name' == name;
|
||||
let
|
||||
csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
|
||||
cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
|
||||
|
@ -182,7 +216,7 @@ let
|
|||
''}
|
||||
}
|
||||
|
||||
${if luks.yubikeySupport && (yubikey != null) then ''
|
||||
${optionalString (luks.yubikeySupport && (yubikey != null)) ''
|
||||
# Yubikey
|
||||
rbtohex() {
|
||||
( od -An -vtx1 | tr -d ' \n' )
|
||||
|
@ -278,7 +312,7 @@ let
|
|||
umount /crypt-storage
|
||||
}
|
||||
|
||||
open_yubikey() {
|
||||
open_with_hardware() {
|
||||
if wait_yubikey ${toString yubikey.gracePeriod}; then
|
||||
do_open_yubikey
|
||||
else
|
||||
|
@ -286,8 +320,75 @@ let
|
|||
open_normally
|
||||
fi
|
||||
}
|
||||
''}
|
||||
|
||||
open_yubikey
|
||||
${optionalString (luks.gpgSupport && (gpgCard != null)) ''
|
||||
|
||||
do_open_gpg_card() {
|
||||
# Make all of these local to this function
|
||||
# to prevent their values being leaked
|
||||
local pin
|
||||
local opened
|
||||
|
||||
gpg --import /gpg-keys/${device}/pubkey.asc > /dev/null 2> /dev/null
|
||||
|
||||
gpg --card-status > /dev/null 2> /dev/null
|
||||
|
||||
for try in $(seq 3); do
|
||||
echo -n "PIN for GPG Card associated with device ${device}: "
|
||||
pin=
|
||||
while true; do
|
||||
if [ -e /crypt-ramfs/passphrase ]; then
|
||||
echo "reused"
|
||||
pin=$(cat /crypt-ramfs/passphrase)
|
||||
break
|
||||
else
|
||||
# and try reading it from /dev/console with a timeout
|
||||
IFS= read -t 1 -r pin
|
||||
if [ -n "$pin" ]; then
|
||||
${if luks.reusePassphrases then ''
|
||||
# remember it for the next device
|
||||
echo -n "$pin" > /crypt-ramfs/passphrase
|
||||
'' else ''
|
||||
# Don't save it to ramfs. We are very paranoid
|
||||
''}
|
||||
echo
|
||||
break
|
||||
fi
|
||||
fi
|
||||
done
|
||||
echo -n "Verifying passphrase for ${device}..."
|
||||
echo -n "$pin" | gpg -q --batch --passphrase-fd 0 --pinentry-mode loopback -d /gpg-keys/${device}/cryptkey.gpg 2> /dev/null | ${csopen} --key-file=- > /dev/null 2> /dev/null
|
||||
if [ $? == 0 ]; then
|
||||
echo " - success"
|
||||
${if luks.reusePassphrases then ''
|
||||
# we don't rm here because we might reuse it for the next device
|
||||
'' else ''
|
||||
rm -f /crypt-ramfs/passphrase
|
||||
''}
|
||||
break
|
||||
else
|
||||
echo " - failure"
|
||||
# ask for a different one
|
||||
rm -f /crypt-ramfs/passphrase
|
||||
fi
|
||||
done
|
||||
|
||||
[ "$opened" == false ] && die "Maximum authentication errors reached"
|
||||
}
|
||||
|
||||
open_with_hardware() {
|
||||
if wait_gpgcard ${toString gpgCard.gracePeriod}; then
|
||||
do_open_gpg_card
|
||||
else
|
||||
echo "No GPG Card found, falling back to normal open procedure"
|
||||
open_normally
|
||||
fi
|
||||
}
|
||||
''}
|
||||
|
||||
${if (luks.yubikeySupport && (yubikey != null)) || (luks.gpgSupport && (gpgCard != null)) then ''
|
||||
open_with_hardware
|
||||
'' else ''
|
||||
open_normally
|
||||
''}
|
||||
|
@ -473,6 +574,36 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
gpgCard = mkOption {
|
||||
default = null;
|
||||
description = ''
|
||||
The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard.
|
||||
If null (the default), GPG-Smartcard will be disabled for this device.
|
||||
'';
|
||||
|
||||
type = with types; nullOr (submodule {
|
||||
options = {
|
||||
gracePeriod = mkOption {
|
||||
default = 10;
|
||||
type = types.int;
|
||||
description = "Time in seconds to wait for the GPG Smartcard.";
|
||||
};
|
||||
|
||||
encryptedPass = mkOption {
|
||||
default = "";
|
||||
type = types.path;
|
||||
description = "Path to the GPG encrypted passphrase.";
|
||||
};
|
||||
|
||||
publicKey = mkOption {
|
||||
default = "";
|
||||
type = types.path;
|
||||
description = "Path to the Public Key.";
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
yubikey = mkOption {
|
||||
default = null;
|
||||
description = ''
|
||||
|
@ -554,6 +685,14 @@ in
|
|||
}));
|
||||
};
|
||||
|
||||
boot.initrd.luks.gpgSupport = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Enables support for authenticating with a GPG encrypted password.
|
||||
'';
|
||||
};
|
||||
|
||||
boot.initrd.luks.yubikeySupport = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
|
@ -567,6 +706,12 @@ in
|
|||
|
||||
config = mkIf (luks.devices != {} || luks.forceLuksSupportInInitrd) {
|
||||
|
||||
assertions =
|
||||
[ { assertion = !(luks.gpgSupport && luks.yubikeySupport);
|
||||
message = "Yubikey and GPG Card may not be used at the same time.";
|
||||
}
|
||||
];
|
||||
|
||||
# actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested
|
||||
boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks
|
||||
["firewire_ohci" "firewire_core" "firewire_sbp2"];
|
||||
|
@ -603,6 +748,23 @@ in
|
|||
EOF
|
||||
chmod +x $out/bin/openssl-wrap
|
||||
''}
|
||||
|
||||
${optionalString luks.gpgSupport ''
|
||||
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg
|
||||
copy_bin_and_libs ${pkgs.gnupg}/bin/gpg-agent
|
||||
copy_bin_and_libs ${pkgs.gnupg}/libexec/scdaemon
|
||||
|
||||
${concatMapStringsSep "\n" (x:
|
||||
if x.gpgCard != null then
|
||||
''
|
||||
mkdir -p $out/secrets/gpg-keys/${x.device}
|
||||
cp -a ${x.gpgCard.encryptedPass} $out/secrets/gpg-keys/${x.device}/cryptkey.gpg
|
||||
cp -a ${x.gpgCard.publicKey} $out/secrets/gpg-keys/${x.device}/pubkey.asc
|
||||
''
|
||||
else ""
|
||||
) (attrValues luks.devices)
|
||||
}
|
||||
''}
|
||||
'';
|
||||
|
||||
boot.initrd.extraUtilsCommandsTest = ''
|
||||
|
@ -612,6 +774,11 @@ in
|
|||
$out/bin/ykinfo -V
|
||||
$out/bin/openssl-wrap version
|
||||
''}
|
||||
${optionalString luks.gpgSupport ''
|
||||
$out/bin/gpg --version
|
||||
$out/bin/gpg-agent --version
|
||||
$out/bin/scdaemon --version
|
||||
''}
|
||||
'';
|
||||
|
||||
boot.initrd.preFailCommands = postCommands;
|
||||
|
|
|
@ -35,7 +35,7 @@ in
|
|||
when resolving single-label host names (domain names which
|
||||
contain no dot), in order to qualify them into fully-qualified
|
||||
domain names (FQDNs).
|
||||
</para><para>
|
||||
|
||||
For compatibility reasons, if this setting is not specified,
|
||||
the search domains listed in
|
||||
<filename>/etc/resolv.conf</filename> are used instead, if
|
||||
|
@ -50,8 +50,9 @@ in
|
|||
description = ''
|
||||
Controls Link-Local Multicast Name Resolution support
|
||||
(RFC 4795) on the local host.
|
||||
</para><para>
|
||||
|
||||
If set to
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>"true"</literal></term>
|
||||
|
|
|
@ -65,10 +65,9 @@ let
|
|||
default = [];
|
||||
description = ''
|
||||
Network ports to publish from the container to the outer host.
|
||||
</para>
|
||||
<para>
|
||||
|
||||
Valid formats:
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
|
@ -91,21 +90,19 @@ let
|
|||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<para>
|
||||
|
||||
Both <literal>hostPort</literal> and
|
||||
<literal>containerPort</literal> can be specified as a range of
|
||||
ports. When specifying ranges for both, the number of container
|
||||
ports in the range must match the number of host ports in the
|
||||
range. Example: <literal>1234-1236:1234-1236/tcp</literal>
|
||||
</para>
|
||||
<para>
|
||||
|
||||
When specifying a range for <literal>hostPort</literal> only, the
|
||||
<literal>containerPort</literal> must <emphasis>not</emphasis> be a
|
||||
range. In this case, the container port is published somewhere
|
||||
within the specified <literal>hostPort</literal> range. Example:
|
||||
<literal>1234-1236:1234/tcp</literal>
|
||||
</para>
|
||||
<para>
|
||||
|
||||
Refer to the
|
||||
<link xlink:href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports">
|
||||
Docker engine documentation</link> for full details.
|
||||
|
|
|
@ -104,7 +104,7 @@ in
|
|||
"VBoxNetNAT"
|
||||
"VBoxSDL"
|
||||
"VBoxVolInfo"
|
||||
"VirtualBox"
|
||||
"VirtualBoxVM"
|
||||
]));
|
||||
|
||||
users.groups.vboxusers.gid = config.ids.gids.vboxusers;
|
||||
|
|
|
@ -67,5 +67,12 @@ import ./make-test.nix ({ pkgs, ... }: {
|
|||
# Ensure building an image on top of a layered Docker images work
|
||||
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-on-top}'");
|
||||
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-on-top.imageName}");
|
||||
|
||||
# Ensure order of layers is correct
|
||||
$docker->succeed("docker load --input='${pkgs.dockerTools.examples.layersOrder}'");
|
||||
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer1 | grep -q layer1");
|
||||
# This is to be sure the order of layers of the parent image is preserved
|
||||
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer2 | grep -q layer2");
|
||||
$docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layersOrder.imageName} cat /tmp/layer3 | grep -q layer3");
|
||||
'';
|
||||
})
|
||||
|
|
|
@ -12,6 +12,11 @@ with pkgs.lib;
|
|||
let
|
||||
esUrl = "http://localhost:9200";
|
||||
|
||||
totalHits = message :
|
||||
"curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' " +
|
||||
''-d '{\"query\" : { \"match\" : { \"message\" : \"${message}\"}}}' '' +
|
||||
"| jq .hits.total";
|
||||
|
||||
mkElkTest = name : elk :
|
||||
let elasticsearchGe7 = builtins.compareVersions elk.elasticsearch.version "7" >= 0;
|
||||
in makeTest {
|
||||
|
@ -21,7 +26,7 @@ let
|
|||
};
|
||||
nodes = {
|
||||
one =
|
||||
{ pkgs, ... }: {
|
||||
{ pkgs, lib, ... }: {
|
||||
# Not giving the machine at least 2060MB results in elasticsearch failing with the following error:
|
||||
#
|
||||
# OpenJDK 64-Bit Server VM warning:
|
||||
|
@ -40,6 +45,26 @@ let
|
|||
environment.systemPackages = [ pkgs.jq ];
|
||||
|
||||
services = {
|
||||
|
||||
journalbeat = let lt6 = builtins.compareVersions
|
||||
elk.journalbeat.version "6" < 0; in {
|
||||
enable = true;
|
||||
package = elk.journalbeat;
|
||||
extraConfig = mkOptionDefault (''
|
||||
logging:
|
||||
to_syslog: true
|
||||
level: warning
|
||||
metrics.enabled: false
|
||||
output.elasticsearch:
|
||||
hosts: [ "127.0.0.1:9200" ]
|
||||
${optionalString lt6 "template.enabled: false"}
|
||||
'' + optionalString (!lt6) ''
|
||||
journalbeat.inputs:
|
||||
- paths: []
|
||||
seek: cursor
|
||||
'');
|
||||
};
|
||||
|
||||
logstash = {
|
||||
enable = true;
|
||||
package = elk.logstash;
|
||||
|
@ -107,14 +132,19 @@ let
|
|||
testScript = ''
|
||||
startAll;
|
||||
|
||||
# Wait until elasticsearch is listening for connections.
|
||||
$one->waitForUnit("elasticsearch.service");
|
||||
$one->waitForOpenPort(9200);
|
||||
|
||||
# Continue as long as the status is not "red". The status is probably
|
||||
# "yellow" instead of "green" because we are using a single elasticsearch
|
||||
# node which elasticsearch considers risky.
|
||||
#
|
||||
# TODO: extend this test with multiple elasticsearch nodes and see if the status turns "green".
|
||||
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_cluster/health' | jq .status | grep -v red");
|
||||
# TODO: extend this test with multiple elasticsearch nodes
|
||||
# and see if the status turns "green".
|
||||
$one->waitUntilSucceeds(
|
||||
"curl --silent --show-error '${esUrl}/_cluster/health' " .
|
||||
"| jq .status | grep -v red");
|
||||
|
||||
# Perform some simple logstash tests.
|
||||
$one->waitForUnit("logstash.service");
|
||||
|
@ -123,16 +153,28 @@ let
|
|||
|
||||
# See if kibana is healthy.
|
||||
$one->waitForUnit("kibana.service");
|
||||
$one->waitUntilSucceeds("curl --silent --show-error 'http://localhost:5601/api/status' | jq .status.overall.state | grep green");
|
||||
$one->waitUntilSucceeds(
|
||||
"curl --silent --show-error 'http://localhost:5601/api/status' " .
