From a2ed10401b58a2050ad19c7ad576d34ae097232e Mon Sep 17 00:00:00 2001 From: eyjhb Date: Tue, 23 Feb 2021 22:13:54 +0100 Subject: [PATCH 01/19] php: fixed building with cliSupport = false --- pkgs/development/interpreters/php/generic.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/development/interpreters/php/generic.nix b/pkgs/development/interpreters/php/generic.nix index 191d589aa90..943e25a97c6 100644 --- a/pkgs/development/interpreters/php/generic.nix +++ b/pkgs/development/interpreters/php/generic.nix @@ -123,7 +123,9 @@ let postBuild = '' cp ${extraInit} $out/lib/php.ini - wrapProgram $out/bin/php --set PHP_INI_SCAN_DIR $out/lib + if test -e $out/bin/php; then + wrapProgram $out/bin/php --set PHP_INI_SCAN_DIR $out/lib + fi if test -e $out/bin/php-fpm; then wrapProgram $out/bin/php-fpm --set PHP_INI_SCAN_DIR $out/lib From 538312709e3118ac277551bca7a6dfbbe004849d Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Sun, 28 Feb 2021 19:39:10 +0100 Subject: [PATCH 02/19] nixos/tcsd: several improvements and fixes - Actually run tcsd as tss/tss - Install a udev rule to set /dev/tpm* permissions - Remove systemd-udev-settle dependency, use dev-tpm0.device instead - Use systemd-tmpfiles to set up the state directory - Add documentation URI to tcsd.service This module cannot be easily tested with a NixOS test due to the TPM dependency. Technically, one could be emulated using swtpm[1], but this is not packaged in Nixpkgs. If you computer has a real TPM you can do a passthrough in Qemu, but this requires running the VM as root and of course it's not determinstic: $ nix build -f nixos vm --arg configuration ' { virtualisation.qemu.options = [ "-tpmdev passthrough,id=tpm0,path=/dev/tpm0,cancel-path=/sys/class/tpm/tpm0/cancel" "-device tpm-tis,tpmdev=tpm0" ]; users.users.root.hashedPassword = ""; services.tcsd.enable = true; }' After starting the VM, log in as root, you can check the service has started with `systemctl status tcsd`. [1]: https://github.com/stefanberger/swtpm --- nixos/modules/services/hardware/tcsd.nix | 35 +++++++++++++++--------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/nixos/modules/services/hardware/tcsd.nix b/nixos/modules/services/hardware/tcsd.nix index 68cb5d791aa..0d36bce357b 100644 --- a/nixos/modules/services/hardware/tcsd.nix +++ b/nixos/modules/services/hardware/tcsd.nix @@ -119,22 +119,31 @@ in environment.systemPackages = [ pkgs.trousers ]; -# system.activationScripts.tcsd = -# '' -# chown ${cfg.user}:${cfg.group} ${tcsdConf} -# ''; + services.udev.extraRules = '' + # Give tcsd ownership of all TPM devices + KERNEL=="tpm[0-9]*", MODE="0660", OWNER="${cfg.user}", GROUP="${cfg.group}" + # Tag TPM devices to create a .device unit for tcsd to depend on + ACTION=="add", KERNEL=="tpm[0-9]*", TAG+="systemd" + ''; + + systemd.tmpfiles.rules = [ + # Initialise the state directory + "d ${cfg.stateDir} 0770 ${cfg.user} ${cfg.group} - -" + ]; systemd.services.tcsd = { - description = "TCSD"; - after = [ "systemd-udev-settle.service" ]; + description = "Manager for Trusted Computing resources"; + documentation = [ "man:tcsd(8)" ]; + + requires = [ "dev-tpm0.device" ]; + after = [ "dev-tpm0.device" ]; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.trousers ]; - preStart = - '' - mkdir -m 0700 -p ${cfg.stateDir} - chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir} - ''; - serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}"; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}"; + }; }; users.users = optionalAttrs (cfg.user == "tss") { From 835a8f1cbc50f8fd6955deea9f0373f1a5ca440a Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Sat, 6 Mar 2021 20:37:05 +0100 Subject: [PATCH 03/19] llvmPackages_*: add recurseIntoAttrs so that they appear in the search --- pkgs/top-level/all-packages.nix | 34 ++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index afba3f5a371..ac8df3a987f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10587,7 +10587,7 @@ in llvm_6 = llvmPackages_6.llvm; llvm_5 = llvmPackages_5.llvm; - llvmPackages = recurseIntoAttrs (with targetPlatform; + llvmPackages = with targetPlatform; if isDarwin then llvmPackages_7 else if isFreeBSD then @@ -10597,55 +10597,55 @@ in else if isWasm then llvmPackages_8 else - llvmPackages_latest); + llvmPackages_latest; - llvmPackages_5 = callPackage ../development/compilers/llvm/5 { + llvmPackages_5 = recurseIntoAttrs (callPackage ../development/compilers/llvm/5 { inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_5.tools; targetLlvmLibraries = targetPackages.llvmPackages_5.libraries; - }; + }); - llvmPackages_6 = callPackage ../development/compilers/llvm/6 { + llvmPackages_6 = recurseIntoAttrs (callPackage ../development/compilers/llvm/6 { inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_6.tools; targetLlvmLibraries = targetPackages.llvmPackages_6.libraries; - }; + }); - llvmPackages_7 = callPackage ../development/compilers/llvm/7 { + llvmPackages_7 = recurseIntoAttrs (callPackage ../development/compilers/llvm/7 { inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_7.tools; targetLlvmLibraries = targetPackages.llvmPackages_7.libraries; - }; + }); - llvmPackages_8 = callPackage ../development/compilers/llvm/8 { + llvmPackages_8 = recurseIntoAttrs (callPackage ../development/compilers/llvm/8 { inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_8.tools; targetLlvmLibraries = targetPackages.llvmPackages_8.libraries; - }; + }); - llvmPackages_9 = callPackage ../development/compilers/llvm/9 { + llvmPackages_9 = recurseIntoAttrs (callPackage ../development/compilers/llvm/9 { inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_9.tools; targetLlvmLibraries = targetPackages.llvmPackages_9.libraries; - }; + }); - llvmPackages_10 = callPackage ../development/compilers/llvm/10 { + llvmPackages_10 = recurseIntoAttrs (callPackage ../development/compilers/llvm/10 { inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_10.tools; targetLlvmLibraries = targetPackages.llvmPackages_10.libraries; - }; + }); - llvmPackages_11 = callPackage ../development/compilers/llvm/11 ({ + llvmPackages_11 = recurseIntoAttrs (callPackage ../development/compilers/llvm/11 ({ inherit (stdenvAdapters) overrideCC; buildLlvmTools = buildPackages.llvmPackages_11.tools; targetLlvmLibraries = targetPackages.llvmPackages_11.libraries; } // lib.optionalAttrs (stdenv.hostPlatform.isi686 && buildPackages.stdenv.cc.isGNU) { stdenv = gcc7Stdenv; - }); + })); llvmPackages_latest = llvmPackages_11; - llvmPackages_rocm = callPackage ../development/compilers/llvm/rocm { }; + llvmPackages_rocm = recurseIntoAttrs (callPackage ../development/compilers/llvm/rocm { }); lorri = callPackage ../tools/misc/lorri { inherit (darwin.apple_sdk.frameworks) CoreServices Security; From e2113c1f60189edf1d5172432f6310867d2e11e3 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 17 Mar 2021 20:04:50 +0000 Subject: [PATCH 04/19] wasabiwallet: 1.1.12.4 -> 1.1.12.5 --- pkgs/applications/blockchains/wasabiwallet/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/blockchains/wasabiwallet/default.nix b/pkgs/applications/blockchains/wasabiwallet/default.nix index e24531c373a..e86d145bdf4 100644 --- a/pkgs/applications/blockchains/wasabiwallet/default.nix +++ b/pkgs/applications/blockchains/wasabiwallet/default.nix @@ -24,11 +24,11 @@ let in stdenv.mkDerivation rec { pname = "wasabiwallet"; - version = "1.1.12.4"; + version = "1.1.12.5"; src = fetchurl { url = "https://github.com/zkSNACKs/WalletWasabi/releases/download/v${version}/Wasabi-${version}.tar.gz"; - sha256 = "sha256-1yg0C1lJrLxQEs2GA+XEBUx/JAyc+aW0UWjLhSEy0RI="; + sha256 = "sha256-6KIsSsCAyZ6uYSbDBIKdtM4adGOttvJ78obCptcd57s="; }; dontBuild = true; From bf1beb93c53ac452eebea706a27d3ca7bf9eb8db Mon Sep 17 00:00:00 2001 From: Pamplemousse Date: Sat, 13 Mar 2021 15:07:52 -0700 