From 2058ec85f6af2b0afd7c2df62c9a88e57c279edf Mon Sep 17 00:00:00 2001
From: Nikita Ursol <nikita20001116@gmail.com>
Date: Mon, 25 Jan 2021 19:14:43 +0200
Subject: [PATCH 01/25] rofi: wrap gdk-pixbuf, fixes svg icons

---
 pkgs/applications/misc/rofi/wrapper.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/misc/rofi/wrapper.nix b/pkgs/applications/misc/rofi/wrapper.nix
index 4e69f9cce14..6115544e79f 100644
--- a/pkgs/applications/misc/rofi/wrapper.nix
+++ b/pkgs/applications/misc/rofi/wrapper.nix
@@ -1,4 +1,4 @@
-{ symlinkJoin, lib, rofi-unwrapped, makeWrapper, hicolor-icon-theme, theme ? null, plugins ? [] }:
+{ symlinkJoin, lib, rofi-unwrapped, makeWrapper, wrapGAppsHook, gdk-pixbuf, hicolor-icon-theme, theme ? null, plugins ? [] }:
 
 symlinkJoin {
   name = "rofi-${rofi-unwrapped.version}";
@@ -7,16 +7,23 @@ symlinkJoin {
     rofi-unwrapped.out
   ] ++ (lib.forEach plugins (p: p.out));
 
-  buildInputs = [ makeWrapper ];
+  nativeBuildInputs = [ makeWrapper wrapGAppsHook ];
+  buildInputs = [ gdk-pixbuf ];
+
   preferLocalBuild = true;
   passthru.unwrapped = rofi-unwrapped;
+
+  dontWrapGApps = true;
+
   postBuild = ''
     rm -rf $out/bin
     mkdir $out/bin
     ln -s ${rofi-unwrapped}/bin/* $out/bin
-
     rm $out/bin/rofi
+
+    gappsWrapperArgsHook
     makeWrapper ${rofi-unwrapped}/bin/rofi $out/bin/rofi \
+      ''${gappsWrapperArgs[@]} \
       --prefix XDG_DATA_DIRS : ${hicolor-icon-theme}/share \
       ${lib.optionalString (plugins != []) ''--prefix XDG_DATA_DIRS : ${lib.concatStringsSep ":" (lib.forEach plugins (p: "${p.out}/share"))}''} \
       ${lib.optionalString (theme != null) ''--add-flags "-theme ${theme}"''} \

From eccf52763d080bac2f829048851ce62f53fadac2 Mon Sep 17 00:00:00 2001
From: Atemu <atemu.main@gmail.com>
Date: Wed, 27 Jan 2021 17:44:13 +0100
Subject: [PATCH 02/25] zen-kernels: 5.10.10 -> 5.10.15

---
 pkgs/os-specific/linux/kernel/linux-lqx.nix | 4 ++--
 pkgs/os-specific/linux/kernel/linux-zen.nix | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-lqx.nix b/pkgs/os-specific/linux/kernel/linux-lqx.nix
index e466b76867c..c8575907f43 100644
--- a/pkgs/os-specific/linux/kernel/linux-lqx.nix
+++ b/pkgs/os-specific/linux/kernel/linux-lqx.nix
@@ -1,7 +1,7 @@
 { lib, fetchFromGitHub, buildLinux, linux_zen, ... } @ args:
 
 let
-  version = "5.10.10";
+  version = "5.10.15";
   suffix = "lqx2";
 in
 
@@ -14,7 +14,7 @@ buildLinux (args // {
     owner = "zen-kernel";
     repo = "zen-kernel";
     rev = "v${version}-${suffix}";
-    sha256 = "1cjgx9qjfkiaalqkcdmibsrq2frwd621rwcg6w05ms4w9lnwi3af";
+    sha256 = "11dgaqj1xr5hq6wxscrkln68dwqq4lakvfkr646x2yfynry1jqjk";
   };
 
   extraMeta = {
diff --git a/pkgs/os-specific/linux/kernel/linux-zen.nix b/pkgs/os-specific/linux/kernel/linux-zen.nix
index b30ee996649..0a658b73343 100644
--- a/pkgs/os-specific/linux/kernel/linux-zen.nix
+++ b/pkgs/os-specific/linux/kernel/linux-zen.nix
@@ -1,8 +1,8 @@
 { lib, fetchFromGitHub, buildLinux, ... } @ args:
 
 let
-  version = "5.10.10";
-  suffix = "zen1";
+  version = "5.10.15";
+  suffix = "zen2";
 in
 
 buildLinux (args // {
@@ -14,7 +14,7 @@ buildLinux (args // {
     owner = "zen-kernel";
     repo = "zen-kernel";
     rev = "v${version}-${suffix}";
-    sha256 = "0jsi2q8k1w5zs5l6z1brm2mxpl9arv6n6linc8yj6xc75nydw6w4";
+    sha256 = "18qgh79hi1ph6x16sbvq36icv7c5bkdvh193wqjnbvwf0yph09as";
   };
 
   extraMeta = {

From c7b65c5205c9c12455624fd265a07251ff35fa8d Mon Sep 17 00:00:00 2001
From: mbaeten <mbaeten@users.noreply.github.com>
Date: Thu, 18 Feb 2021 23:18:12 +0100
Subject: [PATCH 03/25] maintainers: add mbaeten