|
||||
"| jq .status.overall.state | grep green");
|
||||
|
||||
# See if logstash messages arive in elasticsearch.
|
||||
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' -d '{\"query\" : { \"match\" : { \"message\" : \"flowers\"}}}' | jq .hits.total | grep -v 0");
|
||||
$one->waitUntilSucceeds("curl --silent --show-error '${esUrl}/_search' -H 'Content-Type: application/json' -d '{\"query\" : { \"match\" : { \"message\" : \"dragons\"}}}' | jq .hits.total | grep 0");
|
||||
$one->waitUntilSucceeds("${totalHits "flowers"} | grep -v 0");
|
||||
$one->waitUntilSucceeds("${totalHits "dragons"} | grep 0");
|
||||
|
||||
# Test if a message logged to the journal
|
||||
# is ingested by elasticsearch via journalbeat.
|
||||
$one->waitForUnit("journalbeat.service");
|
||||
$one->execute("echo 'Supercalifragilisticexpialidocious' | systemd-cat");
|
||||
$one->waitUntilSucceeds(
|
||||
"${totalHits "Supercalifragilisticexpialidocious"} | grep -v 0");
|
||||
|
||||
'' + optionalString (!elasticsearchGe7) ''
|
||||
# Test elasticsearch-curator.
|
||||
$one->systemctl("stop logstash");
|
||||
$one->systemctl("start elasticsearch-curator");
|
||||
$one->waitUntilSucceeds("! curl --silent --show-error '${esUrl}/_cat/indices' | grep logstash | grep -q ^$1");
|
||||
$one->waitUntilSucceeds(
|
||||
"! curl --silent --show-error '${esUrl}/_cat/indices' " .
|
||||
"| grep logstash | grep -q ^$1");
|
||||
'';
|
||||
};
|
||||
in mapAttrs mkElkTest {
|
||||
|
@ -140,6 +182,7 @@ in mapAttrs mkElkTest {
|
|||
elasticsearch = pkgs.elasticsearch5;
|
||||
logstash = pkgs.logstash5;
|
||||
kibana = pkgs.kibana5;
|
||||
journalbeat = pkgs.journalbeat5;
|
||||
};
|
||||
"ELK-6" =
|
||||
if enableUnfree
|
||||
|
@ -147,11 +190,13 @@ in mapAttrs mkElkTest {
|
|||
elasticsearch = pkgs.elasticsearch6;
|
||||
logstash = pkgs.logstash6;
|
||||
kibana = pkgs.kibana6;
|
||||
journalbeat = pkgs.journalbeat6;
|
||||
}
|
||||
else {
|
||||
elasticsearch = pkgs.elasticsearch6-oss;
|
||||
logstash = pkgs.logstash6-oss;
|
||||
kibana = pkgs.kibana6-oss;
|
||||
journalbeat = pkgs.journalbeat6;
|
||||
};
|
||||
"ELK-7" =
|
||||
if enableUnfree
|
||||
|
@ -159,10 +204,12 @@ in mapAttrs mkElkTest {
|
|||
elasticsearch = pkgs.elasticsearch7;
|
||||
logstash = pkgs.logstash7;
|
||||
kibana = pkgs.kibana7;
|
||||
journalbeat = pkgs.journalbeat7;
|
||||
}
|
||||
else {
|
||||
elasticsearch = pkgs.elasticsearch7-oss;
|
||||
logstash = pkgs.logstash7-oss;
|
||||
kibana = pkgs.kibana7-oss;
|
||||
journalbeat = pkgs.journalbeat7;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ with pkgs.lib;
|
|||
{
|
||||
mysql = makeTest {
|
||||
name = "gitea-mysql";
|
||||
meta.maintainers = [ maintainers.aanderse ];
|
||||
meta.maintainers = with maintainers; [ aanderse kolaente ];
|
||||
|
||||
machine =
|
||||
{ config, pkgs, ... }:
|
||||
|
|
|
@ -27,9 +27,33 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
};
|
||||
|
||||
testScript =
|
||||
let
|
||||
hardened-malloc-tests = pkgs.stdenv.mkDerivation rec {
|
||||
name = "hardened-malloc-tests-${pkgs.graphene-hardened-malloc.version}";
|
||||
src = pkgs.graphene-hardened-malloc.src;
|
||||
buildPhase = ''
|
||||
cd test/simple-memory-corruption
|
||||
make -j4
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
find . -type f -executable -exec install -Dt $out/bin '{}' +
|
||||
'';
|
||||
};
|
||||
in
|
||||
''
|
||||
$machine->waitForUnit("multi-user.target");
|
||||
|
||||
subtest "apparmor-loaded", sub {
|
||||
$machine->succeed("systemctl status apparmor.service");
|
||||
};
|
||||
|
||||
# AppArmor securityfs
|
||||
subtest "apparmor-securityfs", sub {
|
||||
$machine->succeed("mountpoint -q /sys/kernel/security");
|
||||
$machine->succeed("cat /sys/kernel/security/apparmor/profiles");
|
||||
};
|
||||
|
||||
# Test loading out-of-tree modules
|
||||
subtest "extra-module-packages", sub {
|
||||
$machine->succeed("grep -Fq wireguard /proc/modules");
|
||||
|
@ -83,5 +107,18 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
$machine->fail("systemctl hibernate");
|
||||
$machine->fail("systemctl kexec");
|
||||
};
|
||||
|
||||
# Test hardened memory allocator
|
||||
sub runMallocTestProg {
|
||||
my ($progName, $errorText) = @_;
|
||||
my $text = "fatal allocator error: " . $errorText;
|
||||
$machine->fail("${hardened-malloc-tests}/bin/" . $progName) =~ $text;
|
||||
};
|
||||
|
||||
subtest "hardenedmalloc", sub {
|
||||
runMallocTestProg("double_free_large", "invalid free");
|
||||
runMallocTestProg("unaligned_free_small", "invalid unaligned free");
|
||||
runMallocTestProg("write_after_free_small", "detected write after free");
|
||||
};
|
||||
'';
|
||||
})
|
||||
|
|
|
@ -2,9 +2,26 @@
|
|||
config ? {},
|
||||
pkgs ? import ../.. { inherit system config; },
|
||||
debug ? false,
|
||||
enableUnfree ? false
|
||||
enableUnfree ? false,
|
||||
# Nested KVM virtualization (https://www.linux-kvm.org/page/Nested_Guests)
|
||||
# requires a modprobe flag on the build machine: (kvm-amd for AMD CPUs)
|
||||
# boot.extraModprobeConfig = "options kvm-intel nested=Y";
|
||||
# Without this VirtualBox will use SW virtualization and will only be able
|
||||
# to run 32-bit guests.
|
||||
useKvmNestedVirt ? false,
|
||||
# Whether to run 64-bit guests instead of 32-bit. Requires nested KVM.
|
||||
use64bitGuest ? false,
|
||||
# Whether to enable the virtual UART in VirtualBox guests, allowing to see
|
||||
# the guest console. There is currently a bug in VirtualBox where this will
|
||||
# cause a crash if running with SW virtualization
|
||||
# (https://www.virtualbox.org/ticket/18632). If you need to debug the tests
|
||||
# then enable this and nested KVM to work around the crash (see above).
|
||||
enableVBoxUART ? false
|
||||
}:
|
||||
|
||||
assert use64bitGuest -> useKvmNestedVirt;
|
||||
assert enableVBoxUART -> useKvmNestedVirt; # VirtualBox bug, see above
|
||||
|
||||
with import ../lib/testing.nix { inherit system pkgs; };
|
||||
with pkgs.lib;
|
||||
|
||||
|
@ -94,7 +111,7 @@ let
|
|||
|
||||
testVM = vmName: vmScript: let
|
||||
cfg = (import ../lib/eval-config.nix {
|
||||
system = "i686-linux";
|
||||
system = if use64bitGuest then "x86_64-linux" else "i686-linux";
|
||||
modules = [
|
||||
../modules/profiles/minimal.nix
|
||||
(testVMConfig vmName vmScript)
|
||||
|
@ -141,13 +158,15 @@ let
|
|||
sharePath = "/home/alice/vboxshare-${name}";
|
||||
|
||||
createFlags = mkFlags [
|
||||
"--ostype Linux26"
|
||||
"--ostype ${if use64bitGuest then "Linux26_64" else "Linux26"}"
|
||||
"--register"
|
||||
];
|
||||
|
||||
vmFlags = mkFlags ([
|
||||
"--uart1 0x3F8 4"
|
||||
"--uartmode1 client /run/virtualbox-log-${name}.sock"
|
||||
vmFlags = mkFlags (
|
||||
(optionals enableVBoxUART [
|
||||
"--uart1 0x3F8 4"
|
||||
"--uartmode1 client /run/virtualbox-log-${name}.sock"
|
||||
]) ++ [
|
||||
"--memory 768"
|
||||
"--audio none"
|
||||
] ++ (attrs.vmFlags or []));
|
||||
|
@ -180,7 +199,7 @@ let
|
|||
];
|
||||
in {
|
||||
machine = {
|
||||
systemd.sockets."vboxtestlog-${name}" = {
|
||||
systemd.sockets."vboxtestlog-${name}" = mkIf enableVBoxUART {
|
||||
description = "VirtualBox Test Machine Log Socket For ${name}";
|
||||
wantedBy = [ "sockets.target" ];
|
||||
before = [ "multi-user.target" ];
|
||||
|
@ -188,7 +207,7 @@ let
|
|||
socketConfig.Accept = true;
|
||||
};
|
||||
|
||||
systemd.services."vboxtestlog-${name}@" = {
|
||||
systemd.services."vboxtestlog-${name}@" = mkIf enableVBoxUART {
|
||||
description = "VirtualBox Test Machine Log For ${name}";
|
||||
serviceConfig.StandardInput = "socket";
|
||||
serviceConfig.StandardOutput = "syslog";
|
||||
|
@ -346,6 +365,8 @@ let
|
|||
vmConfigs = mapAttrsToList mkVMConf vms;
|
||||
in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs;
|
||||
virtualisation.memorySize = 2048;
|
||||
virtualisation.qemu.options =
|
||||
if useKvmNestedVirt then ["-cpu" "kvm64,vmx=on"] else [];
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
services.xserver.displayManager.auto.user = "alice";
|
||||
users.users.alice.extraGroups = let
|
||||
|
@ -412,9 +433,14 @@ in mapAttrs (mkVBoxTest false vboxVMs) {
|
|||
);
|
||||
$machine->sleep(5);
|
||||
$machine->screenshot("gui_manager_started");
|
||||
# Home to select Tools, down to move to the VM, enter to start it.
|
||||
$machine->sendKeys("home");
|
||||
$machine->sendKeys("down");
|
||||
$machine->sendKeys("ret");
|
||||
$machine->screenshot("gui_manager_sent_startup");
|
||||
waitForStartup_simple (sub {
|
||||
$machine->sendKeys("home");
|
||||
$machine->sendKeys("down");
|
||||
$machine->sendKeys("ret");
|
||||
});
|
||||
$machine->screenshot("gui_started");
|
||||
|
|
|
@ -6,19 +6,35 @@ with lib;
|
|||
name = "xss-lock";
|
||||
meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
|
||||
|
||||
machine = {
|
||||
imports = [ ./common/x11.nix ./common/user-account.nix ];
|
||||
programs.xss-lock.enable = true;
|
||||
services.xserver.displayManager.auto.user = "alice";
|
||||
nodes = {
|
||||
simple = {
|
||||
imports = [ ./common/x11.nix ./common/user-account.nix ];
|
||||
programs.xss-lock.enable = true;
|
||||
services.xserver.displayManager.auto.user = "alice";
|
||||
};
|
||||
|
||||
custom_lockcmd = { pkgs, ... }: {
|
||||
imports = [ ./common/x11.nix ./common/user-account.nix ];
|
||||
services.xserver.displayManager.auto.user = "alice";
|
||||
|
||||
programs.xss-lock = {
|
||||
enable = true;
|
||||
extraOptions = [ "-n" "${pkgs.libnotify}/bin/notify-send 'About to sleep!'"];
|
||||
lockerCommand = "${pkgs.xlockmore}/bin/xlock -mode ant";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
$machine->start;
|
||||
$machine->waitForX;
|
||||
$machine->waitForUnit("xss-lock.service", "alice");
|
||||
startAll;
|
||||
|
||||
$machine->fail("pgrep xlock");
|
||||
$machine->succeed("su -l alice -c 'xset dpms force standby'");
|
||||
$machine->waitUntilSucceeds("pgrep i3lock");
|
||||
${concatStringsSep "\n" (mapAttrsToList (name: lockCmd: ''
|
||||
${"$"+name}->start;
|
||||
${"$"+name}->waitForX;
|
||||
${"$"+name}->waitForUnit("xss-lock.service", "alice");
|
||||
${"$"+name}->fail("pgrep ${lockCmd}");
|
||||
${"$"+name}->succeed("su -l alice -c 'xset dpms force standby'");
|
||||
${"$"+name}->waitUntilSucceeds("pgrep ${lockCmd}");
|
||||
'') { simple = "i3lock"; custom_lockcmd = "xlock"; })}
|
||||
'';
|
||||
})
|
||||
|
|
|
@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
|
|||
] ++ stdenv.lib.optional stdenv.hostPlatform.isMusl ./utils.patch
|
||||
++ [./fix_private_keyword.patch];
|
||||
|
||||
buildInputs = stdenv.lib.optional stdenv.isAarch64 autoreconfHook;
|
||||
nativeBuildInputs = stdenv.lib.optional stdenv.isAarch64 autoreconfHook;
|
||||
|
||||
propagatedBuildInputs = stdenv.lib.optionals stdenv.isDarwin [
|
||||
Carbon
|
||||
|
@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
hardeningDisable = [ "format" ];
|
||||
|
||||
preConfigure = "unset CC" + stdenv.lib.optionalString stdenv.isAarch64 ''\n
|
||||
preConfigure = "unset CC" + stdenv.lib.optionalString stdenv.isAarch64 '';
|
||||
cp ${gnu-config}/config.sub configure.sub
|
||||
cp ${gnu-config}/config.guess configure.guess
|
||||
'';
|
||||
|
|
|
@ -11,8 +11,8 @@ let
|
|||
sha256 = "0n75jq3xgq46hfmjkaaxz3gic77shs4fzajq40c8gk043i84xbdh";
|
||||
};
|
||||
"2" = {
|
||||
fluidsynthVersion = "2.0.4";
|
||||
sha256 = "1v2vji02fbrjgypwb4fw2r90hnfwfbfh3d24j8vjwlbqxhxp16s0";
|
||||
fluidsynthVersion = "2.0.5";
|
||||
sha256 = "0rv0apxbj0cgm8f8sqf5xr6kdi4q58ph92ip6cg716ha0ca5lr8y";
|
||||
};
|
||||
};
|
||||
in
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
pythonPackages.buildPythonApplication rec {
|
||||
pname = "Mopidy-Iris";
|
||||
version = "3.37.0";
|
||||
version = "3.37.1";
|
||||
|
||||
src = pythonPackages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1fy802jx3817ldrm3g5inrfjbi7s8xcx96pnglbq54nvp41lzyh5";
|
||||
sha256 = "0qcg456k7av0anymmmnlcn0v4642gbgk0nhic6w9bg9v5m0nj9ll";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