Subject: [PATCH 05/19] ipmitool: fix security vulnerability Relates to #90825 . Signed-off-by: Pamplemousse --- pkgs/tools/system/ipmitool/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/tools/system/ipmitool/default.nix b/pkgs/tools/system/ipmitool/default.nix index 2f0e2c600d0..e7d6130ffa6 100644 --- a/pkgs/tools/system/ipmitool/default.nix +++ b/pkgs/tools/system/ipmitool/default.nix @@ -22,6 +22,11 @@ stdenv.mkDerivation { url = "https://github.com/ipmitool/ipmitool/commit/5db314f694f75c575cd7c9ffe9ee57aaf3a88866.patch"; sha256 = "01niwrgajhrdhl441gzmw6v1r1yc3i8kn98db4b6smfn5fwdp1pa"; }) + (fetchpatch { + name = "CVE-2020-5208.patch"; + url = "https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2.patch"; + sha256 = "sha256-X7MnoX2fzByRpRY4p33xetT+V2aehlQ/qU+aeaqtTUY="; + }) ]; buildInputs = [ openssl ]; From b8ad44183ac5cfd25b7e69160c665b40454780d0 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 24 Mar 2021 01:17:18 +0000 Subject: [PATCH 06/19] emplace: 1.4.0 -> 1.4.1 --- pkgs/tools/package-management/emplace/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/package-management/emplace/default.nix b/pkgs/tools/package-management/emplace/default.nix index 1b8aa8fc3f9..735c940f18b 100644 --- a/pkgs/tools/package-management/emplace/default.nix +++ b/pkgs/tools/package-management/emplace/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "emplace"; - version = "1.4.0"; + version = "1.4.1"; src = fetchFromGitHub { owner = "tversteeg"; repo = pname; rev = "v${version}"; - sha256 = "sha256-6dmXWqkf8Z+cc4wnOuVCe4+Byfk3VTYXehTN1MCiFLE="; + sha256 = "sha256-lBCGSeEVxlXrn1RHqMEYSXLOehJw/DiL+33nx4+rV2Y="; }; - cargoSha256 = "sha256-uDoxMHSNoqH/AOixmkV6pwrDu/XSqXBCrAz4L7MMPU8="; + cargoSha256 = "sha256-QL71pJ5RBWRRse5DXwctMvu+z818jEEQjaNBXHLy20Y="; meta = with lib; { description = "Mirror installed software on multiple machines"; From 347a704bf0fd205af732394a9ae3f724082f5bb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A1=D1=83=D1=85=D0=B0=D1=80=D0=B8=D0=BA?= <65870+suhr@users.noreply.github.com> Date: Wed, 24 Mar 2021 14:13:05 +0300 Subject: [PATCH 07/19] sfizz: 0.4.0 -> 0.5.1 --- pkgs/applications/audio/sfizz/default.nix | 37 ++++++++++++++++++++--- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/audio/sfizz/default.nix b/pkgs/applications/audio/sfizz/default.nix index 85bc9e3542c..153e52c82e1 100644 --- a/pkgs/applications/audio/sfizz/default.nix +++ b/pkgs/applications/audio/sfizz/default.nix @@ -1,20 +1,49 @@ -{ lib, stdenv, fetchFromGitHub , cmake, libjack2, libsndfile, pkg-config }: +{ lib, stdenv, fetchFromGitHub +, libjack2, libsndfile, xorg, freetype, libxkbcommon +, cairo, glib, gnome3, flac, libogg, libvorbis, libopus +, cmake, pkg-config +}: stdenv.mkDerivation rec { pname = "sfizz"; - version = "0.4.0"; + version = "0.5.1"; src = fetchFromGitHub { owner = "sfztools"; repo = pname; rev = version; - sha256 = "0zpmvmh7n0064rxfqxb7z9rnz493k7yq7nl0vxppqnasg97jn5f3"; + sha256 = "sha256-3RdY5+BPsdk6vctDy24w5aJsVOV9qzSgXs62Pm5UEKs="; fetchSubmodules = true; }; + buildInputs = [ + libjack2 + libsndfile + flac + libogg + libvorbis + libopus + xorg.libX11 + xorg.libxcb + xorg.libXau + xorg.libXdmcp + xorg.xcbutil + xorg.xcbutilcursor + xorg.xcbutilrenderutil + xorg.xcbutilkeysyms + xorg.xcbutilimage + libxkbcommon + cairo + glib + gnome3.zenity + freetype + ]; nativeBuildInputs = [ cmake pkg-config ]; - buildInputs = [ libjack2 libsndfile ]; + postPatch = '' + substituteInPlace editor/external/vstgui4/vstgui/lib/platform/linux/x11fileselector.cpp \ + --replace '"/usr/bin/zenity' '"${gnome3.zenity}/bin/zenity' + ''; cmakeFlags = [ "-DCMAKE_BUILD_TYPE=Release" From 8d9bf86f08f685df1a4ed49fa57885cd639901bd Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Fri, 26 Mar 2021 17:10:39 +0000 Subject: [PATCH 08/19] python38Packages.managesieve: 0.7 -> 0.7.1 --- pkgs/development/python-modules/managesieve/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/managesieve/default.nix b/pkgs/development/python-modules/managesieve/default.nix index 8559339b012..fd2eac2b2c7 100644 --- a/pkgs/development/python-modules/managesieve/default.nix +++ b/pkgs/development/python-modules/managesieve/default.nix @@ -6,11 +6,11 @@ buildPythonPackage rec { pname = "managesieve"; - version = "0.7"; + version = "0.7.1"; src = fetchPypi { inherit pname version; - sha256 = "1dx0j8hhjwip1ackaj2m4hqrrx2iiv846ic4wa6ymrawwb8iq8m6"; + sha256 = "44930a3b48332d23b35a5305ae7ba47904d4485ed1b7a22208b7d5ad9d60427a"; }; checkInputs = [ pytestCheckHook ]; From 1906aacec33eec5780136fed3058a4a91998d762 Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Sat, 6 Mar 2021 20:37:44 +0100 Subject: [PATCH 09/19] add clang${n}Stdenv aliases, just like gcc${n}Stdenv --- pkgs/top-level/aliases.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 84adc261adc..202684c2f89 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -99,6 +99,16 @@ mapAliases ({ cinepaint = throw "cinepaint has been removed from nixpkgs, as it was unmaintained"; # added 2019-12-10 cifs_utils = cifs-utils; # added 2016-08 ckb = ckb-next; # added 2018-10-21 + + # these are for convenience, not for backward compat and shouldn't expire + clang5Stdenv = lowPrio llvmPackages_5.stdenv; + clang6Stdenv = lowPrio llvmPackages_6.stdenv; + clang7Stdenv = lowPrio llvmPackages_7.stdenv; + clang8Stdenv = lowPrio llvmPackages_8.stdenv; + clang9Stdenv = lowPrio llvmPackages_9.stdenv; + clang10Stdenv = lowPrio llvmPackages_10.stdenv; + clang11Stdenv = lowPrio llvmPackages_11.stdenv; + clangAnalyzer = clang-analyzer; # added 2015-02-20 clawsMail = claws-mail; # added 2016-04-29 clutter_gtk = clutter-gtk; # added 2018-02-25 From d90adf06081c91712d3cb55cea33e6d16413bacc Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 27 Mar 2021 01:17:18 +0000 Subject: [PATCH 10/19] python38Packages.bitarray: 1.8.0 -> 1.8.1 --- pkgs/development/python-modules/bitarray/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/bitarray/default.nix b/pkgs/development/python-modules/bitarray/default.nix index 64bfdb89efb..dc09aa2c6bc 100644 --- a/pkgs/development/python-modules/bitarray/default.nix +++ b/pkgs/development/python-modules/bitarray/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "bitarray"; - version = "1.8.0"; + version = "1.8.1"; src = fetchPypi { inherit pname version; - sha256 = "fe4444d92b17073bf1f9f24e3015a0e5bb70a645c47df93ef8a9ce8be33fcbad"; + sha256 = "e02f79fba7a470d438eb39017d503498faaf760b17b6b46af1a9de12fd58d311"; }; pythonImportsCheck = [ "bitarray" ]; From ce6eb6175887d7232ad5f02e686bdbe7ce5dfc01 Mon Sep 17 00:00:00 2001 From: Alvar Penning Date: Sat, 27 Mar 2021 12:18:14 +0100 Subject: [PATCH 11/19] pythonPackages.pynmea2: 1.16.0 -> 1.17.0 --- pkgs/development/python-modules/pynmea2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pynmea2/default.nix b/pkgs/development/python-modules/pynmea2/default.nix index bf9a9eecfb8..8bb82fa330a 100644 --- a/pkgs/development/python-modules/pynmea2/default.nix +++ b/pkgs/development/python-modules/pynmea2/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "pynmea2"; - version = "1.16.0"; + version = "1.17.0"; src = fetchPypi { inherit pname version; - sha256 = "0w9g5qh573276404f04b46684ydlakv30ds0x0r4kcl370ljmfsg"; + sha256 = "0x5xrk51dpzsvky1ncikadm80a44a82j3mjjykmhmx7jddc5qh9d"; }; checkInputs = [ pytestCheckHook ]; From 87e44b865fdd8bf63dda53ec9c8fe5a4730b65a0 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 27 Mar 2021 12:04:29 +0000 Subject: [PATCH 12/19] grype: 0.8.0 -> 0.9.0 --- pkgs/tools/security/grype/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix index 6d67f038e4a..d10b10e1d29 100644 --- a/pkgs/tools/security/grype/default.nix +++ b/pkgs/tools/security/grype/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "grype"; - version = "0.8.0"; + version = "0.9.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-/OgAh33DF0UkBcc5GriGgeoZ7kae9GhGnUnIX6lGlys="; + sha256 = "sha256-X67TEHKmKKuTFGo55ZVkYVNw4f/d8aU2b/FQsq1OIJg="; }; vendorSha256 = "sha256-SGO8RKSOK0PHqSIJfTdcuAmqMtFuo9MBdiEylDUpOFo="; From 75f531b3fc6f902c6b60c70405a1102a635760b3 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 27 Mar 2021 14:22:16 +0100 Subject: [PATCH 13/19] webkitgtk: 2.30.5 -> 2.30.6 https://webkitgtk.org/security/WSA-2021-0002.html --- pkgs/development/libraries/webkitgtk/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/webkitgtk/default.nix b/pkgs/development/libraries/webkitgtk/default.nix index 490adf8e325..28722dc8fca 100644 --- a/pkgs/development/libraries/webkitgtk/default.nix +++ b/pkgs/development/libraries/webkitgtk/default.nix @@ -59,7 +59,7 @@ with lib; stdenv.mkDerivation rec { pname = "webkitgtk"; - version = "2.30.5"; + version = "2.30.6"; outputs = [ "out" "dev" ]; @@ -67,7 +67,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://webkitgtk.org/releases/${pname}-${version}.tar.xz"; - sha256 = "07vzbbnvz69rn9pciji4axfpclp98bpj4a0br2z0gbn5wc4an3bx"; + sha256 = "07kwkn7gnlfw4idl5vyyzhzbj2bjzvjrclbikn9vaw0pm73nwwsh"; }; patches = optionals stdenv.isLinux [ From b2eb2c8b4f422bee0f5f5a07cd705fadf1cbbc32 Mon Sep 17 00:00:00 2001 From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> Date: Sat, 27 Mar 2021 00:57:34 +0100 Subject: [PATCH 14/19] Revert "ocamlPackages.tcpip: 6.0.0 -> 6.1.0" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 988f5a5910bdba12f34b500e0dc3aa60042a75a6. The release process for many OCaml packages and in extension mirage related packages usually entails creating a release in the respective own repository so a release tarball becomes available and then opening a PR against ocaml/opam-repository to finalize the release. During this new issues can be discovered which push the release back. This happened for mirage-tcpip 6.1.0 several times: https://github.com/ocaml/opam-repository/pull/18357 Prompting in total 3 different 6.1.0 releases with different hashes respectively (the hash for ocamlPackages.tcpip.src shouldn't be reproducible anymore, but we probably have cached the tarball already). Ultimately the PR to opam-repository was closed to investigate some failures on opam-repository's CI and the release postponed: https://github.com/ocaml/opam-repository/pull/18357#issuecomment-808434285 I jumped the gun with the release and updated tcpip in nixpkgs before tcpip was “properly” released in opam. I usually watch the github repository of package I maintain for releases and can react pretty quickly to a release as a result. Most of the time I also check opam-repository's PRs nowadays for extra context or information, but when everything seems fine and tests succeed I deem the update alright to PR to nixpkgs. Being faster than opam was achievable in these cases and actually seems kind of tantalizing. In the light of this experience however, we should wait for the opam PR getting merged at least for some packages that exhibit this behavior of rereleasing the same version number multiple times to get the release just right (afaik the 6.1.0 tag pointed to three different revisions for tcpip). To me this is questionable upstream behavior we just have to deal with in some way. --- .../ocaml-modules/tcpip/default.nix | 11 +++------- .../tcpip/no-opam-pkg-config-path.patch | 21 ------------------- 2 files changed, 3 insertions(+), 29 deletions(-) delete mode 100644 pkgs/development/ocaml-modules/tcpip/no-opam-pkg-config-path.patch diff --git a/pkgs/development/ocaml-modules/tcpip/default.nix b/pkgs/development/ocaml-modules/tcpip/default.nix index 6e639f984cb..80fa01066f1 100644 --- a/pkgs/development/ocaml-modules/tcpip/default.nix +++ b/pkgs/development/ocaml-modules/tcpip/default.nix @@ -1,5 +1,5 @@ { lib, buildDunePackage, fetchurl -, bisect_ppx, ppx_cstruct, pkg-config +, bisect_ppx, ppx_cstruct , rresult, cstruct, cstruct-lwt, mirage-net, mirage-clock , mirage-random, mirage-stack, mirage-protocols, mirage-time , ipaddr, macaddr, macaddr-cstruct, mirage-profile, fmt @@ -11,23 +11,18 @@ buildDunePackage rec { pname = "tcpip"; - version = "6.1.0"; + version = "6.0.0"; useDune2 = true; src = fetchurl { url = "https://github.com/mirage/mirage-${pname}/releases/download/v${version}/${pname}-v${version}.tbz"; - sha256 = "e81c98a6e80e05f9fa4e5fbee50e6c247f6011254c7b1d9a0e58bae318c1f0c8"; + sha256 = "0wbrs8jz1vw3zdrqmqcwawxh4yhc2gy30rw7gz4w116cblkvnb8s"; }; - patches = [ - ./no-opam-pkg-config-path.patch - ]; - nativeBuildInputs = [ bisect_ppx ppx_cstruct - pkg-config ]; propagatedBuildInputs = [ diff --git a/pkgs/development/ocaml-modules/tcpip/no-opam-pkg-config-path.patch b/pkgs/development/ocaml-modules/tcpip/no-opam-pkg-config-path.patch deleted file mode 100644 index a7e9155ce5a..00000000000 --- a/pkgs/development/ocaml-modules/tcpip/no-opam-pkg-config-path.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/freestanding/Makefile b/freestanding/Makefile -index f22d220d..4bb3ac57 100644 ---- a/freestanding/Makefile -+++ b/freestanding/Makefile -@@ -1,6 +1,4 @@ --PKG_CONFIG_PATH := $(shell opam config var prefix)/lib/pkgconfig -- --EXISTS := $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) pkg-config --exists ocaml-freestanding; echo $$?) -+EXISTS := $(shell pkg-config --exists ocaml-freestanding; echo $$?) - - .PHONY: all clean - all: libtcpip_freestanding_stubs.a -@@ -10,7 +8,7 @@ libtcpip_freestanding_stubs.a: - touch $@ - else - CC ?= cc --FREESTANDING_CFLAGS := $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) pkg-config --cflags ocaml-freestanding) -+FREESTANDING_CFLAGS := $(shell pkg-config --cflags ocaml-freestanding) - CFLAGS := $(FREESTANDING_CFLAGS) - - OBJS=checksum_stubs.o From f12df7e1005438d9f89fb89a1e4714dadeb6a6c1 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Sat, 27 Mar 2021 15:04:19 +0000 Subject: [PATCH 15/19] lazydocker: 0.10 -> 0.12 --- pkgs/tools/misc/lazydocker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/lazydocker/default.nix b/pkgs/tools/misc/lazydocker/default.nix index ed186772ab7..2a63074c8d7 100644 --- a/pkgs/tools/misc/lazydocker/default.nix +++ b/pkgs/tools/misc/lazydocker/default.nix @@ -2,13 +2,13 @@ buildGoPackage rec { pname = "lazydocker"; - version = "0.10"; + version = "0.12"; src = fetchFromGitHub { owner = "jesseduffield"; repo = "lazydocker"; rev = "v${version}"; - sha256 = "04j5bcsxm2yf74zkphnjrg8j3w0v6bsny8sg2k4gbisgshl1i3p8"; + sha256 = "sha256-bpc83DFAyrAQ3VI9saYe+10ZQqOHgscerRKRyjfYD4g="; }; goPackagePath = "github.com/jesseduffield/lazydocker"; From 60b85e6b95488488d3b233800ce02f77706970bb Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 27 Mar 2021 16:24:16 +0100 Subject: [PATCH 16/19] python3Packages.tldextract: enable tests (#117787) --- .../python-modules/tldextract/default.nix | 48 +++++++++++++++---- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/pkgs/development/python-modules/tldextract/default.nix b/pkgs/development/python-modules/tldextract/default.nix index b91289e5061..d5b257abedf 100644 --- a/pkgs/development/python-modules/tldextract/default.nix +++ b/pkgs/development/python-modules/tldextract/default.nix @@ -1,28 +1,56 @@ -{ lib, fetchPypi, buildPythonPackage, setuptools_scm -, requests, requests-file, idna, filelock, pytest +{ lib +, buildPythonPackage +, fetchPypi +, filelock +, idna +, pytest-mock +, pytestCheckHook +, pythonOlder +, requests +, requests-file , responses +, setuptools-scm }: buildPythonPackage rec { pname = "tldextract"; version = "3.1.0"; + disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; sha256 = "cfae9bc8bda37c3e8c7c8639711ad20e95dc85b207a256b60b0b23d7ff5540ea"; }; - propagatedBuildInputs = [ requests requests-file idna filelock ]; - checkInputs = [ pytest responses ]; - nativeBuildInputs = [ setuptools_scm ]; + nativeBuildInputs = [ setuptools-scm ]; + + propagatedBuildInputs = [ + filelock + idna + requests + requests-file + ]; + + checkInputs = [ + pytest-mock + pytestCheckHook + responses + ]; + + postPatch = '' + substituteInPlace pytest.ini --replace " --pylint" "" + ''; - # No tests included - doCheck = false; pythonImportsCheck = [ "tldextract" ]; - meta = { + meta = with lib; { + description = "Python module to accurately separate the TLD from the domain of an URL"; + longDescription = '' + tldextract accurately separates the gTLD or ccTLD (generic or country code top-level domain) + from the registered domain and subdomains of a URL. + ''; homepage = "https://github.com/john-kurkowski/tldextract"; - description = "Accurately separate the TLD from the registered domain and subdomains of a URL, using the Public Suffix List"; - license = lib.licenses.bsd3; + license = with licenses; [ bsd3 ]; + maintainers = with maintainers; [ fab ]; }; } From 29d77c57edefc8412eb9abb23985d9371d409c76 Mon Sep 17 00:00:00 2001 From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> Date: Thu, 18 Mar 2021 16:25:48 +0100 Subject: [PATCH 17/19] dot-merlin-reader: 3.4.2 -> 4.1 4.1 uncoupled the versions between merlin and dot-merlin-reader which means we can and must update them independently of each other since merlin 4.1 is only available in specific versions for OCaml 4.11 and 4.12 respectively. Therefore merlin now fetches its own source instead of inheriting it from dot-merlin-reader. --- pkgs/development/tools/ocaml/merlin/default.nix | 8 +++++++- pkgs/development/tools/ocaml/merlin/dot-merlin-reader.nix | 8 ++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/pkgs/development/tools/ocaml/merlin/default.nix b/pkgs/development/tools/ocaml/merlin/default.nix index ce168084f2c..1c9b549d612 100644 --- a/pkgs/development/tools/ocaml/merlin/default.nix +++ b/pkgs/development/tools/ocaml/merlin/default.nix @@ -3,8 +3,14 @@ buildDunePackage rec { pname = "merlin"; + version = "3.4.2"; - inherit (dot-merlin-reader) src version useDune2; + src = fetchurl { + url = "https://github.com/ocaml/merlin/releases/download/v${version}/merlin-v${version}.tbz"; + sha256 = "e1b7b897b11119d92995c558530149fd07bd67a4aaf140f55f3c4ffb5e882a81"; + }; + + useDune2 = true; minimumOCamlVersion = "4.02.3"; diff --git a/pkgs/development/tools/ocaml/merlin/dot-merlin-reader.nix b/pkgs/development/tools/ocaml/merlin/dot-merlin-reader.nix index b3b73776058..894fe6f75ae 100644 --- a/pkgs/development/tools/ocaml/merlin/dot-merlin-reader.nix +++ b/pkgs/development/tools/ocaml/merlin/dot-merlin-reader.nix @@ -2,15 +2,15 @@ buildDunePackage rec { pname = "dot-merlin-reader"; - version = "3.4.2"; + version = "4.1"; useDune2 = true; - minimumOCamlVersion = "4.02.1"; + minimumOCamlVersion = "4.06"; src = fetchurl { - url = "https://github.com/ocaml/merlin/releases/download/v${version}/merlin-v${version}.tbz"; - sha256 = "109ai1ggnkrwbzsl1wdalikvs1zx940m6n65jllxj68in6bvidz1"; + url = "https://github.com/ocaml/merlin/releases/download/v${version}/dot-merlin-reader-v${version}.tbz"; + sha256 = "14a36d6fb8646a5df4530420a7861722f1a4ee04753717947305e3676031e7cd"; }; buildInputs = [ yojson csexp result ]; From ef6450411f1c924463508a6b01e36801784042f3 Mon Sep 17 00:00:00 2001 From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> Date: Thu, 18 Mar 2021 17:15:41 +0100 Subject: [PATCH 18/19] ocamlPackages_4_{11,12}: merlin: 3.4.2 -> 4.1 Add nix expression for the OCaml-version specific versions of merlin 4.1 and conditionally call it in ocaml-packages.nix. --- pkgs/development/tools/ocaml/merlin/4.x.nix | 77 +++++++++++++++++++++ pkgs/top-level/ocaml-packages.nix | 5 +- 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/tools/ocaml/merlin/4.x.nix diff --git a/pkgs/development/tools/ocaml/merlin/4.x.nix b/pkgs/development/tools/ocaml/merlin/4.x.nix new file mode 100644 index 00000000000..77595169565 --- /dev/null +++ b/pkgs/development/tools/ocaml/merlin/4.x.nix @@ -0,0 +1,77 @@ +{ lib +, substituteAll +, fetchurl +, ocaml +, dune_2 +, buildDunePackage +, yojson +, csexp +, result +, dot-merlin-reader +, jq +, menhir +}: + +let + merlinVersion = "4.1"; + + hashes = { + "4.1-411" = "9e2e6fc799c93ce1f2c7181645eafa37f64e43ace062b69218e1c29ac459937d"; + "4.1-412" = "fb4caede73bdb8393bd60e31792af74b901ae2d319ac2f2a2252c694d2069d8d"; + }; + + ocamlVersionShorthand = lib.concatStrings + (lib.take 2 (lib.splitVersion ocaml.version)); + + version = "${merlinVersion}-${ocamlVersionShorthand}"; +in + +if !lib.hasAttr version hashes +then builtins.throw "merlin ${merlinVersion} is not available for OCaml ${ocaml.version}" +else + +buildDunePackage { + pname = "merlin"; + inherit version; + + src = fetchurl { + url = "https://github.com/ocaml/merlin/releases/download/v${version}/merlin-v${version}.tbz"; + sha256 = hashes."${version}"; + }; + + patches = [ + (substituteAll { + src = ./fix-paths.patch; + dot_merlin_reader = "${dot-merlin-reader}/bin/dot-merlin-reader"; + dune = "${dune_2}/bin/dune"; + }) + ]; + + useDune2 = true; + + buildInputs = [ + dot-merlin-reader + yojson + csexp + result + ]; + + doCheck = true; + checkPhase = '' + runHook preCheck + patchShebangs tests/merlin-wrapper + dune runtest # filtering with -p disables tests + runHook postCheck + ''; + checkInputs = [ + jq + menhir + ]; + + meta = with lib; { + description = "An editor-independent tool to ease the development of programs in OCaml"; + homepage = "https://github.com/ocaml/merlin"; + license = licenses.mit; + maintainers = [ maintainers.vbgl maintainers.sternenseemann ]; + }; +} diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix index 14dddf0490f..61728d14095 100644 --- a/pkgs/top-level/ocaml-packages.nix +++ b/pkgs/top-level/ocaml-packages.nix @@ -634,7 +634,10 @@ let menhir = callPackage ../development/ocaml-modules/menhir { }; - merlin = callPackage ../development/tools/ocaml/merlin { }; + merlin = + if lib.versionAtLeast ocaml.version "4.11" + then callPackage ../development/tools/ocaml/merlin/4.x.nix { } + else callPackage ../development/tools/ocaml/merlin { }; merlin-extend = callPackage ../development/ocaml-modules/merlin-extend { }; From f615c23325e13a54ba18cdfabd1eaf7ace0b0741 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 27 Mar 2021 17:40:29 +0100 Subject: [PATCH 19/19] bashate: init at 2.0.0 (#117469) --- pkgs/development/tools/bashate/default.nix | 43 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 45 insertions(+) create mode 100644 pkgs/development/tools/bashate/default.nix diff --git a/pkgs/development/tools/bashate/default.nix b/pkgs/development/tools/bashate/default.nix new file mode 100644 index 00000000000..cc5d3aca2c3 --- /dev/null +++ b/pkgs/development/tools/bashate/default.nix @@ -0,0 +1,43 @@ +{ lib +, Babel +, buildPythonApplication +, fetchPypi +, fixtures +, mock +, pbr +, pytestCheckHook +, pythonOlder +, setuptools +}: + +buildPythonApplication rec { + pname = "bashate"; + version = "2.0.0"; + disabled = pythonOlder "3.5"; + + src = fetchPypi { + inherit pname version; + sha256 = "05qsaaqfpvr6h4g19prbkpznwb9a4dwzyzivdzh9x80cgkq0r6gb"; + }; + + propagatedBuildInputs = [ + Babel + pbr + setuptools + ]; + + checkInputs = [ + fixtures + mock + pytestCheckHook + ]; + + pythonImportsCheck = [ "bashate" ]; + + meta = with lib; { + description = "Style enforcement for bash programs"; + homepage = "https://opendev.org/openstack/bashate"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e71c6a7d3a2..4612a89430b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1134,6 +1134,8 @@ in barman = python3Packages.callPackage ../tools/misc/barman { }; + bashate = python3Packages.callPackage ../development/tools/bashate { }; + bash-my-aws = callPackage ../tools/admin/bash-my-aws { }; bashcards = callPackage ../tools/misc/bashcards { };