---
 maintainers/maintainer-list.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index da8fdd1a64a..3c8a30485b1 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -5884,6 +5884,12 @@
     githubId = 22836301;
     name = "Mateusz Mazur";
   };
+  mbaeten = {
+    email = "mbaeten@users.noreply.github.com";
+    github = "mbaeten";
+    githubId = 2649304;
+    name = "M. Baeten";
+  };
   mbakke = {
     email = "mbakke@fastmail.com";
     github = "mbakke";

From ec37ccb3924223a65701ae54f16edf448478937e Mon Sep 17 00:00:00 2001
From: mbaeten <mbaeten@users.noreply.github.com>
Date: Fri, 19 Feb 2021 03:25:51 +0100
Subject: [PATCH 04/25] pragha: init at 1.3.4

---
 pkgs/applications/audio/pragha/default.nix | 103 +++++++++++++++++++++
 pkgs/top-level/all-packages.nix            |   2 +
 2 files changed, 105 insertions(+)
 create mode 100644 pkgs/applications/audio/pragha/default.nix

diff --git a/pkgs/applications/audio/pragha/default.nix b/pkgs/applications/audio/pragha/default.nix
new file mode 100644
index 00000000000..bc6ef526ea7
--- /dev/null
+++ b/pkgs/applications/audio/pragha/default.nix
@@ -0,0 +1,103 @@
+{ lib
+, intltool
+, mkDerivation
+, installShellFiles
+, pkg-config
+, fetchFromGitHub
+, dbus-glib
+, desktop-file-utils
+, hicolor-icon-theme
+, pcre
+, qtbase
+, sqlite
+, taglib
+, zlib
+, gtk3
+, libpeas
+, libcddb
+, libcdio
+, gst_all_1, withGstPlugins ? true
+, glyr, withGlyr ? true
+, liblastfmSF, withLastfm ? true
+, libcdio-paranoia, withCD ? true
+, keybinder3, withKeybinder ? false
+, libnotify, withLibnotify ? false
+, libsoup, withLibsoup ? false
+, libgudev, withGudev ? false # experimental
+, libmtp, withMtp ? false # experimental
+, xfce, withXfce4ui ? false
+, totem-pl-parser, withTotemPlParser ? false
+# , grilo, withGrilo ? false
+# , rygel, withRygel ? true
+}:
+
+assert withGlyr -> withLastfm;
+assert withLastfm -> withCD;
+
+mkDerivation rec {
+  pname = "pragha";
+  version = "1.3.4";
+
+  src = fetchFromGitHub {
+    owner = "pragha-music-player";
+    repo = "pragha";
+    rev = "v${version}";
+    sha256 = "sha256:0n8gx8amg5l9g4w7s4agjf8mlmpgjydgzx3vryp9lzzs9xrd5vqh";
+  };
+
+  nativeBuildInputs = [
+    intltool
+    pkg-config
+    xfce.xfce4-dev-tools
+    desktop-file-utils
+    installShellFiles
+  ];
+
+  buildInputs = with gst_all_1; [
+    dbus-glib
+    gstreamer
+    gst-plugins-base
+    gtk3
+    hicolor-icon-theme
+    libpeas
+    pcre
+    qtbase
+    sqlite
+    taglib
+    zlib
+  ]
+  ++ lib.optionals withGstPlugins [ gst-plugins-good gst-plugins-bad gst-plugins-ugly ]
+  ++ lib.optionals withCD [ libcddb libcdio libcdio-paranoia ]
+  ++ lib.optional withGudev libgudev
+  ++ lib.optional withKeybinder keybinder3
+  ++ lib.optional withLibnotify libnotify
+  ++ lib.optional withLastfm liblastfmSF
+  ++ lib.optional withGlyr glyr
+  ++ lib.optional withLibsoup libsoup
+  ++ lib.optional withMtp libmtp
+  ++ lib.optional withXfce4ui xfce.libxfce4ui
+  ++ lib.optional withTotemPlParser totem-pl-parser
+  # ++ lib.optional withGrilo grilo
+  # ++ lib.optional withRygel rygel
+  ;
+
+  CFLAGS = [ "-DHAVE_PARANOIA_NEW_INCLUDES" ];
+
+  NIX_CFLAGS_COMPILE = "-I${lib.getDev gst_all_1.gst-plugins-base}/include/gstreamer-1.0";
+
+  postInstall = ''
+    qtWrapperArgs+=(--prefix GST_PLUGIN_SYSTEM_PATH_1_0 : "$GST_PLUGIN_SYSTEM_PATH_1_0")
+
+    install -m 444 data/${pname}.desktop $out/share/applications
+    install -d $out/share/pixmaps
+    installManPage data/${pname}.1
+  '';
+
+  meta = with lib; {
+    description = "A lightweight GTK+ music manager - fork of Consonance Music Manager";
+    homepage = "https://pragha-music-player.github.io/";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ mbaeten ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c4c0ba9a7b6..a8848065955 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -23769,6 +23769,8 @@ in
 
   ncmpcpp = callPackage ../applications/audio/ncmpcpp { };
 