|
|
|
@ -29,17 +29,17 @@
|
|||
# handle that.
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "qmmp-1.3.1";
|
||||
name = "qmmp-1.3.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://qmmp.ylsoftware.com/files/${name}.tar.bz2";
|
||||
sha256 = "1dmybzibpr6hpr2iv1wvrjgww842mng2x0rh1mr8gs8j191xvlhw";
|
||||
sha256 = "1rh063kcyg7gs9yj2r4v5irpnq4pjaxaxsgrw30mdr21xhhc15cz";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig ];
|
||||
buildInputs =
|
||||
[ # basic requirements
|
||||
cmake pkgconfig xlibsWrapper
|
||||
qtbase qttools qtmultimedia qtx11extras
|
||||
qtbase qttools qtmultimedia qtx11extras xlibsWrapper
|
||||
# transports
|
||||
curl libmms
|
||||
# input plugins
|
||||
|
|
|
@ -72,8 +72,9 @@ with stdenv.lib; stdenv.mkDerivation rec {
|
|||
meta = with stdenv.lib; {
|
||||
description = "Open-source virtual modular synthesizer";
|
||||
homepage = http://vcvrack.com/;
|
||||
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or unfree
|
||||
license = [ licenses.bsd3 licenses.cc-by-nc-40 licenses.unfree ];
|
||||
# The source is BSD-3 licensed, some of the art is CC-BY-NC 4.0 or under a
|
||||
# no-derivatives clause
|
||||
license = with licenses; [ bsd3 cc-by-nc-40 unfreeRedistributable ];
|
||||
maintainers = with maintainers; [ moredread ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
|
|
|
@ -12,11 +12,11 @@ let
|
|||
build = "183.5452501";
|
||||
sha256Hash = "0i8wz9v6nxzr27a07cv2330i84v94pcl13gjwvpglp55hyzd8axd";
|
||||
};
|
||||
betaVersion = stableVersion;
|
||||
betaVersion = latestVersion;
|
||||
latestVersion = { # canary & dev
|
||||
version = "3.5.0.12"; # "Android Studio 3.5 Canary 13"
|
||||
build = "191.5487692";
|
||||
sha256Hash = "0iwd2qa551rs9b0w4rs7wmzdbh3r4j76xvs815l6i5pilk0s47gz";
|
||||
version = "3.5.0.13"; # "Android Studio 3.5 Beta 1"
|
||||
build = "191.5529924";
|
||||
sha256Hash = "0i710n2wr0a8lvxf1mg6a5pmdh1l72wa0hwyricyixi0mylwwc6l";
|
||||
};
|
||||
in rec {
|
||||
# Attributes are named by their corresponding release channels
|
||||
|
|
|
@ -4,12 +4,12 @@ with stdenv.lib;
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "howl-${version}";
|
||||
version = "0.5.3";
|
||||
version = "0.6";
|
||||
|
||||
# Use the release tarball containing pre-downloaded dependencies sources
|
||||
src = fetchurl {
|
||||
url = "https://github.com/howl-editor/howl/releases/download/0.5.3/howl-0.5.3.tgz";
|
||||
sha256 = "0gnc8vr5h8mwapbcqc1zr9la62rb633awyqgy8q7pwjpiy85a03v";
|
||||
url = "https://github.com/howl-editor/howl/releases/download/${version}/howl-${version}.tgz";
|
||||
sha256 = "1qc58l3rkr37cj6vhf8c7bnwbz93nscyraz7jxqwjq6k4gj0cjw3";
|
||||
};
|
||||
|
||||
sourceRoot = "./howl-${version}/src";
|
||||
|
|
|
@ -21,13 +21,13 @@ let
|
|||
in
|
||||
stdenv.mkDerivation rec {
|
||||
name = "neovim-unwrapped-${version}";
|
||||
version = "0.3.4";
|
||||
version = "0.3.5";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "neovim";
|
||||
repo = "neovim";
|
||||
rev = "v${version}";
|
||||
sha256 = "07ncvgp6xfhiwc6hd7qf7zk28n3yj47p26qj1ji29vqkwnk28y3s";
|
||||
sha256 = "113lrr9gwimvvzlkwlishm4cjqcf30xq9jfxn7vh41ckgnbiwf3w";
|
||||
};
|
||||
|
||||
patches = [
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
{ lib, fetchFromGitHub }:
|
||||
rec {
|
||||
version = "8.1.0675";
|
||||
version = "8.1.1234";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "vim";
|
||||
repo = "vim";
|
||||
rev = "v${version}";
|
||||
sha256 = "00nlh8f2rf0af3n434s0lp6idxlg4l7mi1lrlbz0xld9dsrzdmas";
|
||||
sha256 = "1ywrgciwqh1kg93kfq54zh0gdxwzgy1h49wsjdsl6s4mfscmpwng";
|
||||
};
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
, qtsvg
|
||||
, qtwebengine
|
||||
|
||||
, akonadi-contacts
|
||||
, kcalcore
|
||||
, kconfigwidgets
|
||||
, kcoreaddons
|
||||
|
@ -50,14 +51,14 @@
|
|||
}:
|
||||
|
||||
mkDerivation rec {
|
||||
name = "digikam-${version}";
|
||||
version = "6.0.0";
|
||||
pname = "digikam";
|
||||
version = "6.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "KDE";
|
||||
repo = "digikam";
|
||||
rev = "v${version}";
|
||||
sha256 = "1ifvrn0bm7fp07d059rl4dy146qzdxafl36ipxg1fg00dkv95hh4";
|
||||
sha256 = "0h0jqfgpanhxfi3r7cgip58ppypqx79z6c5jj7i7f19hp2zziip8";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake doxygen extra-cmake-modules kdoctools wrapGAppsHook ];
|
||||
|
@ -88,6 +89,7 @@ mkDerivation rec {
|
|||
qtsvg
|
||||
qtwebengine
|
||||
|
||||
akonadi-contacts
|
||||
kcalcore
|
||||
kconfigwidgets
|
||||
kcoreaddons
|
||||
|
@ -112,6 +114,7 @@ mkDerivation rec {
|
|||
|
||||
preFixup = ''
|
||||
gappsWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [ gnumake hugin enblend-enfuse ]})
|
||||
gappsWrapperArgs+=(--suffix DK_PLUGIN_PATH : ${placeholder "out"}/${qtbase.qtPluginPrefix}/${pname})
|
||||
substituteInPlace $out/bin/digitaglinktree \
|
||||
--replace "/usr/bin/perl" "${perl}/bin/perl" \
|
||||
--replace "/usr/bin/sqlite3" "${sqlite}/bin/sqlite3"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, plugins ? null}:
|
||||
{ stdenv, lib, symlinkJoin, gimp, makeWrapper, gimpPlugins, gnome3, plugins ? null}:
|
||||
|
||||
let
|
||||
allPlugins = lib.filter (pkg: builtins.isAttrs pkg && pkg.type == "derivation" && !pkg.meta.broken or false) (lib.attrValues gimpPlugins);
|
||||
|
@ -17,6 +17,7 @@ in symlinkJoin {
|
|||
for each in gimp-${versionBranch} gimp-console-${versionBranch}; do
|
||||
wrapProgram $out/bin/$each \
|
||||
--set GIMP2_PLUGINDIR "$out/lib/gimp/2.0" \
|
||||
--prefix GTK_PATH : "${gnome3.gnome-themes-extra}/lib/gtk-2.0" \
|
||||
${toString extraArgs}
|
||||
done
|
||||
set +x
|
||||
|
|
|
@ -4,11 +4,11 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "glabels-${version}";
|
||||
pname = "glabels";
|
||||
version = "3.4.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/glabels/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
|
||||
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "0f2rki8i27pkd9r0gz03cdl1g4vnmvp0j49nhxqn275vi8lmgr0q";
|
||||
};
|
||||
|
||||
|
@ -25,6 +25,13 @@ stdenv.mkDerivation rec {
|
|||
--prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH"
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
updateScript = gnome3.updateScript {
|
||||
packageName = pname;
|
||||
versionPolicy = "none";
|
||||
};
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Create labels and business cards";
|
||||
homepage = https://glabels.org/;
|
||||
|
|
|
@ -4,14 +4,12 @@
|
|||
libchamplain, librsvg, libwebp, json-glib, webkitgtk, lcms2, bison,
|
||||
flex, wrapGAppsHook, shared-mime-info }:
|
||||
|
||||
let
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gthumb";
|
||||
version = "3.6.2";
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz";
|
||||
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "0rjb0bsjhn7nyl5jyjgrypvr6qdr9dc2g586j3lzan96a2vnpgy9";
|
||||
};
|
||||
|
||||
|
@ -40,7 +38,7 @@ in stdenv.mkDerivation rec {
|
|||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://wiki.gnome.org/Apps/gthumb;
|
||||
homepage = "https://wiki.gnome.org/Apps/Gthumb";
|
||||
description = "Image browser and viewer for GNOME";
|
||||
platforms = platforms.linux;
|
||||
license = licenses.gpl2;
|
||||
|
|
|
@ -3,11 +3,11 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "ipe-7.2.11";
|
||||
name = "ipe-7.2.12";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://dl.bintray.com/otfried/generic/ipe/7.2/${name}-src.tar.gz";
|
||||
sha256 = "09d71fdpiz359mcnb57460w2mcfizvlnidd6g1k4c3v6rglwlbd2";
|
||||
sha256 = "1qw1cmwzi3wxk4x916i9y4prhi9brnwl14i9a1cbw23x1sr7i6kw";
|
||||
};
|
||||
|
||||
sourceRoot = "${name}/src";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ stdenv, fetchFromGitHub, qt5, libsForQt5
|
||||
, bison, flex, eigen, boost, libGLU_combined, glew, opencsg, cgal
|
||||
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext
|
||||
, mpfr, gmp, glib, pkgconfig, harfbuzz, gettext, freetype, fontconfig
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -18,11 +18,13 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "1y63yqyd0v255liik4ff5ak6mj86d8d76w436x76hs5dk6jgpmfb";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ bison flex pkgconfig ];
|
||||
|
||||
buildInputs = [
|
||||
bison flex eigen boost libGLU_combined glew opencsg cgal mpfr gmp glib
|
||||
pkgconfig harfbuzz gettext
|
||||
]
|
||||
++ (with qt5; [qtbase qmake])
|
||||
eigen boost glew opencsg cgal mpfr gmp glib
|
||||
harfbuzz gettext freetype fontconfig
|
||||
] ++ stdenv.lib.optional stdenv.isLinux libGLU_combined
|
||||
++ (with qt5; [qtbase qmake] ++ stdenv.lib.optional stdenv.isDarwin qtmacextras)
|
||||
++ (with libsForQt5; [qscintilla])
|
||||
;
|
||||
|
||||
|
@ -33,6 +35,17 @@ stdenv.mkDerivation rec {
|
|||
|
||||
doCheck = false;
|
||||
|
||||
postInstall = stdenv.lib.optionalString stdenv.isDarwin ''
|
||||
mkdir $out/Applications
|
||||
mv $out/bin/*.app $out/Applications
|
||||
rmdir $out/bin || true
|
||||
|
||||
mv --target-directory=$out/Applications/OpenSCAD.app/Contents/Resources \
|
||||
$out/share/openscad/{examples,color-schemes,locale,libraries,fonts}
|
||||
|
||||
rmdir $out/share/openscad
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "3D parametric model compiler";
|
||||
longDescription = ''
|
||||
|
@ -48,7 +61,7 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
homepage = http://openscad.org/;
|
||||
license = stdenv.lib.licenses.gpl2;
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
platforms = stdenv.lib.platforms.unix;
|
||||
maintainers = with stdenv.lib.maintainers;
|
||||
[ bjornfor raskin the-kenny ];
|
||||
};
|
||||
|
|
|
@ -12,14 +12,14 @@ let
|
|||
};
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
version = "1.2";
|
||||
version = "1.4";
|
||||
name = "renderdoc-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "baldurk";
|
||||
repo = "renderdoc";
|
||||
rev = "v${version}";
|
||||
sha256 = "0s1q5d58x18yz3nf94pv5i1qd2hc0a4gdj4qkpcn8s6ms2x05pz4";
|
||||
sha256 = "1iann73r4yzkwnm13h4zqipqrp5i5cnkv27yyap0axz6h3npw94r";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
mkDerivation, lib,
|
||||
extra-cmake-modules, kdoctools, ki18n, makeWrapper,
|
||||
akonadi-contacts, gnupg1, karchive, kcodecs, kcontacts, kcoreaddons,
|
||||
akonadi-contacts, gnupg, karchive, kcodecs, kcontacts, kcoreaddons,
|
||||
kcrash, kdbusaddons, kiconthemes, kjobwidgets, kio, knotifications, kservice,
|
||||
ktextwidgets, kxmlgui, kwidgetsaddons, kwindowsystem, qgpgme,
|
||||
}:
|
||||
|
@ -10,12 +10,12 @@ mkDerivation {
|
|||
name = "kgpg";
|
||||
nativeBuildInputs = [ extra-cmake-modules kdoctools makeWrapper ];
|
||||
buildInputs = [
|
||||
akonadi-contacts gnupg1 karchive kcodecs kcontacts kcoreaddons kcrash
|
||||
akonadi-contacts gnupg karchive kcodecs kcontacts kcoreaddons kcrash
|
||||
kdbusaddons ki18n kiconthemes kjobwidgets kio knotifications kservice
|
||||
ktextwidgets kxmlgui kwidgetsaddons kwindowsystem qgpgme
|
||||
];
|
||||
postFixup = ''
|
||||
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg1 ]}"
|
||||
wrapProgram "$out/bin/kgpg" --prefix PATH : "${lib.makeBinPath [ gnupg ]}"
|
||||
'';
|
||||
meta = {
|
||||
license = [ lib.licenses.gpl2 ];
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{ config, lib, stdenv, fetchurl, CoreAudio
|
||||
{ config, lib, stdenv, fetchurl, pkgconfig, CoreAudio
|
||||
, enableAlsa ? true, alsaLib ? null
|
||||
, enableLibao ? true, libao ? null
|
||||
, enableLame ? config.sox.enableLame or false, lame ? null
|
||||
, enableLibmad ? true, libmad ? null
|
||||
, enableLibogg ? true, libogg ? null, libvorbis ? null
|
||||
, enableOpusfile ? true, opusfile ? null
|
||||
, enableFLAC ? true, flac ? null
|
||||
, enablePNG ? true, libpng ? null
|
||||
, enableLibsndfile ? true, libsndfile ? null
|
||||
|
@ -22,12 +23,16 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "0v2znlxkxxcd3f48hf3dx9pq7i6fdhb62kgj7wv8xggz8f35jpxl";
|
||||
};
|
||||
|
||||
# configure.ac uses pkg-config only to locate libopusfile
|
||||
nativeBuildInputs = optional enableOpusfile pkgconfig;
|
||||
|
||||
buildInputs =
|
||||
optional (enableAlsa && stdenv.isLinux) alsaLib ++
|
||||
optional enableLibao libao ++
|
||||
optional enableLame lame ++
|
||||
optional enableLibmad libmad ++
|
||||
optionals enableLibogg [ libogg libvorbis ] ++
|
||||
optional enableOpusfile opusfile ++
|
||||
optional enableFLAC flac ++
|
||||
optional enablePNG libpng ++
|
||||
optional enableLibsndfile libsndfile ++
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
{ stdenv, fetchFromGitHub, cairo, cmake, libxkbcommon
|
||||
, pango, fribidi, harfbuzz, pcre, pkgconfig
|
||||
, ncursesSupport ? true, ncurses ? null
|
||||
, waylandSupport ? true, wayland ? null
|
||||
, x11Support ? true, xlibs ? null, xorg ? null
|
||||
}:
|
||||
|
||||
assert ncursesSupport -> ncurses != null;
|
||||
assert waylandSupport -> wayland != null;
|
||||
assert x11Support -> xlibs != null && xorg != null;
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "bemenu";
|
||||
version = "0.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Cloudef";
|
||||
repo = "bemenu";
|
||||
rev = "33e540a2b04ce78f5c7ab4a60b899c67f586cc32";
|
||||
sha256 = "11h55m9dx6ai12pqij52ydjm36dvrcc856pa834njihrp626pl4w";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake pkgconfig pcre ];
|
||||
|
||||
buildInputs = with stdenv.lib; [
|
||||
cairo
|
||||
fribidi
|
||||
harfbuzz
|
||||
libxkbcommon
|
||||
pango
|
||||
] ++ optionals ncursesSupport [ ncurses ]
|
||||
++ optionals waylandSupport [ wayland ]
|
||||
++ optionals x11Support [
|
||||
xlibs.libX11 xlibs.libXinerama xlibs.libXft
|
||||
xorg.libXdmcp xorg.libpthreadstubs xorg.libxcb
|
||||
];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = "https://github.com/Cloudef/bemenu";
|
||||
description = "Dynamic menu library and client program inspired by dmenu";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = with maintainers; [ thiagokokada ];
|
||||
platforms = with platforms; linux;
|
||||
};
|
||||
}
|
|
@ -9,17 +9,13 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "0vw2xi6a2lrhrb8n55zq9lv4mzxhby4xdf3hmi1vlfpyrpdwkjzd";
|
||||
};
|
||||
|
||||
buildInputs = [ ncurses gettext python3 ];
|
||||
buildInputs = [ ncurses gettext python3 python3Packages.wrapPython ];
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
# Build Python environment with httplib2 for calcurse-caldav
|
||||
pythonEnv = python3Packages.python.buildEnv.override {
|
||||
extraLibs = [ python3Packages.httplib2 ];
|
||||
};
|
||||
propagatedBuildInputs = [ pythonEnv ];
|
||||
|
||||
postInstall = ''
|
||||
substituteInPlace $out/bin/calcurse-caldav --replace /usr/bin/python3 ${pythonEnv}/bin/python3
|
||||
patchShebangs .
|
||||
buildPythonPath ${python3Packages.httplib2}
|
||||
patchPythonScript $out/bin/calcurse-caldav
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
|
|||
sed -i "s@PREFIX = /usr/local@PREFIX = $out@g" config.mk
|
||||
'';
|
||||
|
||||
makeFlags = [ "CC:=$(CC)" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A generic, highly customizable, and efficient menu for the X Window System";
|
||||
homepage = https://tools.suckless.org/dmenu;
|
||||
|
|
|
@ -1,28 +1,36 @@
|
|||
{ stdenv, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }:
|
||||
{ stdenv, fetchurl, fetchFromGitHub, python3, python3Packages, zbar, secp256k1 }:
|
||||
|
||||
let
|
||||
qdarkstyle = python3Packages.buildPythonPackage rec {
|
||||
pname = "QDarkStyle";
|
||||
version = "2.5.4";
|
||||
src = python3Packages.fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1w715m1i5pycfqcpkrggpn0rs9cakx6cm5v8rggcxnf4p0i0kdiy";
|
||||
};
|
||||
doCheck = false; # no tests
|
||||
version = "3.3.5";
|
||||
|
||||
# Not provided in official source releases, which are what upstream signs.
|
||||
tests = fetchFromGitHub {
|
||||
owner = "spesmilo";
|
||||
repo = "electrum";
|
||||
rev = version;
|
||||
sha256 = "11rzzrv5xxqazcb7q1ig93d6cisqmd1x0jrgvfgzysbzvi51gg11";
|
||||
|
||||
extraPostFetch = ''
|
||||
mv $out ./all
|
||||
mv ./all/electrum/tests $out
|
||||
'';
|
||||
};
|
||||
in
|
||||
|
||||
python3Packages.buildPythonApplication rec {
|
||||
pname = "electrum";
|
||||
version = "3.3.4";
|
||||
inherit version;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "spesmilo";
|
||||
repo = "electrum";
|
||||
rev = version;
|
||||
sha256 = "0yxdpc602jnd14xz3px85ka0b6db98zwbgfi9a3vj8p1k3mmiwaj";
|
||||
src = fetchurl {
|
||||
url = "https://download.electrum.org/${version}/Electrum-${version}.tar.gz";
|
||||
sha256 = "1csj0n96zlajnrs39wsazfj5lmy7v7n77cdz56lr8nkmchh6k9z1";
|
||||
};
|
||||
|
||||
postUnpack = ''
|
||||
# can't symlink, tests get confused
|
||||
cp -ar ${tests} $sourceRoot/electrum/tests
|
||||
'';
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
aiorpcx
|
||||
aiohttp
|
||||
|
@ -64,7 +72,10 @@ python3Packages.buildPythonApplication rec {
|
|||
rm -rf $out/${python3.sitePackages}/nix
|
||||
|
||||
substituteInPlace $out/share/applications/electrum.desktop \
|
||||
--replace "Exec=electrum %u" "Exec=$out/bin/electrum %u"
|
||||
--replace 'Exec=sh -c "PATH=\"\\$HOME/.local/bin:\\$PATH\"; electrum %u"' \
|
||||
"Exec=$out/bin/electrum %u" \
|
||||
--replace 'Exec=sh -c "PATH=\"\\$HOME/.local/bin:\\$PATH\"; electrum --testnet %u"' \
|
||||
"Exec=$out/bin/electrum --testnet %u"
|
||||
'';
|
||||
|
||||
checkInputs = with python3Packages; [ pytest ];
|
||||
|
|
|
@ -4,10 +4,10 @@
|
|||
|
||||
let
|
||||
gtkglarea = stdenv.mkDerivation rec {
|
||||
name = "gtkglarea-${version}";
|
||||
pname = "gtkglarea";
|
||||
version = "2.1.0";
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/gtkglarea/2.1/${name}.tar.xz";
|
||||
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "1pl2vdj6l64j864ilhkq1bcggb3hrlxjwk5m029i7xfjfxc587lf";
|
||||
};
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
|
@ -16,13 +16,13 @@ let
|
|||
};
|
||||
|
||||
in stdenv.mkDerivation rec {
|
||||
name = "fsv-${version}";
|
||||
pname = "fsv";
|
||||
version = "0.9-1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mcuelenaere";
|
||||
repo = "fsv";
|
||||
rev = name;
|
||||
rev = "${pname}-${version}";
|
||||
sha256 = "0n09jd7yqj18mx6zqbg7kab4idg5llr15g6avafj74fpg1h7iimj";
|
||||
};
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@ stdenv.mkDerivation rec {
|
|||
It is fully customizable.
|
||||
'';
|
||||
homepage = https://www.gnu.org/software/hello/manual/;
|
||||
changelog = "https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}";
|
||||
license = licenses.gpl3Plus;
|
||||
maintainers = [ maintainers.eelco ];
|
||||
platforms = platforms.all;
|
||||
|
|
|
@ -5,7 +5,9 @@
|
|||
|
||||
let
|
||||
|
||||
version = "1.3.1-ff75f26";
|
||||
data = builtins.fromJSON (builtins.readFile ./revision.json);
|
||||
|
||||
inherit (data) version url sha256;
|
||||
|
||||
rpath = stdenv.lib.makeLibraryPath
|
||||
[ libX11 zlib libSM libICE libXext freetype libXrender fontconfig libXft
|
||||
|
@ -17,10 +19,7 @@ in
|
|||
stdenv.mkDerivation {
|
||||
name = "hubstaff-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/${version}/Hubstaff-${version}.sh";
|
||||
sha256 = "0jm5l34r6lkfkg8vsdfqbr0axngxznhagwcl9y184lnyji91fmdl";
|
||||
};
|
||||
src = fetchurl { inherit sha256 url; };
|
||||
|
||||
nativeBuildInputs = [ unzip makeWrapper ];
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"url": "https://hubstaff-production.s3.amazonaws.com/downloads/HubstaffClient/Builds/Release/1.4.5-c5b459ea/Hubstaff-1.4.5-c5b459ea.sh",
|
||||
"version": "1.4.5-c5b459ea",
|
||||
"sha256": "180qglbj175wln0kh8d5czhjvy7z503zxn4w6522hkz4ddz201nz"
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p nix-prefetch-git curl
|
||||
|
||||
SCRIPT_DIR=$(dirname "$(readlink -f "$BASH_SOURCE")")
|
||||
|
||||
installation_script_url=$(curl --fail --head --location --silent --output /dev/null --write-out %{url_effective} https://app.hubstaff.com/download/linux)
|
||||
|
||||
version=$(echo "$installation_script_url" | sed -r 's/^https:\/\/hubstaff\-production\.s3\.amazonaws\.com\/downloads\/HubstaffClient\/Builds\/Release\/([^\/]+)\/Hubstaff.+$/\1/')
|
||||
|
||||
sha256=$(nix-prefetch-url "$installation_script_url")
|
||||
|
||||
cat <<EOT > $SCRIPT_DIR/revision.json
|
||||
{
|
||||
"url": "$installation_script_url",
|
||||
"version": "$version",
|
||||
"sha256": "$sha256"
|
||||
}
|
||||
EOT
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "josm-${version}";
|
||||
version = "14945";
|
||||
version = "15031";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
|
||||
sha256 = "0kdfdn0i7gjfkkllb93598ywf0qlllzsia5q14szc5b5assl8qpb";
|
||||
sha256 = "19qw1s5v0dha329a7rfnhby0rq5d109b3f1ln2w1dfkmirbl75ir";
|
||||
};
|
||||
|
||||
buildInputs = [ jdk11 makeWrapper ];
|
||||
|
|
|
@ -57,7 +57,28 @@ stdenv.mkDerivation rec {
|
|||
prePatch = ''
|
||||
cp ${src}/leptonica_mod/{allheaders.h,dewarp2.c,leptwin.c} src/
|
||||
'';
|
||||
patches = [];
|
||||
patches = [
|
||||
# stripped down copy of upstream commit b88c821f8d347bce0aea86d606c710303919f3d2
|
||||
./leptonica-CVE-2018-3836.patch
|
||||
(fetchpatch {
|
||||
# CVE-2018-7186
|
||||
url = "https://github.com/DanBloomberg/leptonica/commit/"
|
||||
+ "ee301cb2029db8a6289c5295daa42bba7715e99a.patch";
|
||||
sha256 = "0cgb7mvz2px1rg5i80wk1wxxjvzjga617d8q6j7qygkp7jm6495d";
|
||||
})
|
||||
(fetchpatch {
|
||||
# CVE-2018-7247
|
||||
url = "https://github.com/DanBloomberg/leptonica/commit/"
|
||||
+ "c1079bb8e77cdd426759e466729917ca37a3ed9f.patch";
|
||||
sha256 = "1z4iac5gwqggh7aa8cvyp6nl9fwd1v7wif26caxc9y5qr3jj34qf";
|
||||
})
|
||||
(fetchpatch {
|
||||
# CVE-2018-7440
|
||||
url = "https://github.com/DanBloomberg/leptonica/commit/"
|
||||
+ "49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b.patch";
|
||||
sha256 = "1hjmva98iaw9xj7prg7aimykyayikcwnk4hk0380007hqb35lqmy";
|
||||
})
|
||||
];
|
||||
});
|
||||
tesseract_modded = tesseract4.override {
|
||||
tesseractBase = tesseract4.tesseractBase.overrideAttrs (_: {
|
||||
|
|
|
@ -0,0 +1,95 @@
|
|||
--- a/src/allheaders.h
|
||||
+++ b/src/allheaders.h
|
||||
@@ -2600,6 +2600,7 @@
|
||||
LEPT_DLL extern char * stringReverse ( const char *src );
|
||||
LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr );
|
||||
LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail );
|
||||
+LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound );
|
||||
LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars );
|
||||
LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc );
|
||||
LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc );
|
||||
--- a/src/gplot.c
|
||||
+++ b/src/gplot.c
|
||||
@@ -141,9 +141,10 @@
|
||||
const char *xlabel,
|
||||
const char *ylabel)
|
||||
{
|
||||
-char *newroot;
|
||||
-char buf[L_BUF_SIZE];
|
||||
-GPLOT *gplot;
|
||||
+char *newroot;
|
||||
+char buf[L_BUF_SIZE];
|
||||
+l_int32 badchar;
|
||||
+GPLOT *gplot;
|
||||
|
||||
PROCNAME("gplotCreate");
|
||||
|
||||
@@ -152,6 +153,9 @@
|
||||
if (outformat != GPLOT_PNG && outformat != GPLOT_PS &&
|
||||
outformat != GPLOT_EPS && outformat != GPLOT_LATEX)
|
||||
return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL);
|
||||
+ stringCheckForChars(rootname, "`;&|><\"?*", &badchar);
|
||||
+ if (badchar) /* danger of command injection */
|
||||
+ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL);
|
||||
|
||||
if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL)
|
||||
return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL);
|
||||
--- a/src/utils2.c
|
||||
+++ b/src/utils2.c
|
||||
@@ -42,6 +42,7 @@
|
||||
* l_int32 stringSplitOnToken()
|
||||
*
|
||||
* Find and replace string and array procs
|
||||
+ * l_int32 stringCheckForChars()
|
||||
* char *stringRemoveChars()
|
||||
* l_int32 stringFindSubstr()
|
||||
* char *stringReplaceSubstr()
|
||||
@@ -701,6 +702,48 @@
|
||||
/*--------------------------------------------------------------------*
|
||||
* Find and replace procs *
|
||||
*--------------------------------------------------------------------*/
|
||||
+/*!