+  pragha = libsForQt5.callPackage ../applications/audio/pragha { };
+
   rofi-mpd = callPackage ../applications/audio/rofi-mpd { };
 
   rofi-calc = callPackage ../applications/science/math/rofi-calc { };

From 06e8cbf83f895d73c7d3084e18d361771ab4c886 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sat, 20 Feb 2021 19:03:27 +0000
Subject: [PATCH 05/25] cargo-deny: 0.8.5 -> 0.8.7

---
 pkgs/development/tools/rust/cargo-deny/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/tools/rust/cargo-deny/default.nix b/pkgs/development/tools/rust/cargo-deny/default.nix
index ba126e57a14..ea7f01ada77 100644
--- a/pkgs/development/tools/rust/cargo-deny/default.nix
+++ b/pkgs/development/tools/rust/cargo-deny/default.nix
@@ -7,16 +7,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-deny";
-  version = "0.8.5";
+  version = "0.8.7";
 
   src = fetchFromGitHub {
     owner = "EmbarkStudios";
     repo = pname;
     rev = version;
-    sha256 = "01czsnhlvs78fpx1kpi75386657jmlrqpsj4474nxmgcs75igncx";
+    sha256 = "sha256-LXc4PFJ1FbdF3yotqqOkhhe+MKGZ4sqJgxAvDml9GeA=";
   };
 
-  cargoSha256 = "1d5vh6cifkvqxmbgc2z9259q8879fjw016z959hfivv38rragqbr";
+  cargoSha256 = "sha256-4FFyRhmMpzKmKrvU2bmGHWUnLAbTDU1bPv7RfhQfYeY=";
 
   doCheck = false;
 

From f3074fb6378c6da21f35d33befc58ac1101a3a4b Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sat, 20 Feb 2021 19:40:18 +0000
Subject: [PATCH 06/25] cointop: 1.6.0 -> 1.6.2

---
 pkgs/applications/misc/cointop/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/misc/cointop/default.nix b/pkgs/applications/misc/cointop/default.nix
index e12c2c90dee..ffdcf021b02 100644
--- a/pkgs/applications/misc/cointop/default.nix
+++ b/pkgs/applications/misc/cointop/default.nix
@@ -2,13 +2,13 @@
 
 buildGoPackage rec {
   pname = "cointop";
-  version = "1.6.0";
+  version = "1.6.2";
 
   src = fetchFromGitHub {
     owner = "miguelmota";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-P2LR42Qn5bBF5xcfCbxiGFBwkW/kAKVGiyED37OdZLo=";
+    sha256 = "sha256-4Ae8lzaec7JeYfmeLleatUS/xQUjea7O4XJ9DOgJIMs=";
   };
 
   goPackagePath = "github.com/miguelmota/cointop";

From ceeccb2ce2cc57162d892e34b22019e8c0c61003 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sat, 20 Feb 2021 20:12:00 +0000
Subject: [PATCH 07/25] dnscontrol: 3.6.0 -> 3.7.0

---
 pkgs/applications/networking/dnscontrol/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/networking/dnscontrol/default.nix b/pkgs/applications/networking/dnscontrol/default.nix
index 2af3e8fe560..1b8ff4622f2 100644
--- a/pkgs/applications/networking/dnscontrol/default.nix
+++ b/pkgs/applications/networking/dnscontrol/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "dnscontrol";
-  version = "3.6.0";
+  version = "3.7.0";
 
   src = fetchFromGitHub {
     owner = "StackExchange";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-I1PaDHPocQuoSOyfnxDWwIR+7S9l/odX4SCeAae/jv8=";
+    sha256 = "sha256-el94Iq7/+1FfGpqbhKEO6FGpaCxoueoc/+Se+WfT+G0=";
   };
 
-  vendorSha256 = "sha256-H0i5MoVX5O0CgHOvefDEyzBWvBZvJZUrC9xBq9CHgeE=";
+  vendorSha256 = "sha256-MSHg1RWjbXm1pf6HTyJL4FcnLuacL9fO1F6zbouVkWg=";
 
   subPackages = [ "." ];
 

From 2b5a8787b386b8c0145f1473d778e5c231c7be8e Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sat, 20 Feb 2021 20:30:20 +0000
Subject: [PATCH 08/25] emplace: 1.0.0 -> 1.1.0

---
 pkgs/tools/package-management/emplace/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/package-management/emplace/default.nix b/pkgs/tools/package-management/emplace/default.nix
index e5da9a1d7b4..5a5b1458113 100644
--- a/pkgs/tools/package-management/emplace/default.nix
+++ b/pkgs/tools/package-management/emplace/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "emplace";
-  version = "1.0.0";
+  version = "1.1.0";
 
   src = fetchFromGitHub {
     owner = "tversteeg";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-dDFc13IVD4f5UgiHXAcqRKoZEPTn/iBOogT3XfdstK0=";
+    sha256 = "sha256-FO3N5Dyk87GzPEhQDX2QVDulw15BnpsljawY2RFy2Qk=";
   };
 
-  cargoSha256 = "sha256-QsYOR7tk5cRCF0+xkpJ/F+Z3pjBPxTDFvA1gEi82AOQ=";
+  cargoSha256 = "sha256-/XZ88ChOCLP5/pZ9UkAAWqO/jFUwbo5FJQ2GZip1gP4=";
 
   meta = with lib; {
     description = "Mirror installed software on multiple machines";

From 2f199f0c96bdeaad7b6cc21855ac765b06c1d7f0 Mon Sep 17 00:00:00 2001
From: Adam Saponara <as@php.net>
Date: Sat, 20 Feb 2021 16:12:16 -0500
Subject: [PATCH 09/25] termbox: 1.1.2 -> 1.1.4

Repointing repo to termbox/termbox as nsf/termbox is no
longer maintained.
---
 .../development/libraries/termbox/default.nix | 23 ++++++-------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/pkgs/development/libraries/termbox/default.nix b/pkgs/development/libraries/termbox/default.nix
index e809240bcd1..51c2ca1c808 100644
--- a/pkgs/development/libraries/termbox/default.nix
+++ b/pkgs/development/libraries/termbox/default.nix
@@ -1,31 +1,22 @@
-{ lib, stdenv, fetchFromGitHub, python3, wafHook, fetchpatch }:
+{ lib, stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation rec {
   pname = "termbox";
-  version = "1.1.2";
+  version = "1.1.4";
   src = fetchFromGitHub {
-    owner = "nsf";
+    owner = "termbox";
     repo = "termbox";
     rev = "v${version}";
-    sha256 = "08yqxzb8fny8806p7x8a6f3phhlbfqdd7dhkv25calswj7w1ssvs";
+    sha256 = "075swv6ajx8m424dbmgbf6fs6nd5q004gjpvx48gkxmnf9spvykl";
   };
 
-  # patch which updates the `waf` version used to build
-  # to make the package buildable on Python 3.7
-  patches = [
-    (fetchpatch {
-      url = "https://github.com/nsf/termbox/commit/6fe63ac3ad63dc2c3ac45b770541cc8b7a1d2db7.patch";
-      sha256 = "1s5747v51sdwvpsg6k9y1j60yn9f63qnylkgy8zrsifjzzd5fzl6";
-    })
-  ];
-
-  nativeBuildInputs = [ python3 wafHook ];
+  makeFlags = [ "prefix=${placeholder "out"}" ];
 
   meta = with lib; {
     description = "Library for writing text-based user interfaces";
     license = licenses.mit;
-    homepage = "https://github.com/nsf/termbox#readme";
-    downloadPage = "https://github.com/nsf/termbox/releases";
+    homepage = "https://github.com/termbox/termbox#readme";
+    downloadPage = "https://github.com/termbox/termbox/releases";
     maintainers = with maintainers; [ fgaz ];
   };
 }

From 2f8425c8677a08be1a5903e20134f8b9e886db72 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sat, 20 Feb 2021 21:40:00 +0000
Subject: [PATCH 10/25] git-cola: 3.8 -> 3.9

---
 .../version-management/git-and-tools/git-cola/default.nix     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/version-management/git-and-tools/git-cola/default.nix b/pkgs/applications/version-management/git-and-tools/git-cola/default.nix
index 5e105ad9dd3..37c10bf2f98 100644
--- a/pkgs/applications/version-management/git-and-tools/git-cola/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git-cola/default.nix
@@ -5,13 +5,13 @@ let
 
 in buildPythonApplication rec {
   pname = "git-cola";
-  version = "3.8";
+  version = "3.9";
 
   src = fetchFromGitHub {
     owner = "git-cola";
     repo = "git-cola";
     rev = "v${version}";
-    sha256 = "1qxv2k8lxcxpqx46ka7f042xk90xns5w9lc4009cxmsqvcdba03a";
+    sha256 = "11186pdgaw5p4iv10dqcnynf5pws2v9nhqqqca7z5b7m20fpfjl7";
   };
 
   buildInputs = [ git gettext ];

From dd54d77845d405ce4982b14fb51e8d14cd0d70ef Mon Sep 17 00:00:00 2001
From: Ivan Babrou <github@ivan.computer>
Date: Tue, 9 Feb 2021 10:43:08 -0800
Subject: [PATCH 11/25] libgcrypt: disable asm on aarch64-darwin

See: https://dev.gnupg.org/T5157
---
 pkgs/development/libraries/libgcrypt/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/libgcrypt/default.nix b/pkgs/development/libraries/libgcrypt/default.nix
index 081b67b1663..74098f7e003 100644
--- a/pkgs/development/libraries/libgcrypt/default.nix
+++ b/pkgs/development/libraries/libgcrypt/default.nix
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
     ++ lib.optional enableCapabilities libcap;
 
   configureFlags = [ "--with-libgpg-error-prefix=${libgpgerror.dev}" ]
-   ++ lib.optional stdenv.hostPlatform.isMusl "--disable-asm";
+      ++ lib.optional (stdenv.hostPlatform.isMusl || (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64)) "--disable-asm"; # for darwin see https://dev.gnupg.org/T5157
 
   # Necessary to generate correct assembly when compiling for aarch32 on
   # aarch64

From 39383a8494c5a1f754899667e7e6058c0c9ff105 Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@mur.at>
Date: Sun, 21 Feb 2021 00:48:52 +0100
Subject: [PATCH 12/25] nixos/rngd: Remove module entirely, leave an
 explaination

Per @shlevy's request on #96092.
---
 nixos/modules/security/rngd.nix | 64 +++++++--------------------------
 1 file changed, 12 insertions(+), 52 deletions(-)

diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix
index cb885c4762d..8cca1c26d68 100644
--- a/nixos/modules/security/rngd.nix
+++ b/nixos/modules/security/rngd.nix
@@ -1,56 +1,16 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
+{ lib, ... }:
 let
-  cfg = config.security.rngd;
+  removed = k: lib.mkRemovedOptionModule [ "security" "rngd" k ];
 in
 {
-  options = {
-    security.rngd = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to enable the rng daemon.  Devices that the kernel recognises
-          as entropy sources are handled automatically by krngd.
-        '';
-      };
-      debug = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Whether to enable debug output (-d).";
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.rngd = {
-      bindsTo = [ "dev-random.device" ];
-
-      after = [ "dev-random.device" ];
-
-      # Clean shutdown without DefaultDependencies
-      conflicts = [ "shutdown.target" ];
-      before = [
-        "sysinit.target"
-        "shutdown.target"
-      ];
-
-      description = "Hardware RNG Entropy Gatherer Daemon";
-
-      # rngd may have to start early to avoid entropy starvation during boot with encrypted swap
-      unitConfig.DefaultDependencies = false;
-      serviceConfig = {
-        ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
-          + optionalString cfg.debug " -d";
-        # PrivateTmp would introduce a circular dependency if /tmp is on tmpfs and swap is encrypted,
-        # thus depending on rngd before swap, while swap depends on rngd to avoid entropy starvation.
-        NoNewPrivileges = true;
-        PrivateNetwork = true;
-        ProtectSystem = "full";
-        ProtectHome = true;
-      };
-    };
-  };
+  imports = [
+    (removed "enable" ''
+       rngd is not necessary for any device that the kernel recognises
+       as an hardware RNG, as it will automatically run the krngd task
+       to periodically collect random data from the device and mix it
+       into the kernel's RNG.
+    '')
+    (removed "debug"
+      "The rngd module was removed, so its debug option does nothing.")
+  ];
 }

From c8dcbfc0478796ae7fd592eafa72ba90bba1656d Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@mur.at>
Date: Sun, 21 Feb 2021 01:33:50 +0100
Subject: [PATCH 13/25] nixos/swap: Remove dependency on rngd (module removed)

---
 nixos/modules/config/swap.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix
index 4bb66e9b514..59bc9e9d11e 100644
--- a/nixos/modules/config/swap.nix
+++ b/nixos/modules/config/swap.nix
@@ -185,8 +185,6 @@ in
           { description = "Initialisation of swap device ${sw.device}";
             wantedBy = [ "${realDevice'}.swap" ];
             before = [ "${realDevice'}.swap" ];
-            # If swap is encrypted, depending on rngd resolves a possible entropy starvation during boot
-            after = mkIf (config.security.rngd.enable && sw.randomEncryption.enable) [ "rngd.service" ];
             path = [ pkgs.util-linux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
 
             script =

From d7c15d0eece59a3cf779ac9fa871c7f88f27cf9d Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@mur.at>
Date: Sun, 21 Feb 2021 01:34:56 +0100
Subject: [PATCH 14/25] nixos/hyperv-guest: rngd was removed, no need to
 disable it

---
 nixos/modules/virtualisation/hyperv-guest.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nixos/modules/virtualisation/hyperv-guest.nix b/nixos/modules/virtualisation/hyperv-guest.nix
index 105224b8964..a3656c307f9 100644
--- a/nixos/modules/virtualisation/hyperv-guest.nix
+++ b/nixos/modules/virtualisation/hyperv-guest.nix
@@ -40,8 +40,6 @@ in {
 
     environment.systemPackages = [ config.boot.kernelPackages.hyperv-daemons.bin ];
 
-    security.rngd.enable = false;
-
     # enable hotadding cpu/memory
     services.udev.packages = lib.singleton (pkgs.writeTextFile {
       name = "hyperv-cpu-and-memory-hotadd-udev-rules";

From 16b6c4b2d7b0bb5e64492daf4e9adc185bbcf48d Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@mur.at>
Date: Sun, 21 Feb 2021 01:37:18 +0100
Subject: [PATCH 15/25] nixos/manual/virtualbox-guest: Remove mentions of rngd

---
 .../manual/installation/installing-virtualbox-guest.xml    | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/nixos/doc/manual/installation/installing-virtualbox-guest.xml b/nixos/doc/manual/installation/installing-virtualbox-guest.xml
index 4957b700946..019e5098a8e 100644
--- a/nixos/doc/manual/installation/installing-virtualbox-guest.xml
+++ b/nixos/doc/manual/installation/installing-virtualbox-guest.xml
@@ -83,17 +83,12 @@
   VirtualBox settings (Machine / Settings / Shared Folders, then click on the
   "Add" icon). Add the following to the
   <literal>/etc/nixos/configuration.nix</literal> to auto-mount them. If you do
-  not add <literal>"nofail"</literal>, the system will not boot properly. The
-  same goes for disabling <literal>rngd</literal> which is normally used to get
-  randomness but this does not work in virtual machines.
+  not add <literal>"nofail"</literal>, the system will not boot properly.
  </para>
 
 <programlisting>
 { config, pkgs, ...} :
 {
-  security.rngd.enable = false; // otherwise vm will not boot
-  ...
-
   fileSystems."/virtualboxshare" = {
     fsType = "vboxsf";
     device = "nameofthesharedfolder";

From 0ea8d5c004fb742907d1b656b3c3c45451d517f7 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sun, 21 Feb 2021 05:25:30 +0000
Subject: [PATCH 16/25] terrascan: 1.3.2 -> 1.3.3

---
 pkgs/tools/security/terrascan/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/tools/security/terrascan/default.nix b/pkgs/tools/security/terrascan/default.nix
index b37273aeb1d..ab4a7197647 100644
--- a/pkgs/tools/security/terrascan/default.nix
+++ b/pkgs/tools/security/terrascan/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "terrascan";
-  version = "1.3.2";
+  version = "1.3.3";
 
   src = fetchFromGitHub {
     owner = "accurics";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-RZFh9RVU8RwtLGIP7OWnf0yNsXfElqWSXieljqp8ahU=";
+    sha256 = "sha256-mPd4HsWbPUNJTUNjQ5zQztoXZy2b9iLksdGKAjp0A58=";
   };
 
-  vendorSha256 = "sha256-Ya/33ocPhY5OSnCEyULsOIHaxwb1yNEle3JEYo/7/Yk=";
+  vendorSha256 = "sha256-eNQTJHqOCOTAPO+vil6rkV9bNWZIdXxGQPE4IpETFtA=";
 
   # tests want to download a vulnerable Terraform project
   doCheck = false;

From a6912010d272e2c1309ba39f5104025a70fbbc02 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sun, 21 Feb 2021 06:56:03 +0000
Subject: [PATCH 17/25] yq-go: 4.5.0 -> 4.6.0

---
 pkgs/development/tools/yq-go/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/tools/yq-go/default.nix b/pkgs/development/tools/yq-go/default.nix
index 0a300ca82e2..955bc35c5ab 100644
--- a/pkgs/development/tools/yq-go/default.nix
+++ b/pkgs/development/tools/yq-go/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "yq-go";
-  version = "4.5.0";
+  version = "4.6.0";
 
   src = fetchFromGitHub {
     owner = "mikefarah";
     rev = "v${version}";
     repo = "yq";
-    sha256 = "sha256-ehr9mCUbwQQSLR0iYoiJ3Xvgu+7Ue9Xvru9kAUkPCuQ=";
+    sha256 = "sha256-9D00I34pfoiI5cqXjsVLTT6XbFUYxgGit0ZuYeWSEyE=";
   };
 
-  vendorSha256 = "sha256-CUELy6ajaoVzomY5lMen24DFJke3IyFzqWYyF7sws5g=";
+  vendorSha256 = "sha256-66ccHSKpl6yB/NVhZ1X0dv4wnGCJAMvZhpKu2vF+QT4=";
 
   doCheck = false;
 

From 2e73ee0c4fdf1ac5a3e88d10327abafba7df4279 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sun, 21 Feb 2021 08:02:12 +0000
Subject: [PATCH 18/25] bdf2psf: 1.200 -> 1.201

---
 pkgs/tools/misc/bdf2psf/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/misc/bdf2psf/default.nix b/pkgs/tools/misc/bdf2psf/default.nix
index ff14f2d1a4e..9da0933f94b 100644
--- a/pkgs/tools/misc/bdf2psf/default.nix
+++ b/pkgs/tools/misc/bdf2psf/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bdf2psf";
-  version = "1.200";
+  version = "1.201";
 
   src = fetchurl {
     url = "mirror://debian/pool/main/c/console-setup/bdf2psf_${version}_all.deb";
-    sha256 = "07z686h2fv9b3446fcym0sfzxwgkm9cc4bd3zhpv6j8bdfadnjxw";
+    sha256 = "sha256-XVaROIxyNBBFoXf+K1mv4mW8wWozqMcs1cgaWj8L8Q0=";
   };
 
   nativeBuildInputs = [ dpkg ];

From 95a9e43a3d2c3fa2ddc978996325490d102fc6c4 Mon Sep 17 00:00:00 2001
From: Eduardo Quiros <eduardo@eduardoquiros.com>
Date: Sun, 21 Feb 2021 02:04:49 -0600
Subject: [PATCH 19/25] swappy: 1.3.0 -> 1.3.1

---
 pkgs/applications/misc/swappy/default.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkgs/applications/misc/swappy/default.nix b/pkgs/applications/misc/swappy/default.nix
index 58dede64894..a83bd8a5ce1 100644
--- a/pkgs/applications/misc/swappy/default.nix
+++ b/pkgs/applications/misc/swappy/default.nix
@@ -1,4 +1,6 @@
-{ lib, stdenv, fetchFromGitHub
+{ lib
+, stdenv
+, fetchFromGitHub
 , meson
 , ninja
 , wayland
@@ -13,13 +15,13 @@
 
 stdenv.mkDerivation rec {
   pname = "swappy";
-  version = "1.3.0";
+  version = "1.3.1";
 
   src = fetchFromGitHub {
     owner = "jtheoof";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1bm184fbzylymh4kr7n8gy9plsdxif8xahc1zmkgdg1a0kwgws2x";
+    sha256 = "12z643c7vzffhjsxaz1lak99i4nwm688pha0hh4pg69jf5wz5xx3";
   };
 
   nativeBuildInputs = [ glib meson ninja pkg-config scdoc ];

From cdb97ba52397fc059f47758d4dc8311fe044f44f Mon Sep 17 00:00:00 2001
From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org>
Date: Sat, 20 Feb 2021 13:09:34 +0100
Subject: [PATCH 20/25] ocamlPackages.ocamlmod: disable tests if ounit is not
 available

When we redid ounit and ounit2, the minimumOCamlVersion was also pushed
to OCaml 4.04. ocamlmod builds on earlier versions as well, but doesn't
evaluate if we pull in ounit.

Therefore we conditionally disable tests for OCaml < 4.04 which means
for example oasis is available for those versions again as well.
---
 pkgs/development/tools/ocaml/ocamlmod/default.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/tools/ocaml/ocamlmod/default.nix b/pkgs/development/tools/ocaml/ocamlmod/default.nix
index 77d39029551..cf24a132210 100644
--- a/pkgs/development/tools/ocaml/ocamlmod/default.nix
+++ b/pkgs/development/tools/ocaml/ocamlmod/default.nix
@@ -1,5 +1,10 @@
 { lib, stdenv, fetchurl, ocaml, findlib, ocamlbuild, ounit }:
 
+let
+  # ounit is only available for OCaml >= 4.04
+  doCheck = lib.versionAtLeast ocaml.version "4.04";
+in
+
 stdenv.mkDerivation {
   pname = "ocamlmod";
   version = "0.0.9";
@@ -9,13 +14,15 @@ stdenv.mkDerivation {
     sha256 = "0cgp9qqrq7ayyhddrmqmq1affvfqcn722qiakjq4dkywvp67h4aa";
   };
 
-  buildInputs = [ ocaml findlib ocamlbuild ounit ];
+  buildInputs = [ ocaml findlib ocamlbuild ];
 
-  configurePhase = "ocaml setup.ml -configure --prefix $out --enable-tests";
+  configurePhase = "ocaml setup.ml -configure --prefix $out"
+    + lib.optionalString doCheck " --enable-tests";
   buildPhase     = "ocaml setup.ml -build";
   installPhase   = "ocaml setup.ml -install";
 
-  doCheck = true;
+  inherit doCheck;
+  checkInputs = [ ounit ];
 
   checkPhase = "ocaml setup.ml -test";
 

From 8625e975bd503ba53c2afa6ed24df6b497f629d2 Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Sun, 21 Feb 2021 10:12:54 +0100
Subject: [PATCH 21/25] powerline-go: update meta

---
 pkgs/tools/misc/powerline-go/default.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/misc/powerline-go/default.nix b/pkgs/tools/misc/powerline-go/default.nix
index a4ee216288f..355c8a8ac08 100644
--- a/pkgs/tools/misc/powerline-go/default.nix
+++ b/pkgs/tools/misc/powerline-go/default.nix
@@ -1,4 +1,7 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
 
 buildGoModule rec {
   pname = "powerline-go";
@@ -17,7 +20,9 @@ buildGoModule rec {
 
   meta = with lib; {
     description = "A Powerline like prompt for Bash, ZSH and Fish";
-    license = licenses.gpl3;
+    homepage = "https://github.com/justjanne/powerline-go";
+    changelog = "https://github.com/justjanne/powerline-go/releases/tag/v${version}";
+    license = licenses.gpl3Plus;
     platforms = platforms.unix;
     maintainers = with maintainers; [ sifmelcara ];
   };

From 5513025855ea6fd5dc8d48572eca5c03d4723682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 3 Feb 2021 23:49:26 +0100
Subject: [PATCH 22/25] swappy: add wrapGappsHook

---
 pkgs/applications/misc/swappy/default.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/misc/swappy/default.nix b/pkgs/applications/misc/swappy/default.nix
index a83bd8a5ce1..69d7836e762 100644
--- a/pkgs/applications/misc/swappy/default.nix
+++ b/pkgs/applications/misc/swappy/default.nix
@@ -11,6 +11,8 @@
 , scdoc
 , libnotify
 , glib
+, wrapGAppsHook
+, hicolor-icon-theme
 }:
 
 stdenv.mkDerivation rec {
@@ -24,9 +26,11 @@ stdenv.mkDerivation rec {
     sha256 = "12z643c7vzffhjsxaz1lak99i4nwm688pha0hh4pg69jf5wz5xx3";
   };
 
-  nativeBuildInputs = [ glib meson ninja pkg-config scdoc ];
+  nativeBuildInputs = [ glib meson ninja pkg-config scdoc wrapGAppsHook ];
 
-  buildInputs = [ cairo pango gtk libnotify wayland glib ];
+  buildInputs = [
+    cairo pango gtk libnotify wayland glib hicolor-icon-theme
+  ];
 
   strictDeps = true;
 

From 85b236e54a446ea136ca539c7bb3b36591e4cc08 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Sun, 21 Feb 2021 11:08:32 +0100
Subject: [PATCH 23/25] bdf2psf: fix license, run pre/post hooks

---
 pkgs/tools/misc/bdf2psf/default.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/misc/bdf2psf/default.nix b/pkgs/tools/misc/bdf2psf/default.nix
index 9da0933f94b..1a782661466 100644
--- a/pkgs/tools/misc/bdf2psf/default.nix
+++ b/pkgs/tools/misc/bdf2psf/default.nix
@@ -14,10 +14,16 @@ stdenv.mkDerivation rec {
   dontConfigure = true;
   dontBuild = true;
 
-  unpackPhase = "dpkg-deb -x $src .";
+  unpackPhase = ''
+    runHook preUnpack
+    dpkg-deb -x $src .
+    runHook postUnpack
+  '';
   installPhase = "
+    runHook preInstall
     substituteInPlace usr/bin/bdf2psf --replace /usr/bin/perl ${perl}/bin/perl
     mv usr $out
+    runHook postInstall
   ";
 
   meta = with lib; {
@@ -26,7 +32,7 @@ stdenv.mkDerivation rec {
     longDescription = ''
       Font converter to generate console fonts from BDF source fonts
     '';
-    license = licenses.gpl2;
+    license = licenses.gpl2Plus;
     maintainers = with maintainers; [ rnhmjoj vrthra ];
     platforms = platforms.unix;
   };

From 3c88820235fdd63f10d87eb120bd16fb2c7f7a96 Mon Sep 17 00:00:00 2001
From: WORLDofPEACE <worldofpeace@protonmail.ch>
Date: Sun, 21 Feb 2021 07:09:13 -0500
Subject: [PATCH 24/25] rl-2105: rngd

---
 nixos/doc/manual/release-notes/rl-2105.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 9894ab02500..9e7ea70b9e7 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -509,6 +509,15 @@ self: super:
      <varname>services.flashpolicyd</varname> module.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      The <literal>security.rngd</literal> module has been removed.
+      It was disabled by default in 20.09 as it was functionally redundent
+      with krngd in the linux kernel. It is not necessary for any device that the kernel recognises
+      as an hardware RNG, as it will automatically run the krngd task to periodically collect random
+      data from the device and mix it into the kernel's RNG.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 

From e3d3643f1b26db3bb9892d7b6e433889ce8c5e60 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sun, 21 Feb 2021 13:14:55 +0100
Subject: [PATCH 25/25] nixos/release-notes/rl-2105.xml: fix typo

---
 nixos/doc/manual/release-notes/rl-2105.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index 9e7ea70b9e7..ca4b468e355 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -512,7 +512,7 @@ self: super:
    <listitem>
     <para>
       The <literal>security.rngd</literal> module has been removed.
-      It was disabled by default in 20.09 as it was functionally redundent
+      It was disabled by default in 20.09 as it was functionally redundant
       with krngd in the linux kernel. It is not necessary for any device that the kernel recognises
       as an hardware RNG, as it will automatically run the krngd task to periodically collect random
       data from the device and mix it into the kernel's RNG.