|
||||
+ * \brief stringCheckForChars()
|
||||
+ *
|
||||
+ * \param[in] src input string; can be of zero length
|
||||
+ * \param[in] chars string of chars to be searched for in %src
|
||||
+ * \param[out] pfound 1 if any characters are found; 0 otherwise
|
||||
+ * \return 0 if OK, 1 on error
|
||||
+ *
|
||||
+ * <pre>
|
||||
+ * Notes:
|
||||
+ * (1) This can be used to sanitize an operation by checking for
|
||||
+ * special characters that don't belong in a string.
|
||||
+ * </pre>
|
||||
+ */
|
||||
+l_int32
|
||||
+stringCheckForChars(const char *src,
|
||||
+ const char *chars,
|
||||
+ l_int32 *pfound)
|
||||
+{
|
||||
+char ch;
|
||||
+l_int32 i, n;
|
||||
+
|
||||
+ PROCNAME("stringCheckForChars");
|
||||
+
|
||||
+ if (!pfound)
|
||||
+ return ERROR_INT("&found not defined", procName, 1);
|
||||
+ *pfound = FALSE;
|
||||
+ if (!src || !chars)
|
||||
+ return ERROR_INT("src and chars not both defined", procName, 1);
|
||||
+
|
||||
+ n = strlen(src);
|
||||
+ for (i = 0; i < n; i++) {
|
||||
+ ch = src[i];
|
||||
+ if (strchr(chars, ch)) {
|
||||
+ *pfound = TRUE;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/*!
|
||||
* \brief stringRemoveChars()
|
||||
*
|
|
@ -2,7 +2,7 @@
|
|||
harfbuzz, fontconfig, pkgconfig, ncurses, imagemagick, xsel,
|
||||
libstartup_notification, libX11, libXrandr, libXinerama, libXcursor,
|
||||
libxkbcommon, libXi, libXext, wayland-protocols, wayland,
|
||||
which, dbus,
|
||||
which, dbus, fetchpatch,
|
||||
Cocoa,
|
||||
CoreGraphics,
|
||||
Foundation,
|
||||
|
@ -67,6 +67,17 @@ buildPythonApplication rec {
|
|||
libstartup_notification = "${libstartup_notification}/lib/libstartup-notification-1.so";
|
||||
})
|
||||
] ++ stdenv.lib.optionals stdenv.isDarwin [
|
||||
(fetchpatch {
|
||||
name = "macos-symlink-1";
|
||||
url = https://github.com/kovidgoyal/kitty/commit/bdeec612667f6976109247fe1750b10dda9c24c0.patch;
|
||||
sha256 = "1d18x260w059qag80kgb2cgi2h4rricvqhwpbrw79s8yxzs7jhxk";
|
||||
})
|
||||
(fetchpatch {
|
||||
# fixup of previous patch
|
||||
name = "macos-symlink-2";
|
||||
url = https://github.com/kovidgoyal/kitty/commit/af2c9a49b1ad31e94242295d88598591623fbf11.patch;
|
||||
sha256 = "0k3dmgbvmh66j8k3h8dw6la6ma6f20fng6jjypy982kxvracsnl5";
|
||||
})
|
||||
./macos-10.11.patch
|
||||
./no-lto.patch
|
||||
./no-werror.patch
|
||||
|
@ -84,7 +95,7 @@ buildPythonApplication rec {
|
|||
mkdir -p $out
|
||||
${if stdenv.isDarwin then ''
|
||||
mkdir "$out/bin"
|
||||
ln -s ../Applications/kitty.app/Contents/MacOS/kitty "$out/bin/kitty"
|
||||
ln -s ../Applications/kitty.app/Contents/MacOS/kitty-deref-symlink "$out/bin/kitty"
|
||||
mkdir "$out/Applications"
|
||||
cp -r kitty.app "$out/Applications/kitty.app"
|
||||
'' else ''
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
{ stdenv, fetchFromGitHub, cmake, perl
|
||||
, alsaLib, libevdev, libopus, udev, SDL2
|
||||
, ffmpeg, pkgconfig, xorg, libvdpau, libpulseaudio, libcec
|
||||
, curl, expat, avahi, enet, libuuid
|
||||
, curl, expat, avahi, enet, libuuid, libva
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "moonlight-embedded-${version}";
|
||||
version = "2.4.7";
|
||||
version = "2.4.9";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "irtimmer";
|
||||
repo = "moonlight-embedded";
|
||||
rev = "v${version}";
|
||||
sha256 = "0ihgb0kh4rhbgn55s25rfbs8063zqvcyqn137jn3nsc0is1595a9";
|
||||
sha256 = "1mzs0dr6bg57kjyxjh48hfmlsil7fvgqf9lhjzxxj3llvpxwws86";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
|
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [
|
||||
alsaLib libevdev libopus udev SDL2
|
||||
ffmpeg pkgconfig xorg.libxcb libvdpau libpulseaudio libcec
|
||||
xorg.libpthreadstubs curl expat avahi enet libuuid
|
||||
xorg.libpthreadstubs curl expat avahi enet libuuid libva
|
||||
];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -15,13 +15,26 @@ let
|
|||
packageOverrides = lib.foldr lib.composeExtensions (self: super: { }) ([
|
||||
(mkOverride "flask" "0.10.1" "0wrkavjdjndknhp8ya8j850jq7a1cli4g5a93mg8nh1xz2gq50sc")
|
||||
(mkOverride "flask_login" "0.2.11" "1rg3rsjs1gwi2pw6vr9jmhaqm9b3vc9c4hfcsvp4y8agbh7g3mc3")
|
||||
(mkOverride "jinja2" "2.8.1" "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m")
|
||||
(mkOverride "pylru" "1.0.9" "0b0pq0l7xv83dfsajsc49jcxzc99kb9jfx1a1dlx22hzcy962dvi")
|
||||
(mkOverride "sarge" "0.1.4" "08s8896973bz1gg0pkr592w6g4p6v47bkfvws5i91p9xf8b35yar")
|
||||
(mkOverride "tornado" "4.5.3" "02jzd23l4r6fswmwxaica9ldlyc2p6q8dk6dyff7j58fmdzf853d")
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/pull/58179#issuecomment-478605134
|
||||
(mkOverride "werkzeug" "0.14.1" "c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c")
|
||||
|
||||
# Octoprint holds back jinja2 to 2.8.1 due to breaking changes.
|
||||
# This old version does not have updated test config for pytest 4,
|
||||
# and pypi tarball doesn't contain tests dir anyways.
|
||||
(pself: psuper: {
|
||||
jinja2 = psuper.jinja2.overridePythonAttrs (oldAttrs: rec {
|
||||
version = "2.8.1";
|
||||
src = oldAttrs.src.override {
|
||||
inherit version;
|
||||
sha256 = "14aqmhkc9rw5w0v311jhixdm6ym8vsm29dhyxyrjfqxljwx1yd1m";
|
||||
};
|
||||
doCheck = false;
|
||||
});
|
||||
})
|
||||
]);
|
||||
};
|
||||
|
||||
|
@ -69,7 +82,7 @@ in py.pkgs.buildPythonApplication rec {
|
|||
pylru pyyaml sarge feedparser netifaces click websocket_client
|
||||
scandir chainmap future dateutil futures wrapt monotonic emoji
|
||||
frozendict
|
||||
];
|
||||
] ++ lib.optionals stdenv.isDarwin [ py.pkgs.appdirs ];
|
||||
|
||||
checkInputs = with py.pkgs; [ nose mock ddt ];
|
||||
|
||||
|
@ -82,7 +95,7 @@ in py.pkgs.buildPythonApplication rec {
|
|||
'';
|
||||
|
||||
checkPhase = ''
|
||||
HOME=$(mktemp -d) nosetests
|
||||
HOME=$(mktemp -d) nosetests ${lib.optionalString stdenv.isDarwin "--exclude=test_set_external_modification"}
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -4,11 +4,11 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "pdfmod-${version}";
|
||||
pname = "pdfmod";
|
||||
version = "0.9.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/pdfmod/0.9/pdfmod-${version}.tar.bz2";
|
||||
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.bz2";
|
||||
sha256 = "eb7c987514a053106ddf03f26544766c751c801d87762909b36415d46bc425c9";
|
||||
};
|
||||
|
||||
|
@ -40,7 +40,7 @@ stdenv.mkDerivation rec {
|
|||
dontStrip = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://wiki.gnome.org/Apps/PdfMod;
|
||||
homepage = "https://wiki.gnome.org/Attic/PdfMod";
|
||||
description = "A simple application for modifying PDF documents";
|
||||
platforms = platforms.all;
|
||||
maintainers = with maintainers; [ obadz ];
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
, cabextract
|
||||
, gettext
|
||||
, glxinfo
|
||||
, gnupg1compat
|
||||
, gnupg
|
||||
, icoutils
|
||||
, imagemagick
|
||||
, netcat-gnu
|
||||
|
@ -32,7 +32,7 @@ let
|
|||
python2Packages.python
|
||||
gettext
|
||||
glxinfo
|
||||
gnupg1compat
|
||||
gnupg
|
||||
icoutils
|
||||
imagemagick
|
||||
netcat-gnu
|
||||
|
|
|
@ -4,13 +4,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "tilix";
|
||||
version = "1.9.0";
|
||||
version = "1.9.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "gnunn1";
|
||||
repo = "tilix";
|
||||
rev = version;
|
||||
sha256 = "1k8hqpq6bzmn06b4s8c257n37ghgp3fl7l9g6fy0giwk1x0ix735";
|
||||
sha256 = "0mg9y4xd2pnv0smibg7dyy733jarvx6qpdqap3sj7fpyni0jvpph";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -5,11 +5,11 @@ let
|
|||
in
|
||||
buildPythonApplication rec {
|
||||
pname = "tzupdate";
|
||||
version = "1.3.1";
|
||||
version = "1.4.0";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "085kp4v9ijhkfvr0r5rzn4z7nrkb2qig05j0bajb0gkgynwf8wnz";
|
||||
sha256 = "1sc3z2bx2nhnxg82x0jy19pr8lw56chbr90c2lr11w495csqwhz7";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [ requests ];
|
||||
|
|
|
@ -32,15 +32,15 @@ stdenv.mkDerivation rec {
|
|||
] ++ optional synctexSupport "-Dsynctex=enabled";
|
||||
|
||||
nativeBuildInputs = [
|
||||
meson ninja pkgconfig appstream-glib desktop-file-utils python3.pkgs.sphinx
|
||||
meson ninja pkgconfig desktop-file-utils python3.pkgs.sphinx
|
||||
gettext makeWrapper libxml2
|
||||
];
|
||||
] ++ optional stdenv.isLinux appstream-glib;
|
||||
|
||||
buildInputs = [
|
||||
gtk girara libintl libseccomp
|
||||
sqlite glib file librsvg
|
||||
gtk girara libintl sqlite glib file librsvg
|
||||
] ++ optional synctexSupport texlive.bin.core
|
||||
++ optional stdenv.isDarwin [ gtk-mac-integration ];
|
||||
++ optional stdenv.isLinux libseccomp
|
||||
++ optional stdenv.isDarwin gtk-mac-integration;
|
||||
|
||||
meta = {
|
||||
homepage = https://pwmt.org/projects/zathura/;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ config, pkgs
|
||||
, useMupdf ? config.zathura.useMupdf or true
|
||||
# zathura_pdf_mupdf fails to load _opj_create_decompress at runtime on Darwin (https://github.com/NixOS/nixpkgs/pull/61295#issue-277982980)
|
||||
, useMupdf ? config.zathura.useMupdf or (!pkgs.stdenv.isDarwin)
|
||||
, synctexSupport ? true }:
|
||||
|
||||
let
|
||||
|
|
|
@ -21,9 +21,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
buildInputs = [
|
||||
zathura_core girara mupdf cairo
|
||||
] ++ stdenv.lib.optional stdenv.isDarwin [
|
||||
gtk-mac-integration
|
||||
];
|
||||
] ++ lib.optional stdenv.isDarwin gtk-mac-integration;
|
||||
|
||||
PKG_CONFIG_ZATHURA_PLUGINDIR= "lib/zathura";
|
||||
|
||||
|
|
|
@ -14,9 +14,9 @@ let
|
|||
in buildGoPackage rec {
|
||||
pname = "minikube";
|
||||
name = "${pname}-${version}";
|
||||
version = "1.0.0";
|
||||
version = "1.0.1";
|
||||
|
||||
kubernetesVersion = "1.14.0";
|
||||
kubernetesVersion = "1.14.1";
|
||||
|
||||
goPackagePath = "k8s.io/minikube";
|
||||
|
||||
|
@ -24,7 +24,7 @@ in buildGoPackage rec {
|
|||
owner = "kubernetes";
|
||||
repo = "minikube";
|
||||
rev = "v${version}";
|
||||
sha256 = "170iy0h27gkz2hg485rnawdw069gxwgkwsjmfj5yag2kkgl7gxa3";
|
||||
sha256 = "1fgyaq8789wc3h6xmn4iw6if2jxdv5my35yn6ipx3q6i4hagxl4b";
|
||||
};
|
||||
|
||||
buildInputs = [ go-bindata makeWrapper gpgme ] ++ stdenv.lib.optional stdenv.hostPlatform.isDarwin vmnet;
|
||||
|
|
|
@ -4,22 +4,22 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-acme";
|
||||
version = "1.1.1";
|
||||
sha256 = "0fva2kw82s94r4s4dpk38kcmssmcr71ia9jyg1rqmc00ifilfrzj";
|
||||
version = "1.1.2";
|
||||
sha256 = "1l77pckiwa72lwbwbqkjzy6m9xsgp13spmzc80gfl4q0gd3d46an";
|
||||
};
|
||||
alicloud =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-alicloud";
|
||||
version = "1.39.0";
|
||||
sha256 = "0m5fvqrvnb7v5iii67l743j3hq32rljrvnkgc7fcd46zrf38yl2h";
|
||||
version = "1.41.0";
|
||||
sha256 = "0bl24mgk0rangwwbz43ybymcivn3kjjg35rrvv7ashvhmx58qcf8";
|
||||
};
|
||||
archive =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-archive";
|
||||
version = "1.2.1";
|
||||
sha256 = "1avx3m0dkld0kmsi8ifqcla8254p1izh5wrziffr7r05s152r8qf";
|
||||
version = "1.2.2";
|
||||
sha256 = "1saprj2r74b63z03n80m3mfj3vhgvlm4gp2hzqzjbdgibxsz4jaw";
|
||||
};
|
||||
arukas =
|
||||
{
|
||||
|
@ -39,36 +39,36 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-aws";
|
||||
version = "2.6.0";
|
||||
sha256 = "0hpnyid5w33n8ypwcz3a43gazbvk6m60b57qll2qgx6bm1q75b19";
|
||||
version = "2.9.0";
|
||||
sha256 = "1gkw60ihc2b3qhb110m0mckfvb21lqgx4vc4x249mfxxk25i26s7";
|
||||
};
|
||||
azuread =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-azuread";
|
||||
version = "0.2.0";
|
||||
sha256 = "01aiynw905gbn6dv23971yhwv0kfcbckcqp4f65sypn1l8szqyjg";
|
||||
version = "0.3.1";
|
||||
sha256 = "1bs4m9hwdag58by49zsjpys3xvxg98nq8qims17mc82pbsz6mpag";
|
||||
};
|
||||
azurerm =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-azurerm";
|
||||
version = "1.25.0";
|
||||
sha256 = "1fhcljxz6cb5q1kd7aprxv1bga53x6fg65q5wkp985aaqnl42b8k";
|
||||
version = "1.27.1";
|
||||
sha256 = "0lxa84j9kzinblz7zp4gizizj0sy0vidkjvgnb99sr3861rak1x5";
|
||||
};
|
||||
azurestack =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-azurestack";
|
||||
version = "0.5.0";
|
||||
sha256 = "0pi8hjl6350ibkiz5pi86p58gkj8jf0a27ar04npsrn2wcz90k8z";
|
||||
version = "0.6.0";
|
||||
sha256 = "0lh0an3bz3kh2s6ncadikivr08fj8cvq7zm20csmjbgwgicq4gl8";
|
||||
};
|
||||
bigip =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-bigip";
|
||||
version = "0.12.0";
|
||||
sha256 = "0fmmlx757hph45ffm19zafjfkldg41qkw83vz0jjmvxicza1afbd";
|
||||
version = "0.12.2";
|
||||
sha256 = "0pplv5hi1kjli0jpya12crb5dkc6bkzvm8094rwhjbxb4f65ca5d";
|
||||
};
|
||||
bitbucket =
|
||||
{
|
||||
|
@ -81,8 +81,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-brightbox";
|
||||
version = "1.1.1";
|
||||
sha256 = "03fh287fmbg9jxsiniwj3sn6nsjdm46qv82b5aaqny3qmhjddjvq";
|
||||
version = "1.1.2";
|
||||
sha256 = "0k9qs7kpjznascads5llajzx2xkm4hdil2n4wl0fqy43s6dkvbbf";
|
||||
};
|
||||
chef =
|
||||
{
|
||||
|
@ -144,15 +144,15 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-datadog";
|
||||
version = "1.8.0";
|
||||
sha256 = "1pmz4gxhfynj7mjcl07n2ggz00vccw4bv6cmp7na3ssbpnjiy1wx";
|
||||
version = "1.9.0";
|
||||
sha256 = "0c5s9ywd6p4qjd964y33rcqcgfqz225x5rp0jlsqxbv9i2r91fb0";
|
||||
};
|
||||
digitalocean =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-digitalocean";
|
||||
version = "1.1.0";
|
||||
sha256 = "1w5xslm8939rz13bsiv9hfcl8cyvi03gr0h24c0ybwj8alxmxhb4";
|
||||
version = "1.3.0";
|
||||
sha256 = "1bi482s6s3v7sqknwwchscwwncwrhr4jl4gl4l25bngp1kd7cp7i";
|
||||
};
|
||||
dme =
|
||||
{
|
||||
|
@ -165,8 +165,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-dns";
|
||||
version = "2.0.0";
|
||||
sha256 = "1km0pq1wp0bdccb612z9n0kj9w7hn1yvhk7xszwp2mzs8qmd7flv";
|
||||
version = "2.1.1";
|
||||
sha256 = "1iyfsx1fbpvp3zjrkq8c46nr6d80z40mzkfc4axfpqyrp9xqiy8j";
|
||||
};
|
||||
dnsimple =
|
||||
{
|
||||
|
@ -193,8 +193,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-external";
|
||||
version = "1.1.1";
|
||||
sha256 = "110kqp4gsag3l8h9hwjdq98s9rz9f5w31mrs50rygdc0yd43hq8z";
|
||||
version = "1.1.2";
|
||||
sha256 = "12wdzm3y0fd840bdf0dczvvmdmfwpfwfwnf0j4g6n9asdcvjaqlh";
|
||||
};
|
||||
fastly =
|
||||
{
|
||||
|
@ -207,36 +207,36 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-flexibleengine";
|
||||
version = "1.4.0";
|
||||
sha256 = "1gj3y9xw9zzh2fs2i6q0afw591lhy1lvcn80xac4da08r5l3si6g";
|
||||
version = "1.5.0";
|
||||
sha256 = "17dksrqkh35wf0clqcd4v6ggmzc7xmrw8q7q0qa9n9zqyg1zibqk";
|
||||
};
|
||||
github =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-github";
|
||||
version = "1.3.0";
|
||||
sha256 = "1k7816dbpsjjbm3pa6l0qlrxw5hh8z5iwdr8mp1mp5liidhl6bqs";
|
||||
version = "2.0.0";
|
||||
sha256 = "1lvizak27qxgggp5xb15s8f504cjgr633889cv2jsr2rn64z4jv5";
|
||||
};
|
||||
gitlab =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-gitlab";
|
||||
version = "1.2.0";
|
||||
sha256 = "11j84kyw2lsqsn6ya070hx0k6igb3hhjl8zlnr4q3gpmv51y23qc";
|
||||
version = "1.3.0";
|
||||
sha256 = "0lh1v20msahcfjc22v7yf1cwinaq0zy2m8f7sl5jfn294j9nbam8";
|
||||
};
|
||||
google =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-google";
|
||||
version = "2.4.0";
|
||||
sha256 = "153pr01m7clvdq9c09xhvlivagn12nlxhykh1x9yya9ixkg0zrrv";
|
||||
version = "2.6.0";
|
||||
sha256 = "0y93hfwhzbk7dl7cw5lw2gwf5hdbc7rs9gh10b39vxgv9jrj4kqv";
|
||||
};
|
||||
google-beta =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-google-beta";
|
||||
version = "2.4.0";
|
||||
sha256 = "08vbj9m6x0byf7x77a5b5isg0kmlxvc9gswgilzi6djgwg0j6wwd";
|
||||
version = "2.6.0";
|
||||
sha256 = "1bm3nrv2pa6mf6l4vn5b0hads7bhp67bnhc5y72yingfky7kva5h";
|
||||
};
|
||||
grafana =
|
||||
{
|
||||
|
@ -263,8 +263,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-helm";
|
||||
version = "0.9.0";
|
||||
sha256 = "1psqabifb1kabg268ca1x4l79z1xga1pr2sf8x9lrd7z856v18l9";
|
||||
version = "0.9.1";
|
||||
sha256 = "189w8zz2fv0qfggzxmppaw8814c7kylgb11m1r9mqii3phsgnlz1";
|
||||
};
|
||||
heroku =
|
||||
{
|
||||
|
@ -277,8 +277,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-http";
|
||||
version = "1.0.1";
|
||||
sha256 = "1bnqrx4xya3lm5wp4byy6npazll6w1g6bv4rawgncswsgx08zqng";
|
||||
version = "1.1.1";
|
||||
sha256 = "0ah4wi9gm5m7z0wyy6vn3baz2iw2sq7ah7q0lb9srwr887aai3x0";
|
||||
};
|
||||
huaweicloud =
|
||||
{
|
||||
|
@ -312,8 +312,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-kubernetes";
|
||||
version = "1.5.2";
|
||||
sha256 = "0g1f5cbmzrd46abwd0rdyrf8wj8w9bx1251gf4s9z41adrxjy2lp";
|
||||
version = "1.6.2";
|
||||
sha256 = "14jql78a1rw1wl97myry29lgmqkcdn44qgmzjrfky958afnkgiig";
|
||||
};
|
||||
librato =
|
||||
{
|
||||
|
@ -333,8 +333,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-local";
|
||||
version = "1.2.1";
|
||||
sha256 = "1hi2bxa79fbdf2n6z59xdfs7bx8cg7q2l84hrxdh3cqbnb8jvsbr";
|
||||
version = "1.2.2";
|
||||
sha256 = "0azrw62clki002nlv7ws3kzfsbqkadm713534i4xgvix2m08d1cx";
|
||||
};
|
||||
logentries =
|
||||
{
|
||||
|
@ -389,8 +389,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-ns1";
|
||||
version = "1.3.0";
|
||||
sha256 = "1h21a4z7js2iwg0gj217lq4d7wccxhjmi5k37asfj18ch0x37c7v";
|
||||
version = "1.3.1";
|
||||
sha256 = "04ibq5dgxqb5lpnvqxg4xkb498w77p2sbjfyy9zj7m5i62xrwg79";
|
||||
};
|
||||
nsxt =
|
||||
{
|
||||
|
@ -403,22 +403,22 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-null";
|
||||
version = "2.1.1";
|
||||
sha256 = "0sw7j2cz9d5207l1v32ahqahmsk1dzzsf83zqivaa5jk3w4bfnjz";
|
||||
version = "2.1.2";
|
||||
sha256 = "0di1hxmd3s80sz8hl5q2i425by8fbk15f0r4jmnm6vra0cq89jw2";
|
||||
};
|
||||
nutanix =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-nutanix";
|
||||
version = "1.0.0";
|
||||
sha256 = "16nky5ryyjvv7vny18ymxvy20ivwmqw7lagnz48pq8mnwwrp5541";
|
||||
version = "1.0.1";
|
||||
sha256 = "1g7p6qg32g75x8fgspgxcdsa086mz3yabdgv1k68rykhw3zbri5d";
|
||||
};
|
||||
oci =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-oci";
|
||||
version = "3.23.0-rc1";
|
||||
sha256 = "11h8na7czj4iqm9z3pd8im06qqp3mng62h8ha5afvz2phv1g096h";
|
||||
version = "3.24.1";
|
||||
sha256 = "1yhcxwg3ivrgzasdsf5yq8v6h4j1lprnm881xfm4h1rpq465y1mj";
|
||||
};
|
||||
oneandone =
|
||||
{
|
||||
|
@ -431,22 +431,22 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-opc";
|
||||
version = "1.3.3";
|
||||
sha256 = "1hwbwyhjrs16cy66przs44znni0x3nwfsx18glxbikb2zx1ph93n";
|
||||
version = "1.3.6";
|
||||
sha256 = "1b11837j0d8s59pjkankbm3p5l87aw1s17mn2q7nvy65kgzalsra";
|
||||
};
|
||||
openstack =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-openstack";
|
||||
version = "1.17.0";
|
||||
sha256 = "1a3asmkf3w1ndy5rpyn09msp5l1sm2cdm3ca7cx5v00pjvww9f52";
|
||||
version = "1.18.0";
|
||||
sha256 = "05sr6vra4fsrysrz7a77vaa5zklhxf4hl8g029y9l1fln7vdpssg";
|
||||
};
|
||||
opentelekomcloud =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-opentelekomcloud";
|
||||
version = "1.7.0";
|
||||
sha256 = "15p5xvl6ryj5silpd2yrmjjh0d4qf89v8x6zbq8x7j351a1fljak";
|
||||
version = "1.8.0";
|
||||
sha256 = "068ap0sw17xmrfvri1yx70qdi8i5h0qhsm9bakm532xjxlgmaxpv";
|
||||
};
|
||||
opsgenie =
|
||||
{
|
||||
|
@ -459,8 +459,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-oraclepaas";
|
||||
version = "1.5.1";
|
||||
sha256 = "0xyyhr2n1aw1qn90535llv72cdgdqpni9l4gn8sj0ligpjhba7qz";
|
||||
version = "1.5.2";
|
||||
sha256 = "0m886wfg5ski8s1zr7g1h1m6q5ai08jk35ymipxpb6ipx781qvvk";
|
||||
};
|
||||
ovh =
|
||||
{
|
||||
|
@ -473,8 +473,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-packet";
|
||||
version = "1.7.2";
|
||||
sha256 = "103r0k626ham8wh7rwlx1hald4rik17mv2mcfjz9za65v7z139vr";
|
||||
version = "2.1.0";
|
||||
sha256 = "0hj8av0yry0wsi8fwgs0z9x9jxcnxz8imsanbdsrhb8lsj70n25v";
|
||||
};
|
||||
pagerduty =
|
||||
{
|
||||
|
@ -529,8 +529,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-random";
|
||||
version = "2.1.1";
|
||||
sha256 = "0ivmxacb9pzz7av2rr6jal5vwdv24689a2806nqvvzdy2s8mlzd3";
|
||||
version = "2.1.2";
|
||||
sha256 = "102bgd8s9yhm2ny2akv04mhwf5mphqhsxx9vxjbg7ygqnz9ka5nw";
|
||||
};
|
||||
rightscale =
|
||||
{
|
||||
|
@ -585,8 +585,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-spotinst";
|
||||
version = "1.11.0";
|
||||
sha256 = "10q1w66gbx6863797n6n15xx4llflmavrz2qk23pb8qd5pbni9bk";
|
||||
version = "1.13.2";
|
||||
sha256 = "1v3vgnspg3g0hvwzfplyvl37jxpc9m6hcsnmw6lkfqr57dy4dhlc";
|
||||
};
|
||||
statuscake =
|
||||
{
|
||||
|
@ -606,15 +606,15 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-template";
|
||||
version = "2.1.1";
|
||||
sha256 = "182kdkbmnihpawvgfpxavg8vbczizw5mlkwp828ap0baqs09ai8i";
|
||||
version = "2.1.2";
|
||||
sha256 = "18w1mmma81m9j7yf6q500w8v9ss28w6sw2ynssl99pyw2gwmd04q";
|
||||
};
|
||||
tencentcloud =
|
||||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-tencentcloud";
|
||||
version = "1.4.0";
|
||||
sha256 = "1gqxvd5ss2cg49856nj3srirny1298l3fla506r7v8xf9ybkzpb4";
|
||||
version = "1.5.0";
|
||||
sha256 = "04psgirl78klbpzllcvzl510j66jcavxmi9zxnwmmmw128a3dig2";
|
||||
};
|
||||
terraform =
|
||||
{
|
||||
|
@ -634,8 +634,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-tls";
|
||||
version = "1.2.0";
|
||||
sha256 = "0hvj00j8a820j18yi90xzhd635pkffivp1116d84wyqxya5acd4p";
|
||||
version = "2.0.1";
|
||||
sha256 = "08fh4k5fvkijl2ds8mxdc5fxlwhs11y5s48vvxdskklvkjhygzc7";
|
||||
};
|
||||
triton =
|
||||
{
|
||||
|
@ -662,8 +662,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-vault";
|
||||
version = "1.7.0";
|
||||
sha256 = "133ximk510kchr34zicpnp4da27nxvzab2nd8dqpf4sqg2z83i0y";
|
||||
version = "1.8.0";
|
||||
sha256 = "1g9cw14mzslb445yhj04dzs0s4cbhi4cxycd50vc3f9yyg6sz1rr";
|
||||
};
|
||||
vcd =
|
||||
{
|
||||
|
@ -683,8 +683,8 @@
|
|||
{
|
||||
owner = "terraform-providers";
|
||||
repo = "terraform-provider-yandex";
|
||||
version = "0.4.1";
|
||||
sha256 = "0lvj7xlzqc6wfv1xpc4qc1gnk3wvcvnifbf4mqgjglz35cf697bb";
|
||||
version = "0.5.2";
|
||||
sha256 = "1fa1jicirww0zxg5kw4343ndzq86x0m7gkfj8yx7l6lb6gcrkbic";
|
||||
};
|
||||
matchbox =
|
||||
{
|
||||
|
|
|
@ -97,8 +97,8 @@ in rec {
|
|||
terraform_0_11-full = terraform_0_11.full;
|
||||
|
||||
terraform_0_12 = pluggable (generic {
|
||||
version = "0.12.0-beta1";
|
||||
sha256 = "0djakf2agbhpfqis4x0lf2i8s1ahvrdyfkcgr6lzp0nsks652rcm";
|
||||
version = "0.12.0-rc1";
|
||||
sha256 = "1ap1q5bixkzshnwy8xyfh768qwg3y4pcjzaiajzn2icjf4ay5nqm";
|
||||
patches = [ ./provider-path.patch ];
|
||||
passthru = { inherit plugins; };
|
||||
});
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
{ stdenv, pkgconfig, fetchFromGitHub, qtbase, qtsvg, qtmultimedia, qmake, boost, openssl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "chatterino2";
|
||||
version = "unstable-2019-05-11";
|
||||
src = fetchFromGitHub {
|
||||
owner = "fourtf";
|
||||
repo = pname;
|
||||
rev = "8c46cbf571dc8fd77287bf3186445ff52b1d1aaf";
|
||||
sha256 = "0i2385hamhd9i7jdy906cfrd81cybw524j92l87c8pzrkxphignk";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
nativeBuildInputs = [ qmake pkgconfig ];
|
||||
buildInputs = [ qtbase qtsvg qtmultimedia boost openssl ];
|
||||
meta = with stdenv.lib; {
|
||||
description = "A chat client for Twitch chat";
|
||||
longDescription = ''
|
||||
Chatterino is a chat client for Twitch chat. It aims to be an
|
||||
improved/extended version of the Twitch web chat. Chatterino 2 is
|
||||
the second installment of the Twitch chat client series
|
||||
"Chatterino".
|
||||
'';
|
||||
homepage = "https://github.com/fourtf/chatterino2";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [ rexim ];
|
||||
};
|
||||
}
|
|
@ -5,10 +5,11 @@
|
|||
, libXrandr, which, libxslt, libtasn1, gmp, nettle, sqlite, makeWrapper }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "ekiga-4.0.1";
|
||||
pname = "ekiga";
|
||||
version = "4.0.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://gnome/sources/ekiga/4.0/${name}.tar.xz";
|
||||
url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
|
||||
sha256 = "5f4f491c9496cf65ba057a9345d6bb0278f4eca07bcda5baeecf50bfcd9a4a3b";
|
||||
};
|
||||
|
||||
|
@ -52,17 +53,21 @@ stdenv.mkDerivation rec {
|
|||
--prefix XDG_DATA_DIRS : "$XDG_ICON_DIRS:$GSETTINGS_SCHEMAS_PATH"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "VOIP/Videoconferencing app with full SIP and H.323 support";
|
||||
maintainers = [ maintainers.raskin ];
|
||||
platforms = platforms.linux;
|
||||
license = licenses.gpl2Plus;
|
||||
};
|
||||
|
||||
passthru = {
|
||||
updateInfo = {
|
||||
downloadPage = "mirror://gnome/sources/ekiga";
|
||||
};
|
||||
updateScript = gnome3.updateScript {
|
||||
packageName = pname;
|
||||
};
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "VOIP/Videoconferencing app with full SIP and H.323 support";
|
||||
homepage = "https://www.ekiga.org/";
|
||||
maintainers = [ maintainers.raskin ];
|
||||
platforms = platforms.linux;
|
||||
license = licenses.gpl2Plus;
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,24 +1,24 @@
|
|||
{ stdenv, fetchurl, pidgin, intltool, libxml2, nss, nspr }:
|
||||
{ stdenv, fetchurl, pidgin, intltool, libxml2, gmime, nss }:
|
||||
|
||||
let version = "1.23.3"; in
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "pidgin-sipe-${version}";
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pidgin-sipe";
|
||||
version = "1.24.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/sipe/pidgin-sipe-${version}.tar.gz";
|
||||
sha256 = "0aaiblnagncb0lhdwb8qbps6hxxmyfjg7sdi15lrkl98i3fahg4n";
|
||||
url = "mirror://sourceforge/sipe/${pname}-${version}.tar.gz";
|
||||
sha256 = "04cxprz6dbcsc4n2jg72mr1r9630nhrywn0zim9kwvbgps3wdd9c";
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "SIPE plugin for Pidgin IM";
|
||||
homepage = http://sipe.sourceforge.net/;
|
||||
license = licenses.gpl2;
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
nativeBuildInputs = [ intltool ];
|
||||
buildInputs = [ pidgin gmime libxml2 nss ];
|
||||
enableParallelBuilding = true;
|
||||
|
||||
postInstall = "find $out -ls; ln -s \$out/lib/purple-2 \$out/share/pidgin-sipe";
|
||||
|
||||
buildInputs = [ pidgin intltool libxml2 nss nspr ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "SIPE plugin for Pidgin IM";
|
||||
homepage = "http://sipe.sourceforge.net/";
|
||||
license = licenses.gpl2;
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "riot-web",
|
||||
"productName": "Riot",
|
||||
"main": "src/electron-main.js",
|
||||
"version": "1.0.8",
|
||||
"version": "1.1.0",
|
||||
"description": "A feature-rich client for Matrix.org",
|
||||
"author": "New Vector Ltd.",
|
||||
"dependencies": {
|
||||
|
|
|
@ -7,12 +7,12 @@ with (import ./yarn2nix.nix { inherit pkgs; });
|
|||
|
||||
let
|
||||
executableName = "riot-desktop";
|
||||
version = "1.0.8";
|
||||
version = "1.1.0";
|
||||
riot-web-src = fetchFromGitHub {
|
||||
owner = "vector-im";
|
||||
repo = "riot-web";
|
||||
rev = "v${version}";
|
||||
sha256 = "1krp608wxff1siih8zknc425n0qb6qjzf854fnp7qyjp1cnfc9sb";
|
||||
sha256 = "0h1rr70jg64v824k31mvb93nfssr572xlyicc8yh91bl7hdh342x";
|
||||
};
|
||||
|
||||
in mkYarnPackage rec {
|
||||
|
|
|
@ -6,11 +6,11 @@
|
|||
let configFile = writeText "riot-config.json" conf; in
|
||||
stdenv.mkDerivation rec {
|
||||
name= "riot-web-${version}";
|
||||
version = "1.0.8";
|
||||
version = "1.1.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/vector-im/riot-web/releases/download/v${version}/riot-v${version}.tar.gz";
|
||||
sha256 = "010m8b4lfnfi70d4v205wk3i4xhnsz7zkrdqrvw3si14xqy6192r";
|
||||
sha256 = "14ap57hv1c5nh17771l39inpa5yacpyckzqcmjlbrb57illakwrd";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper
|
||||
, alsaLib, atk, cairo, cups, curl, dbus, expat, fontconfig, freetype, glib
|
||||
, gnome2, gtk3, gdk_pixbuf, libnotify, libxcb, nspr, nss, pango
|
||||
, systemd, xorg, at-spi2-atk }:
|
||||
{ darkMode ? false, stdenv, fetchurl, dpkg, makeWrapper , alsaLib, atk, cairo,
|
||||
cups, curl, dbus, expat, fontconfig, freetype, glib , gnome2, gtk3, gdk_pixbuf,
|
||||
libappindicator-gtk3, libnotify, libxcb, nspr, nss, pango , systemd, xorg,
|
||||
at-spi2-atk }:
|
||||
|
||||
let
|
||||
|
||||
|
@ -25,6 +25,7 @@ let
|
|||
pango
|
||||
libnotify
|
||||
libxcb
|
||||
libappindicator-gtk3
|
||||
nspr
|
||||
nss
|
||||
stdenv.cc.cc
|
||||
|
|
|
@ -4,11 +4,11 @@ let
|
|||
mkTelegram = args: qt5.callPackage (import ./generic.nix args) { };
|
||||
stableVersion = {
|
||||
stable = true;
|
||||
version = "1.6.7";
|
||||
sha256Hash = "1537div6pky7wz3lansz67vsx2h6b653cx91xg9sswnxfsf8nrql";
|
||||
version = "1.7.0";
|
||||
sha256Hash = "1plfby243hf65wjmppq1qnqmp25pgi4x3awqd4h83ly9hn8qdwfk";
|
||||
# svn log svn://svn.archlinux.org/community/telegram-desktop/trunk
|
||||
archPatchesRevision = "429149";
|
||||
archPatchesHash = "1ylpi9kb6hk27x9wmna4ing8vzn9b7247iya91pyxxrpxrcrhpli";
|
||||
archPatchesRevision = "464796";
|
||||
archPatchesHash = "1bq7r69k3i9p1csdsca0w41jyz6fbyn4qriv3lg7s28j9s803kw8";
|
||||
};
|
||||
in {
|
||||
stable = mkTelegram stableVersion;
|
||||
|
|
|
@ -10,13 +10,13 @@ with stdenv.lib;
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "qbittorrent-${version}";
|
||||
version = "4.1.5";
|
||||
version = "4.1.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "qbittorrent";
|
||||
repo = "qbittorrent";
|
||||
rev = "release-${version}";
|
||||
sha256 = "09zcygaxfv9g6av0vsvlyzv4v65wvj766xyfx31yz5ig3xan6ak1";
|
||||
sha256 = "1y9kv84sy5fg64wbl4xpm8qh0hjba7ibk045cazp0m736rjmxk8c";
|
||||
};
|
||||
|
||||
# NOTE: 2018-05-31: CMake is working but it is not officially supported
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "tixati-${version}";
|
||||
version = "2.59";
|
||||
version = "2.61";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://download2.tixati.com/download/tixati-${version}-1.x86_64.manualinstall.tar.gz";
|
||||
sha256 = "0vf5y9kj2g7psgdzv2r46jdh5krdps838ca4wwwxi0dd1mwa65my";
|
||||
sha256 = "05f8lcsac2mr90bhk999qkj8wwd6igdl07389bqrd1ydjasacl2k";
|
||||
};
|
||||
|
||||
installPhase = ''
|
||||
|
|
|
@ -14,7 +14,8 @@ let
|
|||
variant = if withQt then "qt" else "cli";
|
||||
|
||||
in stdenv.mkDerivation {
|
||||
name = "wireshark-${variant}-${version}";
|
||||
pname = "wireshark-${variant}";
|
||||
inherit version;
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
src = fetchurl {
|
||||
|
@ -24,7 +25,6 @@ in stdenv.mkDerivation {
|
|||
|
||||
cmakeFlags = [
|
||||
"-DBUILD_wireshark=${if withQt then "ON" else "OFF"}"
|
||||
"-DENABLE_QT5=${if withQt then "ON" else "OFF"}"
|
||||
"-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}"
|
||||
];
|
||||
|
||||
|
@ -95,6 +95,8 @@ in stdenv.mkDerivation {
|
|||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
dontFixCmake = true;
|
||||
|
||||
shellHook = ''
|
||||
# to be able to run the resulting binary
|
||||
export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1
|
||||
|
|
|
@ -3,14 +3,14 @@
|
|||
let
|
||||
common = { stname, target, postInstall ? "" }:
|
||||
buildGoPackage rec {
|
||||
version = "1.1.1";
|
||||
version = "1.1.3";
|
||||
name = "${stname}-${version}";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "syncthing";
|
||||
repo = "syncthing";
|
||||
rev = "v${version}";
|
||||
sha256 = "1nkc4ivc8mg9c1njqlkhb9i5f4c1via1rdqfbhwgkj86s6cnxrg7";
|
||||
sha256 = "00jshqa0nkwj06bfq16p359ss6nl6h49s31hag79wl9gwkca38va";
|
||||
};
|
||||
|
||||
goPackagePath = "github.com/syncthing/syncthing";
|
||||
|
|
|
@ -1,20 +1,25 @@
|
|||
{ stdenv, fetchurl, gd, ncurses, sqlite }:
|
||||
{ stdenv, fetchurl, pkgconfig, gd, ncurses, sqlite, check }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "vnstat-${version}";
|
||||
pname = "vnstat";
|
||||
version = "2.2";
|
||||
|
||||
src = fetchurl {
|
||||
sha256 = "0b7020rlc568pz6vkiy28kl8493z88wzrn18wv9b0iq2bv1pn2n6";
|
||||
url = "https://humdi.net/vnstat/${name}.tar.gz";
|
||||
url = "https://humdi.net/${pname}/${pname}-${version}.tar.gz";
|
||||
};
|
||||
|
||||
buildInputs = [ gd ncurses sqlite ];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace src/cfg.c --replace /usr/local $out
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [ gd ncurses sqlite ];
|
||||
|
||||
checkInputs = [ check ];
|
||||
|
||||
doCheck = true;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Console-based network statistics utility for Linux";
|
||||
longDescription = ''
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
, kcmutils, kcontacts, kdewebkit, kdiagram, kholidays, kidentitymanagement
|
||||
, kitemmodels, libical, libofx, qgpgme
|
||||
|
||||
, sqlcipher
|
||||
|
||||
# Needed for running tests:
|
||||
, qtbase, xvfb_run
|
||||
|
||||
|
@ -14,20 +16,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "kmymoney-${version}";
|
||||
version = "5.0.1";
|
||||
version = "5.0.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://kde/stable/kmymoney/${version}/src/${name}.tar.xz";
|
||||
sha256 = "1c9apnvc07y17pzy4vygry1dai5ass2z7j354lrcppa85b18yvnx";
|
||||
sha256 = "06lbavhl9b8cybnss2mmy3g5w8qn2vl6zhipvbl11lsr3j9bsa8q";
|
||||
};
|
||||
|
||||
# Fix build with Qt 5.11.
|
||||
patches = lib.singleton (fetchpatch {
|
||||
url = "https://cgit.kde.org/kmymoney.git/patch/?id="
|
||||
+ "e5198a902996b27bf9abde0ad24af82d55ab5dc1";
|
||||
sha256 = "1h2f1xznf7343s26fh94x8n2ci0pijk5j86f24lvghawsw848316";
|
||||
});
|
||||
|
||||
# Hidden dependency that wasn't included in CMakeLists.txt:
|
||||
NIX_CFLAGS_COMPILE = "-I${kitemmodels.dev}/include/KF5";
|
||||
|
||||
|
@ -41,6 +36,7 @@ stdenv.mkDerivation rec {
|
|||
akonadi alkimia aqbanking gmp gwenhywfar kactivities karchive kcmutils
|
||||
kcontacts kdewebkit kdiagram kholidays kidentitymanagement kitemmodels
|
||||
libical libofx qgpgme
|
||||
sqlcipher
|
||||
|
||||
# Put it into buildInputs so that CMake can find it, even though we patch
|
||||
# it into the interface later.
|
||||
|
|
|
@ -42,14 +42,14 @@ let
|
|||
then "i386"
|
||||
else "amd64";
|
||||
|
||||
shortVersion = "1.19.1-stable";
|
||||
shortVersion = "1.19.5-stable";
|
||||
|
||||
version = "${shortVersion}_${arch}";
|
||||
|
||||
url = "http://desktop-download.mendeley.com/download/apt/pool/main/m/mendeleydesktop/mendeleydesktop_${version}.deb";
|
||||
sha256 = if stdenv.hostPlatform.system == arch32
|
||||
then "0fcyl5i8xdgb5j0x1643qc0j74d8p11jczvqmgqkqh0wgid1y1ad"
|
||||
else "1dzwa2cnn9xakrhhq159fhh71gw5wlbf017rrikdlia694m8akq6";
|
||||
then "01x83a44qlxi937b128y8y0px0q4w37g72z652lc42kv50dhyy3f"
|
||||
else "1cagqq0xziznaj97z30bqfhrwjv3a4h83ckhwigq35nhk1ggq1ry";
|
||||
|
||||
deps = [
|
||||
qtbase
|
||||
|
|
|
@ -12,8 +12,8 @@ python27Packages.buildPythonApplication rec {
|
|||
};
|
||||
|
||||
patches = (fetchpatch {
|
||||
url = https://github.com/eggnogdb/eggnog-mapper/pull/125/commits/b7828e4c8c1c453e391aef050f06ff3f84ff9faf.patch;
|
||||
sha256 = "0nz1a7ybm4j5c7vdm3annnxz9036iam2044hia341a0am9wydmzk";
|
||||
url = "https://github.com/eggnogdb/eggnog-mapper/commit/6972f601ade85b65090efca747d2302acb58507f.patch";
|
||||
sha256 = "0abnmn0bh11jihf5d3cggiild1ykawzv5f5fhb4cyyi8fvy4hcxf";
|
||||
});
|
||||
|
||||
buildInputs = [ makeWrapper ];
|
||||
|
|
|
@ -3,13 +3,13 @@
|
|||
stdenv.mkDerivation rec {
|
||||
name = "${pname}-${version}";
|
||||
pname = "minimap2";
|
||||
version = "2.16";
|
||||
version = "2.17";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
repo = pname;
|
||||
owner = "lh3";
|
||||
rev = "v${version}";
|
||||
sha256 = "1ggm5psv3gwsz627ik9kl6ry9gzgmfsvya6ni0gv6ahwlrhdim73";
|
||||
sha256 = "0qdwlkib3aa6112372hdgvnvk86hsjjkhjar0p53pq4ajrr2cdlb";
|
||||
};
|
||||
|
||||
buildInputs = [ zlib ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ stdenv, fetchFromGitHub, yosys, python3 }:
|
||||
{ stdenv, fetchFromGitHub, yosys, bash, python3 }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "symbiyosys-${version}";
|
||||
|
@ -26,6 +26,9 @@ stdenv.mkDerivation rec {
|
|||
substituteInPlace $out/bin/sby \
|
||||
--replace "##yosys-sys-path##" \
|
||||
"sys.path += [p + \"/share/yosys/python3/\" for p in [\"$out\", \"${yosys}\"]]"
|
||||
substituteInPlace $out/share/yosys/python3/sby_core.py \
|
||||
--replace "/bin/bash" \
|
||||
"${bash}/bin/bash"
|
||||
'';
|
||||
meta = {
|
||||
description = "Tooling for Yosys-based verification flows";
|
||||
|
|
|
@ -6,8 +6,8 @@ stdenv.mkDerivation rec {
|
|||
|
||||
src = fetchurl {
|
||||
urls = [
|
||||
"http://www.cs.miami.edu/~tptp/TPTP/Distribution/TPTP-v${version}.tgz"
|
||||
"http://www.cs.miami.edu/~tptp/TPTP/Archive/TPTP-v${version}.tgz"
|
||||
"http://tptp.cs.miami.edu/TPTP/Distribution/TPTP-v${version}.tgz"
|
||||
"http://tptp.cs.miami.edu/TPTP/Archive/TPTP-v${version}.tgz"
|
||||
];
|
||||
sha256 = "0yq8452b6mym4yscy46pshg0z2my8xi74b5bp2qlxd5bjwcrg6rl";
|
||||
};
|
||||
|
|
|
@ -8,9 +8,9 @@ stdenv.mkDerivation rec {
|
|||
owner = "vprover";
|
||||
repo = "vampire";
|
||||
rev = version;
|
||||
sha256 = "0d1klprlgqrcn8r5ywgvsahr4qz96ayl67ry5jks946v0k94m1k1";
|
||||
fetchSubmodules = true;
|
||||
leaveDotGit = true;
|
||||
sha256 = "03dqjxr3cwz4h6sn9074kc6b6wjz12kpsvsi0mq2w0j5l9f8d80y";
|
||||
#fetchSubmodules = true;
|
||||
#leaveDotGit = true;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ git ];
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
{ lib, stdenv, fetchurl, zlib, bzip2 }:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "cbc-2.9.9";
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "cbc";
|
||||
version = "2.10.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.coin-or.org/download/source/Cbc/Cbc-2.9.9.tgz";
|
||||
sha256 = "1w8axdzm05xf5y13c31w7rc5z6ywxqxiwafnxcq3p195kgj0915a";
|
||||
url = "https://www.coin-or.org/download/source/Cbc/Cbc-${version}.tgz";
|
||||
sha256 = "0frbxkh6nbh46kaxsx5bmzridgip3v7aq75l8yak5npiiq4jlwv3";
|
||||
};
|
||||
|
||||
configureFlags = [ "-C" ];
|
||||
|
@ -23,6 +24,7 @@ stdenv.mkDerivation {
|
|||
license = lib.licenses.epl10;
|
||||
maintainers = [ lib.maintainers.eelco ];
|
||||
platforms = lib.platforms.linux ++ lib.platforms.darwin;
|
||||
broken = stdenv.isAarch64; # Missing <immintrin.h> after 2.10.0
|
||||
description = "A mixed integer programming solver";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,14 +9,14 @@
|
|||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "0.7.24";
|
||||
version = "0.7.25";
|
||||
pname = "pynac";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "pynac";
|
||||
repo = "pynac";
|
||||
rev = "pynac-${version}";
|
||||
sha256 = "0i3qxww28576jim0abgkqy9mi2k0lfllgyx8xpfqsqb75ai970ik";
|
||||
sha256 = "0nnifvg6kzx0lq6gz7znind8g30v3d2pjfwgsdiks3vv9kv9nbj3";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
|
|
|
@ -141,6 +141,14 @@ stdenv.mkDerivation rec {
|
|||
url = "https://git.sagemath.org/sage.git/patch/?h=8b7dbd0805d02d0e8674a272e161ceb24a637966";
|
||||
sha256 = "1c81f13z1w62s06yvp43gz6vkp8mxcs289n6l4gj9xj10slimzff";
|
||||
})
|
||||
|
||||
# https://trac.sagemath.org/ticket/26932
|
||||
(fetchSageDiff {
|
||||
name = "givaro-4.1.0_fflas-ffpack-2.4.0_linbox-1.6.0.patch";
|
||||
base = "8.8.beta4";
|
||||
rev = "c11d9cfa23ff9f77681a8f12742f68143eed4504";
|
||||
sha256 = "0xzra7mbgqvahk9v45bjwir2mqz73hrhhy314jq5nxrb35ysdxyi";
|
||||
})
|
||||
];
|
||||
|
||||
patches = nixPatches ++ bugfixPatches ++ packageUpgradePatches;
|
||||
|
|
|
@ -5,13 +5,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "apmplanner2-${version}";
|
||||
# TODO revert Qt59 to Qt5 in pkgs/top-level/all-packages.nix on next release
|
||||
version = "2.0.26";
|
||||
# TODO revert Qt511 to Qt5 in pkgs/top-level/all-packages.nix on next release
|
||||
version = "2.0.27-rc1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "ArduPilot";
|
||||
repo = "apm_planner";
|
||||
rev = "${version}";
|
||||
sha256 = "0bnyi1r8k8ij5sq2zqv7mfbrxm0xdw97qrx3sk4rinqv2g6h6di4";
|
||||
sha256 = "1k0786mjzi49nb6yw4chh9l4dmkf9gybpxg9zqkr5yg019nyzcvd";
|
||||
};
|
||||
|
||||
qtInputs = [
|
||||
|
|
|
@ -1,41 +1,42 @@
|
|||
{stdenv, fetchgit, mercurial, makeWrapper, subversion}:
|
||||
{stdenv, fetchgit, mercurial, makeWrapper}:
|
||||
|
||||
with stdenv.lib;
|
||||
stdenv.mkDerivation {
|
||||
name = "fast-export";
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "fast-export";
|
||||
version = "190107";
|
||||
|
||||
src = fetchgit {
|
||||
url = git://repo.or.cz/fast-export.git;
|
||||
rev = "d202200fd9daa75cdb37d4cf067d4ca00e269535";
|
||||
sha256 = "0m4llsg9rx4sza1kf39kxsdvhi6y87a18wm5k19c5r2h3vpylwcc";
|
||||
rev = "v${version}";
|
||||
sha256 = "14azfps9jd5anivcvfwflgsvqdyy6gm9jy284kzx2ng9f7871d14";
|
||||
};
|
||||
|
||||
buildInputs = [mercurial.python mercurial makeWrapper subversion];
|
||||
buildInputs = [mercurial.python mercurial makeWrapper];
|
||||
|
||||
dontBuild = true; # skip svn for now
|
||||
|
||||
# TODO also support svn stuff
|
||||
# moving .py files into lib directory so that you can't pick the wrong file from PATH.
|
||||
# This requires redefining ROOT
|
||||
installPhase = ''
|
||||
sed -i "s@/usr/bin/env.*@$(type -p python)@" *.py
|
||||
l=$out/libexec/git-fast-export
|
||||
mkdir -p $out/{bin,doc/git-fast-export} $l
|
||||
sed -i "s@ROOT=.*@ROOT=$l@" *.sh
|
||||
mv *.sh $out/bin
|
||||
mv *.py $l
|
||||
for p in $out/bin/*.sh; do
|
||||
wrapProgram $p \
|
||||
--prefix PYTHONPATH : "$(echo ${mercurial}/lib/python*/site-packages):$(echo ${mercurial.python}/lib/python*/site-packages)${stdenv.lib.concatMapStrings (x: ":$(echo ${x}/lib/python*/site-packages)") mercurial.pythonPackages or []}" \
|
||||
--prefix PATH : "$(dirname $(type -p python))":$l
|
||||
binPath=$out/bin
|
||||
libexecPath=$out/libexec/${pname}
|
||||
sitepackagesPath=$out/${mercurial.python.sitePackages}
|
||||
mkdir -p $binPath $libexecPath $sitepackagesPath
|
||||
|
||||
# Patch shell scripts so they can execute the Python scripts
|
||||
sed -i "s|ROOT=.*|ROOT=$libexecPath|" *.sh
|
||||
|
||||
mv hg-fast-export.sh hg-reset.sh $binPath
|
||||
mv hg-fast-export.py hg-reset.py $libexecPath
|
||||
mv hg2git.py pluginloader plugins $sitepackagesPath
|
||||
|
||||
for script in $out/bin/*.sh; do
|
||||
wrapProgram $script \
|
||||
--prefix PATH : "${mercurial.python}/bin":$libexec \
|
||||
--prefix PYTHONPATH : "${mercurial}/${mercurial.python.sitePackages}":$sitepackagesPath
|
||||
done
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "Import svn, mercurial into git";
|
||||
meta = with stdenv.lib; {
|
||||
description = "Import mercurial into git";
|
||||
homepage = https://repo.or.cz/w/fast-export.git;
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.koral ];
|
||||
platforms = stdenv.lib.platforms.unix;
|
||||
platforms = platforms.unix;
|
||||
};
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue