Merge remote-tracking branch 'upstream/master' into hardened-stdenv

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,7 +1,10 @@
 ###### Things done:
 
 - [ ] Tested using sandboxing (`nix-build --option build-use-chroot true` or [nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS)
-- [ ] Built on platform(s): NixOS / OSX / Linux
+- Built on platform(s)
+   - [ ] NixOS
+   - [ ] OS X
+   - [ ] Linux
 - [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nox --run "nox-review wip"`
 - [ ] Tested execution of all binary files (usually in `./result/bin/`)
 - [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md).

default.nix

@@ -6,4 +6,4 @@ if ! builtins ? nixVersion || builtins.compareVersions requiredVersion builtins.
 
 else
 
-  import ./pkgs/top-level/all-packages.nix
+  import ./pkgs/top-level

doc/languages-frameworks/index.xml

@@ -23,22 +23,8 @@ such as Perl or Haskell.  These are described in this chapter.</para>
 <xi:include href="idris.xml" /> <!-- generated from ../../pkgs/development/idris-modules/README.md  -->
 <xi:include href="r.xml" /> <!-- generated from ../../pkgs/development/r-modules/README.md  -->
 <xi:include href="qt.xml" />
-
+<xi:include href="texlive.xml" />
-
-<!--
-<section><title>Haskell</title>
-
-<para>TODO</para>
-
-</section>
-
-
-<section><title>TeX / LaTeX</title>
-
-<para>* Special support for building TeX documents</para>
-
-</section>
--->
 
 
 </chapter>
+

doc/languages-frameworks/ruby.xml

@@ -12,25 +12,26 @@
 <screen>
 <![CDATA[$ cd pkgs/servers/monitoring
 $ mkdir sensu
+$ cd sensu
 $ cat > Gemfile
 source 'https://rubygems.org'
 gem 'sensu'
-$ bundler package --path /tmp/vendor/bundle
+$ nix-shell -p bundler --command "bundler package --path /tmp/vendor/bundle"
 $ $(nix-build '<nixpkgs>' -A bundix)/bin/bundix
 $ cat > default.nix
 { lib, bundlerEnv, ruby }:
 
-bundlerEnv {
+bundlerEnv rec {
-  name = "sensu-0.17.1";
+  name = "sensu-${version}";
 
+  version = (import gemset).sensu.version;
   inherit ruby;
   gemfile = ./Gemfile;
   lockfile = ./Gemfile.lock;
   gemset = ./gemset.nix;
 
   meta = with lib; {
-    description = "A monitoring framework that aims to be simple, malleable,
+    description = "A monitoring framework that aims to be simple, malleable, and scalable";
-and scalable.";
     homepage    = http://sensuapp.org/;
     license     = with licenses; mit;
     maintainers = with maintainers; [ theuni ];

doc/languages-frameworks/texlive.xml

@@ -0,0 +1,59 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-language-texlive">
+
+<title>TeX Live</title>
+
+<para>Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute <varname>texlive</varname>.</para>
+<section><title>User's guide</title>
+  <itemizedlist>
+    <listitem><para>
+      For basic usage just pull <varname>texlive.combined.scheme-basic</varname> for an environment with basic LaTeX support.</para></listitem>
+    <listitem><para>
+      It typically won't work to use separately installed packages together.
+      Instead, you can build a custom set of packages like this:
+      <programlisting>
+texlive.combine {
+  inherit (texlive) scheme-small collection-langkorean algorithms cm-super;
+}
+      </programlisting>
+      There are all the schemes, collections and a few thousand packages, as defined upstream (perhaps with tiny differences).
+    </para></listitem>
+    <listitem><para>
+      By default you only get executables and files needed during runtime, and a little documentation for the core packages.  To change that, you need to add <varname>pkgFilter</varname> function to <varname>combine</varname>.
+      <programlisting>
+texlive.combine {
+  # inherit (texlive) whatever-you-want;
+  pkgFilter = pkg:
+    pkg.tlType == "run" || pkg.tlType == "bin" || pkg.pname == "cm-super";
+  # elem tlType [ "run" "bin" "doc" "source" ]
+  # there are also other attributes: version, name
+}
+      </programlisting>
+    </para></listitem>
+    <listitem><para>
+      You can list packages e.g. by <command>nix-repl</command>.
+      <programlisting>
+$ nix-repl
+nix-repl> texlive.collection-&lt;TAB>
+      </programlisting>
+    </para></listitem>
+  </itemizedlist>
+</section>
+
+<section><title>Known problems</title>
+  <itemizedlist>
+    <listitem><para>
+      Some tools are still missing, e.g. luajittex;</para></listitem>
+    <listitem><para>
+      some apps aren't packaged/tested yet (asymptote, biber, etc.);</para></listitem>
+    <listitem><para>
+      feature/bug: when a package is rejected by <varname>pkgFilter</varname>, its dependencies are still propagated;</para></listitem>
+    <listitem><para>
+      in case of any bugs or feature requests, file a github issue or better a pull request and /cc @vcunat.</para></listitem>
+  </itemizedlist>
+</section>
+
+
+</section>
+

lib/maintainers.nix

@@ -12,6 +12,7 @@
   abbradar = "Nikolay Amiantov <ab@fmap.me>";
   aboseley = "Adam Boseley <adam.boseley@gmail.com>";
   adev = "Adrien Devresse <adev@adev.name>";
+  Adjective-Object = "Maxwell Huang-Hobbs <mhuan13@gmail.com>";
   aespinosa = "Allan Espinosa <allan.espinosa@outlook.com>";
   aflatter = "Alexander Flatter <flatter@fastmail.fm>";
   aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
@@ -59,6 +60,7 @@
   bodil = "Bodil Stokke <nix@bodil.org>";
   boothead = "Ben Ford <ben@perurbis.com>";
   bosu = "Boris Sukholitko <boriss@gmail.com>";
+  bradediger = "Brad Ediger <brad@bradediger.com>";
   bramd = "Bram Duvigneau <bram@bramd.nl>";
   bstrik = "Berno Strik <dutchman55@gmx.com>";
   bzizou = "Bruno Bzeznik <Bruno@bzizou.net>";
@@ -250,6 +252,7 @@
   olcai = "Erik Timan <dev@timan.info>";
   orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
   osener = "Ozan Sener <ozan@ozansener.com>";
+  otwieracz = "Slawomir Gonet <slawek@otwiera.cz>";
   oxij = "Jan Malakhovski <oxij@oxij.org>";
   page = "Carles Pagès <page@cubata.homelinux.net>";
   paholg = "Paho Lurie-Gregg <paho@paholg.com>";
@@ -257,6 +260,7 @@
   palo = "Ingolf Wanger <palipalo9@googlemail.com>";
   pashev = "Igor Pashev <pashev.igor@gmail.com>";
   pesterhazy = "Paulus Esterhazy <pesterhazy@gmail.com>";
+  peterhoeg = "Peter Hoeg <peter@hoeg.com>";
   philandstuff = "Philip Potter <philip.g.potter@gmail.com>";
   phile314 = "Philipp Hausmann <nix@314.ch>";
   Phlogistique = "Noé Rubinstein <noe.rubinstein@gmail.com>";
@@ -275,6 +279,7 @@
   psibi = "Sibi <sibi@psibi.in>";
   pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
   puffnfresh = "Brian McKenna <brian@brianmckenna.org>";
+  pxc = "Patrick Callahan <patrick.callahan@latitudeengineering.com>";
   qknight = "Joachim Schiele <js@lastlog.de>";
   ragge = "Ragnar Dahlen <r.dahlen@gmail.com>";
   raskin = "Michael Raskin <7c6f434c@mail.ru>";
@@ -295,6 +300,7 @@
   rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";
   rvl = "Rodney Lorrimar <dev+nix@rodney.id.au>";
   rvlander = "Gaëtan André <rvlander@gaetanandre.eu>";
+  ryanartecona = "Ryan Artecona <ryanartecona@gmail.com>";
   ryantm = "Ryan Mulligan <ryan@ryantm.com>";
   rycee = "Robert Helgesson <robert@rycee.net>";
   samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
@@ -346,6 +352,7 @@
   tv = "Tomislav Viljetić <tv@shackspace.de>";
   tvestelind = "Tomas Vestelind <tomas.vestelind@fripost.org>";
   twey = "James ‘Twey’ Kay <twey@twey.co.uk>";
+  uralbash = "Svintsov Dmitry <root@uralbash.ru>";
   urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
   vandenoever = "Jos van den Oever <jos@vandenoever.info>";
   vanzef = "Ivan Solyankin <vanzef@gmail.com>";

nixos/doc/manual/default.nix

@@ -187,6 +187,7 @@ in rec {
         --param man.output.in.separate.dir 1 \
         --param man.output.base.dir "'$out/share/man/'" \
         --param man.endnotes.are.numbered 0 \
+        --param man.break.after.slash 1 \
         ${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
         ./man-pages.xml
     '';

nixos/doc/manual/release-notes/rl-1603.xml

@@ -262,6 +262,18 @@ services.syncthing = {
     </programlisting>
   </listitem>
 
+  <listitem>
+    <para>
+      <literal>networking.firewall.allowPing</literal> is now enabled by
+      default. Users are encourarged to configure an approiate rate limit for
+      their machines using the Kernel interface at
+      <filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and
+      <filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the
+      firewall itself, i.e. by setting the NixOS option
+      <literal>networking.firewall.pingLimit</literal>.
+    </para>
+  </listitem>
+
 </itemizedlist>
 
 

nixos/lib/make-disk-image.nix

@@ -22,12 +22,13 @@
 , # Shell code executed after the VM has finished.
   postVM ? ""
 
+, name ? "nixos-disk-image"
 }:
 
 with lib;
 
 pkgs.vmTools.runInLinuxVM (
-  pkgs.runCommand "nixos-disk-image"
+  pkgs.runCommand name
     { preVM =
         ''
           mkdir $out

nixos/lib/make-iso9660-image.nix

@@ -39,7 +39,6 @@
 
 , # The volume ID.
   volumeID ? ""
-
 }:
 
 assert bootable -> bootImage != "";
@@ -47,7 +46,7 @@ assert efiBootable -> efiBootImage != "";
 assert usbBootable -> isohybridMbrImage != "";
 
 stdenv.mkDerivation {
-  name = "iso9660-image";
+  name = isoName;
   builder = ./make-iso9660-image.sh;
   buildInputs = [perl xorriso syslinux];
 

nixos/lib/make-iso9660-image.sh

@@ -133,3 +133,4 @@ fi
 
 mkdir -p $out/nix-support
 echo $system > $out/nix-support/system
+echo "file iso $out/iso/$isoName" >> $out/nix-support/hydra-build-products

nixos/modules/hardware/opengl.nix

@@ -103,7 +103,7 @@ in
     hardware.opengl.extraPackages32 = mkOption {
       type = types.listOf types.package;
       default = [];
-      example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
+      example = literalExample "with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]";
       description = ''
         Additional packages to add to 32-bit OpenGL drivers on
         64-bit systems. Used when <option>driSupport32Bit</option> is

nixos/modules/misc/ids.nix

@@ -176,7 +176,6 @@
       seeks = 148;
       prosody = 149;
       i2pd = 150;
-      dnscrypt-proxy = 151;
       systemd-network = 152;
       systemd-resolve = 153;
       systemd-timesync = 154;
@@ -255,6 +254,9 @@
       avahi-autoipd = 231;
       nntp-proxy = 232;
       mjpg-streamer = 233;
+      radicale = 234;
+      hydra-queue-runner = 235;
+      hydra-www = 236;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -411,7 +413,6 @@
       seeks = 148;
       prosody = 149;
       i2pd = 150;
-      dnscrypt-proxy = 151;
       systemd-network = 152;
       systemd-resolve = 153;
       systemd-timesync = 154;
@@ -483,6 +484,7 @@
       cfdyndns = 227;
       pdnsd = 229;
       octoprint = 230;
+      radicale = 234;
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal

nixos/modules/module-list.nix

@@ -114,6 +114,7 @@
   ./services/backup/rsnapshot.nix
   ./services/backup/sitecopy-backup.nix
   ./services/backup/tarsnap.nix
+  ./services/backup/znapzend.nix
   ./services/cluster/fleet.nix
   ./services/cluster/kubernetes.nix
   ./services/cluster/panamax.nix

nixos/modules/profiles/base.nix

@@ -17,7 +17,6 @@
     pkgs.ddrescue
     pkgs.ccrypt
     pkgs.cryptsetup # needed for dm-crypt volumes
-    pkgs.which # 88K size
 
     # Some networking tools.
     pkgs.fuse

nixos/modules/programs/bash/bash.nix

@@ -56,7 +56,7 @@ in
       */
 
       shellAliases = mkOption {
-        default = config.environment.shellAliases;
+        default = config.environment.shellAliases // { which = "type -P"; };
         description = ''
           Set of aliases for bash shell. See <option>environment.shellAliases</option>
           for an option format description.

nixos/modules/programs/virtualbox.nix

@@ -1,8 +1,8 @@
 let
   msg = "Importing <nixpkgs/nixos/modules/programs/virtualbox.nix> is "
-      + "deprecated, please use `services.virtualboxHost.enable = true' "
+      + "deprecated, please use `virtualisation.virtualbox.host.enable = true' "
       + "instead.";
 in {
   config.warnings = [ msg ];
-  config.services.virtualboxHost.enable = true;
+  config.virtualisation.virtualbox.host.enable = true;
 }

nixos/modules/rename.nix

@@ -111,6 +111,7 @@ with lib;
     (mkRemovedOptionModule [ "services" "openvpn" "enable" ])
     (mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ])
     (mkRemovedOptionModule [ "services" "printing" "cupsdConf" ])
+    (mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ])
 
   ];
 }

nixos/modules/services/backup/crashplan.nix

@@ -48,6 +48,14 @@ with lib;
         ensureDir ${crashplan.vardir}/cache 700
         ensureDir ${crashplan.vardir}/backupArchives 700
         ensureDir ${crashplan.vardir}/log 777
+        cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
+        for x in app.asar bin EULA.txt install.vars lang lib libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libmd564.so libmd5.so share skin upgrade; do
+          if [ -e $x ]; then
+            true;
+          else
+            ln -s ${crashplan}/$x ${crashplan.vardir}/$x;
+          fi;
+        done
       '';
 
       serviceConfig = {

nixos/modules/services/backup/znapzend.nix

@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.znapzend;
+in
+{
+  options = {
+    services.znapzend = {
+      enable = mkEnableOption "ZnapZend daemon";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.znapzend ];
+
+    systemd.services = {
+      "znapzend" = {
+        description = "ZnapZend - ZFS Backup System";
+        after       = [ "zfs.target" ];
+
+        path = with pkgs; [ znapzend zfs mbuffer openssh ];
+
+        script = ''
+          znapzend
+        '';
+
+        reload = ''
+          /bin/kill -HUP $MAINPID
+        '';
+      };
+    };
+
+  };
+}

nixos/modules/services/mail/dovecot.nix

@@ -98,8 +98,8 @@ in
 
     package = mkOption {
       type = types.package;
-      default = pkgs.dovecot22;
+      default = pkgs.dovecot;
-      defaultText = "pkgs.dovecot22";
+      defaultText = "pkgs.dovecot";
       description = "Dovecot package to use.";
     };
 

nixos/modules/services/mail/dspam.nix

@@ -104,6 +104,7 @@ in {
       systemd.services.dspam = {
         description = "dspam spam filtering daemon";
         wantedBy = [ "multi-user.target" ];
+        after = [ "postgresql.service" ];
         restartTriggers = [ cfgfile ];
 
         serviceConfig = {
@@ -114,7 +115,7 @@ in {
           RuntimeDirectoryMode = optional (cfg.domainSocket == defaultSock) "0750";
           PermissionsStartOnly = true;
           # DSPAM segfaults on just about every error
-          Restart = "on-failure";
+          Restart = "on-abort";
           RestartSec = "1s";
         };
 

nixos/modules/services/mail/mail.nix

@@ -12,9 +12,9 @@ with lib;
 
       sendmailSetuidWrapper = mkOption {
         default = null;
+        internal = true;
         description = ''
-          Configuration for the sendmail setuid wrwapper (like an element of
+          Configuration for the sendmail setuid wapper.
-          security.setuidOwners)";
         '';
       };
 

nixos/modules/services/misc/etcd.nix

@@ -114,6 +114,7 @@ in {
       }) // (mapAttrs' (n: v: nameValuePair "ETCD_${n}" v) cfg.extraConf);
 
       serviceConfig = {
+        Type = "notify";
         ExecStart = "${pkgs.etcd}/bin/etcd";
         User = "etcd";
         PermissionsStartOnly = true;

nixos/modules/services/misc/gitlab.nix

@@ -206,12 +206,6 @@ in {
         description = "Gitlab database user.";
       };
 
-      emailFrom = mkOption {
-        type = types.str;
-        default = "example@example.org";
-        description = "The source address for emails sent by gitlab.";
-      };
-
       host = mkOption {
         type = types.str;
         default = config.networking.hostName;

nixos/modules/services/misc/nix-daemon.nix

@@ -39,7 +39,7 @@ let
         build-users-group = nixbld
         build-max-jobs = ${toString (cfg.maxJobs)}
         build-cores = ${toString (cfg.buildCores)}
-        build-use-chroot = ${if cfg.useChroot then "true" else "false"}
+        build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot}
         build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
         binary-caches = ${toString cfg.binaryCaches}
         trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
@@ -99,7 +99,7 @@ in
       };
 
       useChroot = mkOption {
-        type = types.bool;
+        type = types.either types.bool (types.enum ["relaxed"]);
         default = false;
         description = "
           If set, Nix will perform builds in a chroot-environment that it

nixos/modules/services/networking/dnscrypt-proxy.nix

@@ -5,13 +5,17 @@ let
   apparmorEnabled = config.security.apparmor.enable;
   dnscrypt-proxy = pkgs.dnscrypt-proxy;
   cfg = config.services.dnscrypt-proxy;
+
   resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv";
   localAddress = "${cfg.localAddress}:${toString cfg.localPort}";
+
   daemonArgs =
     [ "--local-address=${localAddress}"
       (optionalString cfg.tcpOnly "--tcp-only")
+      (optionalString cfg.ephemeralKeys "-E")
     ]
     ++ resolverArgs;
+
   resolverArgs = if (cfg.customResolver != null)
     then
       [ "--resolver-address=${cfg.customResolver.address}:${toString cfg.customResolver.port}"
@@ -27,43 +31,63 @@ in
 {
   options = {
     services.dnscrypt-proxy = {
-      enable = mkEnableOption ''
+      enable = mkEnableOption "dnscrypt-proxy" // { description = ''
-        Enable dnscrypt-proxy. The proxy relays regular DNS queries to a
+        Whether to enable the DNSCrypt client proxy. The proxy relays
-        DNSCrypt enabled upstream resolver. The traffic between the
+        DNS queries to a DNSCrypt enabled upstream resolver. The traffic
-        client and the upstream resolver is encrypted and authenticated,
+        between the client and the upstream resolver is encrypted and
-        which may mitigate the risk of MITM attacks and third-party
+        authenticated, mitigating the risk of MITM attacks and third-party
         snooping (assuming the upstream is trustworthy).
-      '';
+
+        Enabling this option does not alter the system nameserver; to relay
+        local queries, prepend <literal>127.0.0.1</literal> to
+        <option>networking.nameservers</option>.
+
+        The recommended configuration is to run DNSCrypt proxy as a forwarder
+        for a caching DNS client, as in
+        <programlisting>
+        {
+          services.dnscrypt-proxy.enable = true;
+          services.dnscrypt-proxy.localPort = 43;
+          services.dnsmasq.enable = true;
+          services.dnsmasq.servers = [ "127.0.0.1#43" ];
+          services.dnsmasq.resolveLocalQueries = true; # this is the default
+        }
+        </programlisting>
+      ''; };
       localAddress = mkOption {
         default = "127.0.0.1";
         type = types.string;
         description = ''
-          Listen for DNS queries on this address.
+          Listen for DNS queries to relay on this address. The only reason to
+          change this from its default value is to proxy queries on behalf
+          of other machines (typically on the local network).
         '';
       };
       localPort = mkOption {
         default = 53;
         type = types.int;
         description = ''
-          Listen on this port.
+          Listen for DNS queries to relay on this port. The default value
+          assumes that the DNSCrypt proxy should relay DNS queries directly.
+          When running as a forwarder for another DNS client, set this option
+          to a different value; otherwise leave the default.
         '';
       };
       resolverName = mkOption {
-        default = "cisco";
+        default = "dnscrypt.eu-nl";
         type = types.nullOr types.string;
         description = ''
           The name of the upstream DNSCrypt resolver to use. See
-          <literal>${resolverListFile}</literal> for alternative resolvers
+          <filename>${resolverListFile}</filename> for alternative resolvers.
-          (e.g., if you are concerned about logging and/or server
+          The default resolver is located in Holland, supports DNS security
-          location).
+          extensions, and claims to not keep logs.
         '';
       };
       customResolver = mkOption {
         default = null;
         description = ''
-          Use a resolver not listed in the upstream list (e.g.,
+          Use an unlisted resolver (e.g., a private DNSCrypt provider). For
-          a private DNSCrypt provider). For advanced users only.
+          advanced users only. If specified, this option takes precedence.
-          If specified, this option takes precedence.
         '';
         type = types.nullOr (types.submodule ({ ... }: { options = {
           address = mkOption {
@@ -85,15 +109,26 @@ in
             type = types.str;
             description = "Provider public key";
             example = "B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79";
-         }; }; }));
+          };
+        }; }));
       };
       tcpOnly = mkOption {
         default = false;
         type = types.bool;
         description = ''
-          Force sending encrypted DNS queries to the upstream resolver
+          Force sending encrypted DNS queries to the upstream resolver over
-          over TCP instead of UDP (on port 443). Enabling this option may
+          TCP instead of UDP (on port 443). Use only if the UDP port is blocked.
-          help circumvent filtering, but should not be used otherwise.
+        '';
+      };
+      ephemeralKeys = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Compute a new key pair for every query.  Enabling this option
+          increases CPU usage, but makes it more difficult for the upstream
+          resolver to track your usage of their service across IP addresses.
+          The default is to re-use the public key pair for all queries, making
+          tracking trivial.
         '';
       };
     };
@@ -138,11 +173,12 @@ in
       }
     ''));
 
-    users.extraUsers.dnscrypt-proxy = {
+    users.users.dnscrypt-proxy = {
-      uid = config.ids.uids.dnscrypt-proxy;
       description = "dnscrypt-proxy daemon user";
+      isSystemUser = true;
+      group = "dnscrypt-proxy";
     };
-    users.extraGroups.dnscrypt-proxy.gid = config.ids.gids.dnscrypt-proxy;
+    users.groups.dnscrypt-proxy = {};
 
     systemd.sockets.dnscrypt-proxy = {
       description = "dnscrypt-proxy listening socket";
@@ -155,16 +191,21 @@ in
 
     systemd.services.dnscrypt-proxy = {
       description = "dnscrypt-proxy daemon";
+
       after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service";
       requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service";
+
       serviceConfig = {
         Type = "simple";
         NonBlocking = "true";
         ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}";
+
         User = "dnscrypt-proxy";
         Group = "dnscrypt-proxy";
+
         PrivateTmp = true;
         PrivateDevices = true;
+        ProtectHome = true;
       };
     };
   };

nixos/modules/services/networking/firewall.nix

@@ -338,7 +338,7 @@ in
     };
 
     networking.firewall.allowPing = mkOption {
-      default = false;
+      default = true;
       type = types.bool;
       description =
         ''

nixos/modules/services/networking/iodined.nix

@@ -64,8 +64,7 @@ in
 
     systemd.services.iodined = {
       description = "iodine, ip over dns daemon";
-      after = [ "network.target" ];
+      wantedBy = [ "ip-up.target" ];
-      wantedBy = [ "multi-user.target" ];
       serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}";
     };
 

nixos/modules/services/networking/radicale.nix

@@ -35,12 +35,27 @@ in
   config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.pythonPackages.radicale ];
 
+    users.extraUsers = singleton
+      { name = "radicale";
+        uid = config.ids.uids.radicale;
+        description = "radicale user";
+        home = "/var/lib/radicale";
+        createHome = true;
+      };
+
+    users.extraGroups = singleton
+      { name = "radicale";
+        gid = config.ids.gids.radicale;
+      };
+
     systemd.services.radicale = {
       description = "A Simple Calendar and Contact Server";
       after = [ "network-interfaces.target" ];
       wantedBy = [ "multi-user.target" ];
       script = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d";
       serviceConfig.Type = "forking";
+      serviceConfig.User = "radicale";
+      serviceConfig.Group = "radicale";
     };
   };
 }

nixos/modules/services/printing/cupsd.nix

@@ -311,7 +311,9 @@ in
               [ ! -e "/var/lib/cups/$i" ] && ln -s "${rootdir}/etc/cups/$i" "/var/lib/cups/$i"
             done
             ${optionalString cfg.gutenprint ''
-              ${gutenprint}/bin/cups-genppdupdate -p /etc/cups/ppd
+              if [ -d /var/lib/cups/ppd ]; then
+                ${gutenprint}/bin/cups-genppdupdate -p /var/lib/cups/ppd
+              fi
             ''}
           '';
       };

nixos/modules/services/web-servers/uwsgi.nix

@@ -32,17 +32,27 @@ let
         self = pythonPackages;
       };
 
-      json = builtins.toJSON {
+      penv = python.buildEnv.override {
+        extraLibs = (c.pythonPackages or (self: [])) pythonPackages;
+      };
+
+      uwsgiCfg = {
         uwsgi =
           if c.type == "normal"
             then {
               inherit plugins;
             } // removeAttrs c [ "type" "pythonPackages" ]
               // optionalAttrs (python != null) {
-                pythonpath = "@PYTHONPATH@";
+                pythonpath = "${penv}/${python.sitePackages}";
-                env = (c.env or {}) // {
+                env =
-                  PATH = optionalString (c ? env.PATH) "${c.env.PATH}:" + "@PATH@";
+                  # Argh, uwsgi expects list of key-values there instead of a dictionary.
-                };
+                  let env' = c.env or [];
+                      getPath =
+                        x: if hasPrefix "PATH=" x
+                           then substring (stringLength "PATH=") (stringLength x) x
+                           else null;
+                      oldPaths = filter (x: x != null) (map getPath env');
+                  in env' ++ [ "PATH=${optionalString (oldPaths != []) "${last oldPaths}:"}${penv}/bin" ];
               }
           else if c.type == "emperor"
             then {
@@ -55,35 +65,7 @@ let
           else throw "`type` attribute in UWSGI configuration should be either 'normal' or 'emperor'";
       };
 
-    in
+    in pkgs.writeTextDir "${name}.json" (builtins.toJSON uwsgiCfg);
-      if python == null || c.type != "normal"
-      then pkgs.writeTextDir "${name}.json" json
-      else pkgs.stdenv.mkDerivation {
-        name = "uwsgi-config";
-        inherit json;
-        passAsFile = [ "json" ];
-        nativeBuildInputs = [ pythonPackages.wrapPython ];
-        pythonInputs = (c.pythonPackages or (self: [])) pythonPackages;
-
-        buildCommand = ''
-          mkdir $out
-          declare -A pythonPathsSeen=()
-          program_PYTHONPATH=
-          program_PATH=
-          if [ -n "$pythonInputs" ]; then
-            for i in $pythonInputs; do
-              _addToPythonPath $i
-            done
-          fi
-          # A hack to replace "@PYTHONPATH@" with a JSON list
-          if [ -n "$program_PYTHONPATH" ]; then
-            program_PYTHONPATH="\"''${program_PYTHONPATH//:/\",\"}\""
-          fi
-          substitute $jsonPath $out/${name}.json \
-            --replace '"@PYTHONPATH@"' "[$program_PYTHONPATH]" \
-            --subst-var-by PATH "$program_PATH"
-        '';
-      };
 
 in {
 

nixos/modules/services/x11/display-managers/default.nix

@@ -49,17 +49,6 @@ let
         fi
       ''}
 
-      ${optionalString cfg.startGnuPGAgent ''
-        if test -z "$SSH_AUTH_SOCK"; then
-            # Restart this script as a child of the GnuPG agent.
-            exec "${pkgs.gnupg}/bin/gpg-agent"                         \
-              --enable-ssh-support --daemon                             \
-              --pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2"  \
-              --write-env-file "$HOME/.gpg-agent-info"                  \
-              "$0" "$sessionType"
-        fi
-      ''}
-
       # Handle being called by kdm.
       if test "''${1:0:1}" = /; then eval exec "$1"; fi
 

nixos/modules/services/x11/window-managers/default.nix

@@ -10,7 +10,6 @@ in
   imports = [
     ./afterstep.nix
     ./bspwm.nix
-    ./clfswm.nix
     ./compiz.nix
     ./dwm.nix
     ./exwm.nix

nixos/modules/services/x11/xserver.nix

@@ -160,7 +160,7 @@ in
           [ '''
               Identifier      "Trackpoint Wheel Emulation"
               MatchProduct    "ThinkPad USB Keyboard with TrackPoint"
-              Option          "EmulateWheel"          "true
+              Option          "EmulateWheel"          "true"
               Option          "EmulateWheelButton"    "2"
               Option          "Emulate3Buttons"       "false"
             '''
@@ -219,17 +219,6 @@ in
         '';
       };
 
-      startGnuPGAgent = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to start the GnuPG agent when you log in.  The GnuPG agent
-          remembers private keys for you so that you don't have to type in
-          passphrases every time you make an SSH connection or sign/encrypt
-          data.  Use <command>ssh-add</command> to add a key to the agent.
-        '';
-      };
-
       startDbusSession = mkOption {
         type = types.bool;
         default = true;
@@ -444,14 +433,7 @@ in
       in optional (driver != null) ({ inherit name; driverName = name; } // driver));
 
     assertions =
-      [ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent);
+      [ { assertion = config.security.polkit.enable;
-          message =
-            ''
-              The OpenSSH agent and GnuPG agent cannot be started both. Please
-              choose between ‘programs.ssh.startAgent’ and ‘services.xserver.startGnuPGAgent’.
-            '';
-        }
-        { assertion = config.security.polkit.enable;
           message = "X11 requires Polkit to be enabled (‘security.polkit.enable = true’).";
         }
       ];

nixos/modules/system/boot/coredump.nix

@@ -33,7 +33,8 @@ with lib;
 
   };
 
-  config = mkIf config.systemd.coredump.enable {
+  config = mkMerge [
+    (mkIf config.systemd.coredump.enable {
 
       environment.etc."systemd/coredump.conf".text =
         ''
@@ -45,7 +46,11 @@ with lib;
       # From systemd's 50-coredump.conf file. See:
       # <https://github.com/systemd/systemd/blob/v218/sysctl.d/50-coredump.conf.in>
       boot.kernel.sysctl."kernel.core_pattern" = "|${pkgs.systemd}/lib/systemd/systemd-coredump %p %u %g %s %t %e";
+    })
 
-  };
+    (mkIf (!config.systemd.coredump.enable) {
+      boot.kernel.sysctl."kernel.core_pattern" = mkDefault "core";
+    })
+  ];
 
 }

nixos/modules/tasks/network-interfaces.nix

@@ -882,10 +882,8 @@ in
       optionalString hasBonds "options bonding max_bonds=0";
 
     boot.kernel.sysctl = {
-      "net.net.ipv4.conf.all.promote_secondaries" = true;
       "net.ipv6.conf.all.disable_ipv6" = mkDefault (!cfg.enableIPv6);
       "net.ipv6.conf.default.disable_ipv6" = mkDefault (!cfg.enableIPv6);
-      "net.ipv4.conf.all_forwarding" = mkDefault (any (i: i.proxyARP) interfaces);
       "net.ipv6.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces);
     } // listToAttrs (concatLists (flip map (filter (i: i.proxyARP) interfaces)
         (i: flip map [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${i.name}.proxy_arp" true))

nixos/modules/virtualisation/virtualbox-image.nix

@@ -22,7 +22,9 @@ in {
 
   config = {
 
-    system.build.virtualBoxImage = import ../../lib/make-disk-image.nix {
+    system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix {
+      name = "nixos-ova-${config.system.nixosLabel}-${pkgs.stdenv.system}";
+
       inherit pkgs lib config;
       partitioned = true;
       diskSize = cfg.baseImageSize;
@@ -37,19 +39,13 @@ in {
       postVM =
         ''
           echo "creating VirtualBox disk image..."
-          ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
+          ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage disk.vdi
           rm $diskImage
-        '';
-    };
 
-    system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
-      { buildInputs = [ pkgs.linuxPackages.virtualbox ];
-        vmName = "NixOS ${config.system.nixosLabel} (${pkgs.stdenv.system})";
-        fileName = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.ova";
-      }
-      ''
           echo "creating VirtualBox VM..."
           export HOME=$PWD
+          export PATH=${pkgs.linuxPackages.virtualbox}/bin:$PATH
+          vmName="NixOS ${config.system.nixosLabel} (${pkgs.stdenv.system})"
           VBoxManage createvm --name "$vmName" --register \
             --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
           VBoxManage modifyvm "$vmName" \
@@ -61,12 +57,17 @@ in {
             --usb on --mouse usbtablet
           VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
           VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
-          --medium ${config.system.build.virtualBoxImage}/disk.vdi
+            --medium disk.vdi
 
           echo "exporting VirtualBox VM..."
           mkdir -p $out
-        VBoxManage export "$vmName" --output "$out/$fileName"
+          fn="$out/nixos-${config.system.nixosLabel}-${pkgs.stdenv.system}.ova"
+          VBoxManage export "$vmName" --output "$fn"
+
+          mkdir -p $out/nix-support
+          echo "file ova $fn" >> $out/nix-support/hydra-build-products
         '';
+    };
 
     fileSystems."/".device = "/dev/disk/by-label/nixos";
 

nixos/release-combined.nix

@@ -44,11 +44,11 @@ in rec {
         (all nixos.manual)
 
         (all nixos.iso_minimal)
-        (all nixos.iso_graphical)
+        nixos.iso_graphical.x86_64-linux
-        (all nixos.ova)
+        nixos.ova.x86_64-linux
 
         #(all nixos.tests.containers)
-        (all nixos.tests.chromium.stable)
+        #(all nixos.tests.chromium.stable)
         (all nixos.tests.firefox)
         (all nixos.tests.firewall)
         nixos.tests.gnome3.x86_64-linux # FIXME: i686-linux

nixos/release.nix

@@ -43,34 +43,14 @@ let
 
 
   makeIso =
-    { module, type, description ? type, maintainers ? ["eelco"], system }:
+    { module, type, maintainers ? ["eelco"], system }:
 
     with import nixpkgs { inherit system; };
 
-    let
+    hydraJob ((import lib/eval-config.nix {
-
-      config = (import lib/eval-config.nix {
       inherit system;
       modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
-      }).config;
+    }).config.system.build.isoImage);
-
-      iso = config.system.build.isoImage;
-
-    in
-      # Declare the ISO as a build product so that it shows up in Hydra.
-      hydraJob (runCommand "nixos-iso-${config.system.nixosVersion}"
-        { meta = {
-            description = "NixOS installation CD (${description}) - ISO image for ${system}";
-            maintainers = map (x: lib.maintainers.${x}) maintainers;
-          };
-          inherit iso;
-          passthru = { inherit config; };
-          preferLocalBuild = true;
-        }
-        ''
-          mkdir -p $out/nix-support
-          echo "file iso" $iso/iso/*.iso* >> $out/nix-support/hydra-build-products
-        ''); # */
 
 
   makeSystemTarball =
@@ -130,7 +110,7 @@ in rec {
     inherit system;
   });
 
-  iso_graphical = forAllSystems (system: makeIso {
+  iso_graphical = genAttrs [ "x86_64-linux" ] (system: makeIso {
     module = ./modules/installer/cd-dvd/installation-cd-graphical-kde.nix;
     type = "graphical";
     inherit system;
@@ -138,7 +118,7 @@ in rec {
 
   # A variant with a more recent (but possibly less stable) kernel
   # that might support more hardware.
-  iso_minimal_new_kernel = forAllSystems (system: makeIso {
+  iso_minimal_new_kernel = genAttrs [ "x86_64-linux" ] (system: makeIso {
     module = ./modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix;
     type = "minimal-new-kernel";
     inherit system;
@@ -146,35 +126,17 @@ in rec {
 
 
   # A bootable VirtualBox virtual appliance as an OVA file (i.e. packaged OVF).
-  ova = forAllSystems (system:
+  ova = genAttrs [ "x86_64-linux" ] (system:
 
     with import nixpkgs { inherit system; };
 
-    let
+    hydraJob ((import lib/eval-config.nix {
-
-      config = (import lib/eval-config.nix {
       inherit system;
       modules =
         [ versionModule
           ./modules/installer/virtualbox-demo.nix
         ];
-      }).config;
+    }).config.system.build.virtualBoxOVA)
-
-    in
-      # Declare the OVA as a build product so that it shows up in Hydra.
-      hydraJob (runCommand "nixos-ova-${config.system.nixosVersion}-${system}"
-        { meta = {
-            description = "NixOS VirtualBox appliance (${system})";
-            maintainers = maintainers.eelco;
-          };
-          ova = config.system.build.virtualBoxOVA;
-          preferLocalBuild = true;
-        }
-        ''
-          mkdir -p $out/nix-support
-          fn=$(echo $ova/*.ova)
-          echo "file ova $fn" >> $out/nix-support/hydra-build-products
-        '') # */
 
   );
 

nixos/tests/chromium.nix

@@ -1,4 +1,11 @@
-{ system ? builtins.currentSystem }:
+{ system ? builtins.currentSystem
+, pkgs ? import ../.. { inherit system; }
+, channelMap ? {
+    stable = pkgs.chromium;
+    beta   = pkgs.chromiumBeta;
+    dev    = pkgs.chromiumDev;
+  }
+}:
 
 with import ../lib/testing.nix { inherit system; };
 with pkgs.lib;
@@ -160,8 +167,4 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
 
     $machine->shutdown;
   '';
-}) {
+}) channelMap
-  stable = pkgs.chromium;
-  beta   = pkgs.chromiumBeta;
-  dev    = pkgs.chromiumDev;
-}

nixos/tests/dnscrypt-proxy.nix

@@ -23,10 +23,11 @@ import ./make-test.nix ({ pkgs, ... }: {
 
   testScript = ''
     $client->start;
-    $client->waitForUnit("multi-user.target");
+    $client->waitForUnit("sockets.target");
+    $client->waitForUnit("dnsmasq");
 
     # The daemon is socket activated; sending a single ping should activate it.
     $client->execute("${pkgs.iputils}/bin/ping -c1 example.com");
-    $client->succeed("systemctl is-active dnscrypt-proxy.service");
+    $client->succeed("systemctl is-active dnscrypt-proxy");
   '';
 })

nixos/tests/docker.nix

@@ -20,7 +20,7 @@ import ./make-test.nix ({ pkgs, ...} : {
   testScript = ''
     startAll;
 
-    $docker->waitForUnit("docker.service");
+    $docker->waitForUnit("sockets.target");
     $docker->succeed("tar cv --files-from /dev/null | docker import - scratchimg");
     $docker->succeed("docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10");
     $docker->succeed("docker ps | grep sleeping");

nixos/tests/firewall.nix

@@ -35,9 +35,9 @@ import ./make-test.nix ( { pkgs, ... } : {
       # Local connections should still work.
       $walled->succeed("curl -v http://localhost/ >&2");
 
-      # Connections to the firewalled machine should fail.
+      # Connections to the firewalled machine should fail, but ping should succeed.
       $attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2");
-      $attacker->fail("ping -c 1 walled >&2");
+      $attacker->succeed("ping -c 1 walled >&2");
 
       # Outgoing connections/pings should still work.
       $walled->succeed("curl -v http://attacker/ >&2");

nixos/tests/misc.nix

@@ -23,6 +23,8 @@ import ./make-test.nix ({ pkgs, ...} : {
         { wantedBy = [ "multi-user.target" ];
           where = "/tmp2";
         };
+      users.users.sybil = { isNormalUser = true; group = "wheel"; };
+      security.sudo = { enable = true; wheelNeedsPassword = false; };
     };
 
   testScript =
@@ -110,5 +112,10 @@ import ./make-test.nix ({ pkgs, ...} : {
       subtest "nix-db", sub {
           $machine->succeed("nix-store -qR /run/current-system | grep nixos-");
       };
+
+      # Test sudo
+      subtest "sudo", sub {
+          $machine->succeed("su - sybil -c 'sudo true'");
+      };
     '';
 })

nixos/tests/riak.nix

@@ -7,7 +7,7 @@ import ./make-test.nix {
 
       {
         services.riak.enable = true;
-        services.riak.package = pkgs.riak2;
+        services.riak.package = pkgs.riak;
       };
   };
 

pkgs/applications/audio/clementine/default.nix

@@ -50,6 +50,12 @@ let
     name = "clementine-free-${version}";
     inherit patches src buildInputs;
     enableParallelBuilding = true;
+    postPatch = ''
+      sed -i src/CMakeLists.txt \
+        -e 's,-Werror,,g' \
+        -e 's,-Wno-unknown-warning-option,,g' \
+        -e 's,-Wno-unused-private-field,,g'
+    '';
     meta = with stdenv.lib; {
       homepage = "http://www.clementine-player.org";
       description = "A multiplatform music player";

pkgs/applications/audio/drumgizmo/default.nix

@@ -3,12 +3,12 @@
 }:
 
 stdenv.mkDerivation rec {
-  version = "0.9.8.1";
+  version = "0.9.9";
   name = "drumgizmo-${version}";
 
   src = fetchurl {
     url = "http://www.drumgizmo.org/releases/${name}/${name}.tar.gz";
-    sha256 = "1plfjhwhaz1mr3kgf5imcp3kjflk6ni9sq39gmxjxzya6gn2r6gg";
+    sha256 = "03dnh2p4s6n107n0r86h9j1jwy85a8qwjkh0288k60qpdqy1c7vp";
   };
 
   configureFlags = [ "--enable-lv2" ];
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
   meta = with stdenv.lib; {
     description = "An LV2 sample based drum plugin";
     homepage = http://www.drumgizmo.org;
-    license = licenses.gpl3;
+    license = licenses.lgpl3;
     platforms = platforms.linux;
     maintainers = [ maintainers.goibhniu maintainers.nico202 ];
   };

pkgs/applications/audio/seq24/default.nix

@@ -2,20 +2,21 @@
 
 stdenv.mkDerivation  rec {
   name = "seq24-${version}";
-  version = "0.9.2";
+  version = "0.9.3";
 
   src = fetchurl {
     url = "http://launchpad.net/seq24/trunk/${version}/+download/${name}.tar.gz";
-    sha256 = "07n80zj95i80vjmsflnlbqx5vv90qmp5f6a0zap8d30849l4y258";
+    sha256 = "1qpyb7355s21sgy6gibkybxpzx4ikha57a8w644lca6qy9mhcwi3";
   };
 
-  buildInputs = [ alsaLib gtkmm libjack2 pkgconfig ];
+  buildInputs = [ alsaLib gtkmm libjack2 ];
+  nativeBuildInputs = [ pkgconfig ];
 
   meta = with stdenv.lib; {
     description = "minimal loop based midi sequencer";
     homepage = "http://www.filter24.org/seq24";
     license = licenses.gpl2;
     platforms = platforms.linux;
-    maintainers = [ maintainers.goibhniu ];
+    maintainers = with maintainers; [ goibhniu nckx ];
   };
 }

pkgs/applications/audio/zam-plugins/default.nix

@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     url = "https://github.com/zamaudio/zam-plugins.git";
     deepClone = true;
     rev = "91fe56931a3e57b80f18c740d2dde6b44f962aee";
-    sha256 = "1d8w3086xshl61yqaxg6lrvqb7bww30dsdzcd0mnii49wyzjpj0b";
+    sha256 = "1s0s028h3z3pfd4qvi63fsg6bv33bvz0p5fbmbmhypzqjlx6mlkb";
   };
 
   buildInputs = [ boost libX11 mesa liblo libjack2 ladspaH lv2 pkgconfig rubberband libsndfile ];

pkgs/applications/audio/zynaddsubfx/default.nix

@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation  rec {
   name = "zynaddsubfx-${version}";
-  version = "2.5.2";
+  version = "2.5.4";
 
   src = fetchurl {
-    url = "mirror://sourceforge/zynaddsubfx/zynaddsubfx-${version}.tar.gz";
+    url = "mirror://sourceforge/zynaddsubfx/zynaddsubfx-${version}.tar.bz2";
-    sha256 = "11yrady7xwfrzszkk2fvq81ymv99mq474h60qnirk27khdygk24m";
+    sha256 = "16llaa2wg2gbgjhwp3632b2vx9jvanj4csv7d41k233ms6d1sjq1";
   };
 
   buildInputs = [ alsaLib libjack2 fftw fltk13 libjpeg minixml zlib liblo ];
@@ -21,6 +21,6 @@ stdenv.mkDerivation  rec {
     homepage = http://zynaddsubfx.sourceforge.net;
     license = licenses.gpl2;
     platforms = platforms.linux;
-    maintainers = [ maintainers.goibhniu maintainers.palo ];
+    maintainers = [ maintainers.goibhniu maintainers.nico202 ];
   };
 }

pkgs/applications/backup/crashplan/CrashPlanDesktop.patch

@@ -1,8 +1,12 @@
---- ./scripts/CrashPlanDesktop    2014-12-18 09:51:14.050804325 +0100
+--- ./scripts/CrashPlanDesktop	2016-03-02 21:01:58.000000000 -0500
-+++ ./scripts/CrashPlanDesktop-1  2014-12-18 09:51:32.271009382 +0100
++++ ./scripts/CrashPlanDesktop-1	2016-03-18 20:52:10.117686266 -0400
-@@ -9,4 +9,4 @@
+@@ -11,7 +11,7 @@
- 
  cd ${TARGETDIR}
  
--${JAVACOMMON} ${GUI_JAVA_OPTS} -classpath "./lib/com.backup42.desktop.jar:./lang:./skin" com.backup42.desktop.CPDesktop > ${TARGETDIR}/log/ui_output.log 2> ${TARGETDIR}/log/ui_error.log &
+ if [ "_${VERSION_5_UI}" == "_true" ]; then
-+${JAVACOMMON} ${GUI_JAVA_OPTS} -classpath "./lib/com.backup42.desktop.jar:./lang:./skin" com.backup42.desktop.CPDesktop &
+-	${TARGETDIR}/electron/crashplan > ${TARGETDIR}/log/ui_output.log 2> ${TARGETDIR}/log/ui_error.log &
++	${TARGETDIR}/electron/crashplan &
+ else
+-	${JAVACOMMON} ${GUI_JAVA_OPTS} -classpath "./lib/com.backup42.desktop.jar:./lang:./skin" com.backup42.desktop.CPDesktop > ${TARGETDIR}/log/ui_output.log 2> ${TARGETDIR}/log/ui_error.log &
++	${JAVACOMMON} ${GUI_JAVA_OPTS} -classpath "./lib/com.backup42.desktop.jar:./lang:./skin" com.backup42.desktop.CPDesktop &
+ fi

pkgs/applications/backup/crashplan/default.nix

@@ -1,13 +1,13 @@
 { stdenv, fetchurl, makeWrapper, jre, cpio, gawk, gnugrep, gnused, procps, swt, gtk2, glib, libXtst }:
 
-let version = "3.6.4";
+let version = "4.6.0";
 
 in stdenv.mkDerivation rec {
   name = "crashplan-${version}";
 
   crashPlanArchive = fetchurl {
-    url = "http://download.crashplan.com/installs/linux/install/CrashPlan/CrashPlan_${version}_Linux.tgz";
+    url = "https://download.code42.com/installs/linux/install/CrashPlan/CrashPlan_${version}_Linux.tgz";
-    sha256 = "0xmzpxfm8vghk552jy167wg1nky1pp93dqds1p922hn73g0x5cv3";
+    sha256 = "0h9zk6i1pdvl101c8l4v4x6i7q4wkmkqp2dkm0lq7ha96lrvac47";
   };
 
   srcs = [ crashPlanArchive ];
@@ -16,7 +16,6 @@ in stdenv.mkDerivation rec {
     description = "An online/offline backup solution";
     homepage = "http://www.crashplan.org";
     license = licenses.unfree;
-    broken = true;  # outdated and new client has trouble starting (nullpointer exception)
     maintainers = with maintainers; [ sztupi iElectric ];
   };
 
@@ -38,7 +37,7 @@ in stdenv.mkDerivation rec {
     # Make sure the daemon is running using the same localization as
     # the (installing) user
     echo "" >> run.conf
-    echo "export LC_ALL=en_US.UTF-8" >> run.conf
+    echo "LC_ALL=en_US.UTF-8" >> run.conf
 
     install -d -m 755 unpacked $out
 
@@ -49,15 +48,15 @@ in stdenv.mkDerivation rec {
     install -D -m 644 scripts/CrashPlan.desktop $out/share/applications/CrashPlan.desktop
 
     rm -r $out/log
+    mv -v $out/conf $out/conf.template
     ln -s $vardir/log $out/log
     ln -s $vardir/cache $out/cache
     ln -s $vardir/backupArchives $out/backupArchives
-    ln -s $vardir/conf/service.model $out/conf/service.model
+    ln -s $vardir/conf $out/conf
-    ln -s $vardir/conf/my.service.xml $out/conf/my.service.xml
 
     echo "JAVACOMMON=${jre}/bin/java" > $out/install.vars
     echo "APP_BASENAME=CrashPlan" >> $out/install.vars
-    echo "TARGETDIR=$out" >> $out/install.vars
+    echo "TARGETDIR=${vardir}" >> $out/install.vars
     echo "BINSDIR=$out/bin" >> $out/install.vars
     echo "MANIFESTDIR=${manifestdir}" >> $out/install.vars
     echo "VARDIR=${vardir}" >> $out/install.vars
@@ -77,7 +76,8 @@ in stdenv.mkDerivation rec {
     
     substituteInPlace $out/share/applications/CrashPlan.desktop \
       --replace /usr/local  $out \
-      --replace crashplan/skin skin
+      --replace crashplan/skin skin \
+      --replace bin/CrashPlanDesktop CrashPlanDesktop
 
     wrapProgram $out/bin/CrashPlanDesktop --prefix LD_LIBRARY_PATH ":" "${gtk2}/lib:${glib}/lib:${libXtst}/lib"
   '';

pkgs/applications/editors/atom/default.nix

@@ -16,11 +16,11 @@ let
   };
 in stdenv.mkDerivation rec {
   name = "atom-${version}";
-  version = "1.5.4";
+  version = "1.6.0";
 
   src = fetchurl {
     url = "https://github.com/atom/atom/releases/download/v${version}/atom-amd64.deb";
-    sha256 = "0jnszf1v7xqhm2sy5wzm3f8aw7j1dnapnbw4d46bvshv9hbbzrn8";
+    sha256 = "1izp2fwxk4rrksdbhcaj8fn0aazi7brid72n1vp7f49adrkqqc1b";
     name = "${name}.deb";
   };
 

pkgs/applications/editors/eclipse/default.nix

@@ -312,7 +312,7 @@ rec {
   };
   eclipse_sdk_451 = eclipse-sdk-451; # backward compatibility, added 2016-01-30
 
-  eclipse-platform = eclipse-platform-451;
+  eclipse-platform = eclipse-platform-452;
 
   eclipse-platform-45 = buildEclipse {
     name = "eclipse-platform-4.5";
@@ -344,6 +344,21 @@ rec {
     };
   };
 
+  eclipse-platform-452 = buildEclipse {
+    name = "eclipse-platform-4.5.2";
+    description = "Eclipse platform";
+    sources = {
+      "x86_64-linux" = fetchurl {
+          url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.5.2-201602121500/eclipse-SDK-4.5.2-linux-gtk-x86_64.tar.gz;
+          sha256 = "13dsd5f5i39wd0sr2bgp57hd2msn8g2dnmw5j8hfwif22c62py47";
+        };
+      "i686-linux" = fetchurl {
+          url = https://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.5.2-201602121500/eclipse-SDK-4.5.2-linux-gtk.tar.gz;
+          sha256 = "00jsmbrl4xhpbgd8hyxijgzqdic700kd3yw2qwgl0cs3ncvybxvq";
+        };
+    };
+  };
+
   eclipseWithPlugins = { eclipse, plugins ? [], jvmArgs ? [] }:
     let
       # Gather up the desired plugins.

pkgs/applications/editors/eclipse/plugins.nix

@@ -377,16 +377,16 @@ rec {
 
   testng = buildEclipsePlugin rec {
     name = "testng-${version}";
-    version = "6.9.10.201512020421";
+    version = "6.9.11.201603260617";
 
     srcFeature = fetchurl {
       url = "http://beust.com/eclipse-old/eclipse_${version}/features/org.testng.eclipse_${version}.jar";
-      sha256 = "17y0cb1xprldjav14iy2sinv7lcw4xnjs2fwz9gl41m9m1c0hajk";
+      sha256 = "0cd7d3bdp6f081vrampsv53z55g1mjn04w9ngz3h8dr0h6jnxz3y";
     };
 
     srcPlugin = fetchurl {
       url = "http://beust.com/eclipse-old/eclipse_${version}/plugins/org.testng.eclipse_${version}.jar";
-      sha256 = "1iwq0ifk9l56z11vhy5yscvl8l1xk6igkp103v9vwvcx6nlmkfgc";
+      sha256 = "10kdwnydmsvngn8ahijxrv50aps6wa4ckbf7p24mxbwlnmpqfj03";
     };
 
     meta = with stdenv.lib; {

pkgs/applications/editors/emacs-modes/elpa-packages.nix

@@ -35,11 +35,11 @@ self:
     };
 
     overrides = {
-      # These packages require emacs-25
+      el-search = markBroken super.el-search; # requires emacs-25
-      el-search = markBroken super.el-search;
+      iterators = markBroken super.iterators; # requires emacs-25
-      iterators = markBroken super.iterators;
+      midi-kbd = markBroken super.midi-kbd; # requires emacs-25
-      midi-kbd = markBroken super.midi-kbd;
+      stream = markBroken super.stream; # requires emacs-25
-      stream = markBroken super.stream;
+      cl-lib = null; # builtin
     };
 
     elpaPackages = super // overrides;

pkgs/applications/editors/idea/default.nix

@@ -185,25 +185,25 @@ in
 
   idea-community = buildIdea rec {
     name = "idea-community-${version}";
-    version = "15.0.4";
+    version = "2016.1";
-    build = "IC-143.2287";
+    build = "IC-145.258.11";
     description = "Integrated Development Environment (IDE) by Jetbrains, community edition";
     license = stdenv.lib.licenses.asl20;
     src = fetchurl {
       url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz";
-      sha256 = "05kah5cx7x3rlaaxkvbbm7g8jvy9hc38q4jv7j5r9rkxd38fslvn";
+      sha256 = "1grgyaapsbf7xn0m18x6fgghjh9n1n2zblz9608g9qgx5p28kn6q";
     };
   };
 
   idea-ultimate = buildIdea rec {
     name = "idea-ultimate-${version}";
-    version = "15.0.4";
+    version = "2016.1";
-    build = "IU-143.2287";
+    build = "IU-145.258.11";
     description = "Integrated Development Environment (IDE) by Jetbrains, requires paid license";
     license = stdenv.lib.licenses.unfree;
     src = fetchurl {
       url = "https://download.jetbrains.com/idea/ideaIU-${version}.tar.gz";
-      sha256 = "0416y7krrak1q5pb8axskdamy06nfxmn4hj7421j8jaz0nc50dn4";
+      sha256 = "15ybqdy311wi3iqi7bzk798cd91jpl73ngl86kzwr68d24nyy3zb";
     };
   };
 

pkgs/applications/editors/tweak/default.nix

@@ -0,0 +1,21 @@
+{ stdenv, fetchurl, ncurses }:
+
+stdenv.mkDerivation rec {
+  name = "tweak-${version}";
+  version = "3.02";
+
+  src = fetchurl {
+    url = "http://www.chiark.greenend.org.uk/~sgtatham/tweak/${name}.tar.gz";
+    sha256 = "06js54pr5hwpwyxj77zs5s40n5aqvaw48dkj7rid2d47pyqijk2v";
+  };
+
+  buildInputs = [ ncurses ];
+  preBuild = "substituteInPlace Makefile --replace '$(DESTDIR)/usr/local' $out";
+
+  meta = with stdenv.lib; {
+    description = "An efficient hex editor";
+    homepage = "http://www.chiark.greenend.org.uk/~sgtatham/tweak";
+    license = licenses.mit;
+    platform = platforms.unix;
+  };
+}

pkgs/applications/editors/vim/default.nix

@@ -10,13 +10,13 @@
 
 stdenv.mkDerivation rec {
   name = "vim-${version}";
-  version = "7.4.827";
+  version = "7.4.1585";
 
   src = fetchFromGitHub {
     owner = "vim";
     repo = "vim";
     rev = "v${version}";
-    sha256 = "1m34s2hsc5lcish6gmvn2iwaz0k7jc3kg9q4nf30fj9inl7gaybs";
+    sha256 = "1kjdwpka269i4cyl0rmnmzg23dl26g65k26h32w8ayzfm3kbj123";
   };
 
   enableParallelBuilding = true;

pkgs/applications/graphics/hugin/default.nix

@@ -1,6 +1,6 @@
 { stdenv, cmake, fetchurl, gnumake, pkgconfig, makeWrapper
 , boost, gettext, tclap, wxGTK
-, freeglut, glew, libXi, libXmu, mesa
+, freeglut, glew, libX11, libXi, libXmu, mesa, cairo
 , autopanosiftc, enblend-enfuse, exiv2, fftw, ilmbase, lensfun, libpng, libtiff
 , openexr, panotools, perlPackages, sqlite, vigra
 }:
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
   NIX_CFLAGS_COMPILE = "-I${ilmbase}/include/OpenEXR";
 
   buildInputs = [ boost gettext tclap wxGTK
-                  freeglut glew libXi libXmu mesa
+                  freeglut glew libX11 libXi libXmu mesa cairo
                   exiv2 fftw ilmbase lensfun libtiff libpng openexr panotools
                   sqlite vigra
                   perlPackages.ImageExifTool makeWrapper

pkgs/applications/graphics/leocad/default.nix

@@ -16,8 +16,11 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ qt4 zlib ];
 
-  prefixKey="INSTALL_PREFIX=";
+  prefixKey = "INSTALL_PREFIX=";
   configureScript = "qmake leocad.pro";
+  postPatch = ''
+    substituteInPlace common/camera.cpp --replace "isnan(" "std::isnan("
+  '';
 
   meta = with stdenv.lib; {
     description = "CAD program for creating virtual LEGO models";

pkgs/applications/graphics/openimageio/default.nix

@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   name = "openimageio-${version}";
-  version = "1.6.9";
+  version = "1.6.11";
 
   src = fetchurl {
     url = "https://github.com/OpenImageIO/oiio/archive/Release-${version}.zip";
-    sha256 = "0942xj877875f4dpfg7aqwyw015y82vkhaqap7yhybmvzsfj7wki";
+    sha256 = "0cr0z81a41bg193dx9crcq1mns7mmzz7qys4lrbm18cmdbwkk88x";
   };
 
   buildInputs = [

pkgs/applications/graphics/pencil/default.nix

@@ -1,12 +1,12 @@
 { stdenv, fetchurl, makeWrapper, xulrunner }:
 
 stdenv.mkDerivation rec {
-  version = "2.0.15";
+  version = "2.0.18";
   name = "pencil-${version}";
 
   src = fetchurl {
     url = "https://github.com/prikhi/pencil/releases/download/v${version}/Pencil-${version}-linux-pkg.tar.gz";
-    sha256 = "be338558b613f51506337a2c7c80f209e8644656c2925f41c294e2872feabc3b";
+    sha256 = "0x0kibb2na12fwl0x68xhkjpbm5h2widm346cx2r29gp1kq9kklc";
   };
 
   buildPhase = "";

pkgs/applications/graphics/phototonic/default.nix

@@ -2,12 +2,14 @@
 
 stdenv.mkDerivation rec {
   name = "phototonic-${version}";
-  version = "1.7";
+  version = "1.7.1";
 
   src = fetchFromGitHub {
     repo = "phototonic";
     owner = "oferkv";
-    rev = "v${version}";
+    # There is currently no tag for 1.7.1 see
+    # https://github.com/oferkv/phototonic/issues/214
+    rev = "c37070e4a068570d34ece8de1e48aa0882c80c5b";
     sha256 = "1agd3bsrpljd019qrjvlbim5l0bhpx53dhpc0gvyn0wmcdzn92gj";
   };
 

pkgs/applications/graphics/sane/backends/git.nix

@@ -1,10 +1,10 @@
 { callPackage, fetchgit, ... } @ args:
 
 callPackage ./generic.nix (args // {
-  version = "2016-03-05";
+  version = "2016-03-24";
   src = fetchgit {
-    sha256 = "dc84530d5e0233427acfd132aa08a4cf9973c936ff72a66ee08ecf836200d367";
+    sha256 = "593672ccfef6e3e0f3cb8ae4bbc67db9b2f1a821df4914343e4cf32f75cea865";
-    rev = "23eb95582da718791103b83ea002e947caa0f5fc";
+    rev = "41a416e4afcf6cada69193dc408ef184d0e5f678";
     url = "git://alioth.debian.org/git/sane/sane-backends.git";
   };
 })

pkgs/applications/graphics/simple-scan/default.nix

@@ -3,11 +3,11 @@
 
 stdenv.mkDerivation rec {
   name = "simple-scan-${version}";
-  version = "3.19.92";
+  version = "3.20.0";
 
   src = fetchurl {
-    sha256 = "1zz6y4cih1v0npxjfxvnqz3bz7i5aripdsfy0hg9mhr1f4r0ig19";
+    sha256 = "0b5ndrjwi7yipkr9bhyifpbdil65izdm677if23yj832n2jsbxcd";
-    url = "https://launchpad.net/simple-scan/3.19/${version}/+download/${name}.tar.xz";
+    url = "https://launchpad.net/simple-scan/3.20/${version}/+download/${name}.tar.xz";
   };
 
   buildInputs = [ cairo colord glib gusb gtk3 libusb1 libxml2 sane-backends
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
   configureFlags = [ "--disable-packagekit" ];
 
   preBuild = ''
-    # Clean up stale .c files referencing packagekit headers as of 3.19.91:
+    # Clean up stale .c files referencing packagekit headers as of 3.20.0:
     make clean
   '';
 

pkgs/applications/misc/abook/default.nix

@@ -1,15 +1,23 @@
-{ stdenv, fetchurl, pkgconfig, ncurses, readline }:
+{ stdenv, fetchurl, fetchpatch, pkgconfig, ncurses, readline }:
 
-let version = "0.6.0pre2"; in
 stdenv.mkDerivation rec {
-  name = "abook-${version}";
+  name = "abook-0.6.0pre2";
 
   src = fetchurl {
     url = "http://abook.sourceforge.net/devel/${name}.tar.gz";
-    sha256 = "59d444504109dd96816e003b3023175981ae179af479349c34fa70bc12f6d385";
+    sha256 = "11fkyq9bqw7s6jf38yglk8bsx0ar2wik0fq0ds0rdp8985849m2r";
   };
 
-  buildInputs = [ pkgconfig ncurses readline ];
+  patches = [
+    (fetchpatch {
+       url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/gcc5.patch?h=packages/abook";
+       name = "gcc5.patch";
+       sha256 = "13n3qd6yy45i5n8ppjn9hj6y63ymjrq96280683xk7f7rjavw5nn";
+     })
+  ];
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ ncurses readline ];
 
   # Changed inline semantics in GCC5, need to export symbols for inline funcs
   postPatch = ''

pkgs/applications/misc/blender/default.nix

@@ -10,11 +10,11 @@
 with lib;
 
 stdenv.mkDerivation rec {
-  name = "blender-2.76b";
+  name = "blender-2.77";
 
   src = fetchurl {
     url = "http://download.blender.org/source/${name}.tar.gz";
-    sha256 = "0pb0mlj4vj0iir528ifqq67nsh3ca1942933d9cwlbpcja2jm1dx";
+    sha256 = "0aynm249xgrnm6h5hlp9x40ww0hn391d9ka2mg9mmqrdzhih286n";
   };
 
   buildInputs =
@@ -62,7 +62,7 @@ stdenv.mkDerivation rec {
     # They comment two licenses: GPLv2 and Blender License, but they
     # say: "We've decided to cancel the BL offering for an indefinite period."
     license = licenses.gpl2Plus;
-    platforms = platforms.linux;
+    platforms = [ "x86_64-linux" ];
     maintainers = [ maintainers.goibhniu ];
   };
 }

pkgs/applications/misc/buku/default.nix

@@ -0,0 +1,34 @@
+{ stdenv, pythonPackages, fetchFromGitHub,
+  encryptionSupport ? false
+}:
+
+pythonPackages.buildPythonApplication rec {
+  version = "1.8";
+  name = "buku-${version}";
+
+  src = fetchFromGitHub {
+    owner = "jarun";
+    repo = "buku";
+    rev = "53d48ee56a3abfb53b94ed25fb620ee759141c96";
+    sha256 = "185d3gndw20c3l6f3mf0iq4qapm8g30bl0hn0wsqpp36vl0bpq28";
+  };
+
+  buildInputs = stdenv.lib.optional encryptionSupport pythonPackages.pycrypto;
+
+  phases = [ "unpackPhase" "installPhase" "fixupPhase" ];
+
+  installPhase = ''
+    make install PREFIX=$out
+  '';
+
+  doCheck = false;
+
+  meta = with stdenv.lib; {
+    description = "Private cmdline bookmark manager";
+    homepage = https://github.com/jarun/Buku;
+    license = licenses.gpl3;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ matthiasbeyer ];
+  };
+}
+

pkgs/applications/misc/calibre/default.nix

@@ -5,12 +5,12 @@
 }:
 
 stdenv.mkDerivation rec {
-  version = "2.52.0";
+  version = "2.53.0";
   name = "calibre-${version}";
 
   src = fetchurl {
     url = "http://download.calibre-ebook.com/${version}/${name}.tar.xz";
-    sha256 = "1la114vhkm73iv0rrzwws28ydiszl58q5y9d6aafn5sh16ph2aws";
+    sha256 = "0rvfh39a6j5r398p6xzrbzvhxapm1iyhc0d46xk5fwa52kscadhz";
   };
 
   inherit python;

pkgs/applications/misc/cdrtools/default.nix

@@ -12,6 +12,11 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ acl libcap ];
 
+  postPatch = ''
+    sed "/\.mk3/d" -i libschily/Targets.man
+    substituteInPlace man/Makefile --replace "man4" ""
+  '';
+
   configurePhase = "true";
 
   GMAKE_NOWARN = true;

pkgs/applications/misc/deco/default.nix

@@ -0,0 +1,36 @@
+{ stdenv, fetchFromGitHub, scsh, feh, xlibs }:
+
+stdenv.mkDerivation rec {
+  pname = "deco";
+  version = "0.0.1";
+  name = "${pname}-${version}";
+
+  src = fetchFromGitHub {
+    owner = "ebzzry";
+    repo = pname;
+    rev = "037f473ae4bdce5d3e2f76891785f0f7479cca75";
+    sha256 = "1fv15nc9zqbn3c51vnm50yidj5ivpi61zg55cs46x3gi2x79x43q";
+  };
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp ${pname} $out/bin
+    chmod +x $out/bin/${pname}
+  '';
+
+  postFixup = ''
+    substituteInPlace $out/bin/deco --replace "/usr/bin/env scsh" "${scsh}/bin/scsh"
+    substituteInPlace $out/bin/deco --replace "feh" "${feh}/bin/feh"
+    substituteInPlace $out/bin/deco --replace "xdpyinfo" "${xlibs.xdpyinfo}/bin/xdpyinfo"
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://github.com/ebzzry/deco;
+    description = "A simple root image setter";
+    license = licenses.mit;
+    maintainers = [ maintainers.ebzzry ];
+    platforms = platforms.unix;
+  };
+
+  dontBuild = true;
+}

pkgs/applications/misc/electrum/default.nix

@@ -18,11 +18,11 @@ in
 
 pythonPackages.buildPythonApplication rec {
   name = "electrum-${version}";
-  version = "2.6.2";
+  version = "2.6.3";
 
   src = fetchurl {
     url = "https://download.electrum.org/${version}/Electrum-${version}.tar.gz";
-    sha256 = "1wvzlx9aj88z01vljhyg3v67zsk2iz18r58727pdq7h94vwwjc86";
+    sha256 = "0lj3a8zg6dznpnnxyza8a05c13py52j62rqlad1zcgksm5g63vic";
   };
 
   propagatedBuildInputs = with pythonPackages; [

pkgs/applications/misc/emem/default.nix

@@ -2,14 +2,14 @@
 
 stdenv.mkDerivation rec {
   pname = "emem";
-  version = "0.2.12";
+  version = "0.2.15";
   name = "${pname}-${version}";
 
   inherit jdk;
 
   src = fetchurl {
     url = "https://github.com/ebzzry/${pname}/releases/download/v${version}/${pname}.jar";
-    sha256 = "1ynn72n9pw9zk29c9q2zybxjg8dniilp05vghrc9vnslyi8ml90d";
+    sha256 = "0jj990syd9biq2awnjydi4x3p4hivigc522ds59hdf5wg4y2gg6c";
   };
 
   buildInputs = [ ];
@@ -22,14 +22,14 @@ stdenv.mkDerivation rec {
   '';
 
   installPhase = ''
-    cp $src $out/share/java
+    cp $src $out/share/java/${pname}.jar
 
-    cat > $out/bin/emem <<EOF
+    cat > $out/bin/${pname} <<EOF
 #! $SHELL
-$jdk/bin/java -jar $out/share/java/$(basename $src) "\$@"
+$jdk/bin/java -jar $out/share/java/${pname}.jar "\$@"
 EOF
 
-    chmod +x $out/bin/emem
+    chmod +x $out/bin/${pname}
   '';
 
   meta = with stdenv.lib; {

pkgs/applications/misc/gnuradio/default.nix

@@ -23,11 +23,11 @@
 
 stdenv.mkDerivation rec {
   name = "gnuradio-${version}";
-  version = "3.7.8.1";
+  version = "3.7.9.1";
 
   src = fetchurl {
     url = "http://gnuradio.org/releases/gnuradio/${name}.tar.gz";
-    sha256 = "1ap5gbgisnbny3jbnm2i5wm2sy6qkbhz747av3sjxp2z12fz81l4";
+    sha256 = "0zlnxyqq3dyrg0nz2hpydlhyzv26vlkdavs8w01k448lxkqz01lw";
   };
 
   buildInputs = [
@@ -39,6 +39,8 @@ stdenv.mkDerivation rec {
     cheetahTemplate numpy scipy matplotlib pyqt4 pygtk wxPython pyopengl
   ];
 
+  enableParallelBuilding = true;
+
   preConfigure = ''
     export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -Wno-unused-variable"
   '';
@@ -72,6 +74,6 @@ stdenv.mkDerivation rec {
     homepage = http://www.gnuradio.org;
     license = licenses.gpl3;
     platforms = platforms.linux;
-    maintainers = [ maintainers.bjornfor ];
+    maintainers = with maintainers; [ bjornfor fpletz ];
   };
 }

pkgs/applications/misc/gqrx/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, qt4, gnuradio, boost, gnuradio-osmosdr
+{ stdenv, fetchFromGitHub, qt4, gnuradio, boost, gnuradio-osmosdr
 # drivers (optional):
 , rtl-sdr, hackrf
 , pulseaudioSupport ? true, libpulseaudio
@@ -8,11 +8,13 @@ assert pulseaudioSupport -> libpulseaudio != null;
 
 stdenv.mkDerivation rec {
   name = "gqrx-${version}";
-  version = "2.3.2";
+  version = "2.5.3";
 
-  src = fetchurl {
+  src = fetchFromGitHub {
-    url = "mirror://sourceforge/project/gqrx/${version}/${name}.tar.xz";
+    owner = "csete";
-    sha256 = "1vfqqa976xlbapqkpc9nka364zydvsy18xiwfqjy015kpasshdz1";
+    repo = "gqrx";
+    rev = "v${version}";
+    sha256 = "02pavd1kc0gsnrl18bfa01r2f3j4j05zly4a8zwss9yrsgf8432x";
   };
 
   buildInputs = [
@@ -21,12 +23,14 @@ stdenv.mkDerivation rec {
 
   configurePhase = ''qmake PREFIX="$out"'';
 
+  enableParallelBuilding = true;
+
   postInstall = ''
     mkdir -p "$out/share/applications"
     mkdir -p "$out/share/icons"
 
     cp gqrx.desktop "$out/share/applications/"
-    cp icons/gqrx.svg "$out/share/icons/"
+    cp resources/icons/gqrx.svg "$out/share/icons/"
   '';
 
   meta = with stdenv.lib; {
@@ -42,6 +46,6 @@ stdenv.mkDerivation rec {
     # it's currently unknown which version of the BSD license that is.
     license = licenses.gpl3Plus;
     platforms = platforms.linux;  # should work on Darwin / OS X too
-    maintainers = with maintainers; [ bjornfor the-kenny ];
+    maintainers = with maintainers; [ bjornfor the-kenny fpletz ];
   };
 }

pkgs/applications/misc/josm/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "josm-${version}";
-  version = "9900";
+  version = "9979";
 
   src = fetchurl {
     url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
-    sha256 = "1dsfamh2bsiz3xkhmh7g4jz6bbh25x22k3zgj1k0v0gj8k6yl7dy";
+    sha256 = "0zy88f4h71qyj7vlhiwnayaaz50gg6bj5pfypy43ghmjrh01d9vh";
   };
 
   phases = [ "installPhase" ];

pkgs/applications/misc/keepass/default.nix

@@ -8,11 +8,11 @@
 # plugin derivations in the Nix store and nowhere else.
 with builtins; buildDotnetPackage rec {
   baseName = "keepass";
-  version = "2.31";
+  version = "2.32";
 
   src = fetchurl {
     url = "mirror://sourceforge/keepass/KeePass-${version}-Source.zip";
-    sha256 = "10bqxpq30gzfq2ip6dkmqlzzsh3bnfdb01jry5xhgxvlycq1lnsm";
+    sha256 = "11bkflmqrpfk95v2j7pjcm78nilx2s611mn2x7kxwn77ilnbcjbw";
   };
 
   sourceRoot = ".";

pkgs/applications/misc/octoprint/default.nix

@@ -2,13 +2,13 @@
 
 pythonPackages.buildPythonApplication rec {
   name = "OctoPrint-${version}";
-  version = "1.2.9";
+  version = "1.2.10";
 
   src = fetchFromGitHub {
     owner = "foosel";
     repo = "OctoPrint";
     rev = version;
-    sha256 = "00hhq52jqwykhk3p57mn9kkcjbjz6g9mcrp96vx8lqzhw42m3a86";
+    sha256 = "1ips1083c4qrfnkssvp1lxrs92svlid29l225ifsymrinpbjawav";
   };
 
   # We need old Tornado

pkgs/applications/misc/octoprint/plugins.nix

@@ -8,13 +8,13 @@ in {
 
   m3d-fio = buildPlugin rec {
     name = "M3D-Fio-${version}";
-    version = "0.29";
+    version = "0.30.2";
 
     src = fetchFromGitHub {
       owner = "donovan6000";
       repo = "M3D-Fio";
       rev = "V${version}";
-      sha256 = "17jyr7qf9psq3xcckk1zjhaw0h8a0mh3v8lcv9vgqzni27kq9pnb";
+      sha256 = "1knm41hwjf6v4yjx8khr2zd9ryndmw8bkp3y80hgjc5p4nqxrmg3";
     };
 
     patches = [

pkgs/applications/misc/pgadmin/default.nix

@@ -9,6 +9,8 @@ stdenv.mkDerivation rec {
     sha256 = "0gkqpj8cg6jd6yhssrij1cbh960rg9fkjbdzcpryi6axwv0ag7ki";
   };
 
+  enableParallelBuilding = true;
+
   buildInputs = [ postgresql wxGTK libxml2 libxslt openssl ];
 
   preConfigure = ''

pkgs/applications/misc/slic3r/default.nix

@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
     EncodeLocale MathClipper ExtUtilsXSpp threads
     MathConvexHullMonotoneChain MathGeometryVoronoi MathPlanePath Moo
     IOStringy ClassXSAccessor Wx GrowlGNTP NetDBus ImportInto XMLSAX
-    ExtUtilsMakeMaker OpenGL WxGLCanvas
+    ExtUtilsMakeMaker OpenGL WxGLCanvas ModuleBuild
   ];
 
   desktopItem = makeDesktopItem {

pkgs/applications/misc/stardict/stardict-3.0.3-compositelookup_cpp.patch

@@ -1,19 +0,0 @@
-This patch is from OpenSUSE .src.rpm for the following crash on startup:
-
-ERROR:compositelookup.cpp:53:void CompositeLookup::send_net_dict_request(const string&, const string&): assertion failed: (NetDictRequests.end() == std::find(NetDictRequests.begin(), NetDictRequests.end(), request))
-
---- dict/src/lib/compositelookup.cpp
-+++ dict/src/lib/compositelookup.cpp
-@@ -50,8 +50,10 @@
- void CompositeLookup::send_net_dict_request(const std::string& dict_id, const std::string& key)
- {
- 	NetDictRequest request(dict_id, key);
--	g_assert(NetDictRequests.end() == std::find(NetDictRequests.begin(), NetDictRequests.end(), request));
--	NetDictRequests.push_back(request);
-+	if(NetDictRequests.end() == std::find(NetDictRequests.begin(), NetDictRequests.end(), request))
-+	{
-+	  NetDictRequests.push_back(request);
-+	}
- }
- 
- /* returns true if got expected response */

pkgs/applications/misc/stardict/stardict-3.0.3-correct-glib-include.patch

@@ -1,13 +0,0 @@
-http://bugs.gentoo.org/396219
-
---- dict/src/tomboykeybinder.h
-+++ dict/src/tomboykeybinder.h
-@@ -21,7 +21,7 @@
- #ifndef __TOMBOY_KEY_BINDER_H__
- #define __TOMBOY_KEY_BINDER_H__
- 
--#include <glib/gtypes.h>
-+#include <glib.h>
- 
- G_BEGIN_DECLS
- 

pkgs/applications/misc/stardict/stardict-3.0.3-entry.patch

@@ -1,20 +0,0 @@
-warning: key "Encoding" in group "Desktop Entry" is deprecated
-error: value "stardict.png" for key "Icon" in group "Desktop Entry" is an icon name with an extension, but there should be no extension
-error: value "Dictionary" in key "Categories" in group "Desktop Entry" requires another category to be present among the following categories: Office;TextTools
-
---- dict/data/stardict.desktop.in
-+++ dict/data/stardict.desktop.in
-@@ -1,11 +1,10 @@
- [Desktop Entry]
--Encoding=UTF-8
- _Name=StarDict
- _Comment=Lookup words
- Exec=stardict
- Terminal=false
- Type=Application
--Icon=stardict.png
-+Icon=stardict
- StartupNotify=true
--Categories=Utility;Dictionary;
-+Categories=Utility;Office;TextTools;Dictionary;
- X-GNOME-DocPath=stardict/stardict.xml

pkgs/applications/misc/stardict/stardict-3.0.3-gcc46.patch

@@ -1,13 +0,0 @@
-http://bugs.gentoo.org/362299
-
---- dict/stardict-plugins/stardict-wordnet-plugin/scene.h
-+++ dict/stardict-plugins/stardict-wordnet-plugin/scene.h
-@@ -25,6 +25,8 @@
- #ifndef __PHYSICS_H__
- #define __PHYSICS_H__
- 
-+#include <cstddef>
-+
- #include "partic.h"
- #include "spring.h"
- 

pkgs/applications/misc/stardict/stardict-3.0.3-overflow.patch

@@ -1,26 +0,0 @@
-This patch is stardict-tools-3.0.3-destbufferoverflow.patch from OpenSUSE .src.rpm for:
-
-warning: call to ‘__fgets_chk_warn’ declared with attribute warning: fgets called with bigger size than length of destination buffer [enabled by default]
-
---- tools/src/myspell2dic.c
-+++ tools/src/myspell2dic.c
-@@ -132,7 +132,7 @@ if (argc<3) 
- 
- fprintf(stderr, "Enter grammar language [Spanish]: ");
- fflush(stderr);
--fgets(lang, 100, stdin);
-+fgets(lang, 50, stdin);
- if ((p=strchr(lang, '\n'))!=NULL) *p=0;
- if (*lang==0) strcpy(lang, "Spanish");
- 
---- tools/src/ooo2dict.c
-+++ tools/src/ooo2dict.c
-@@ -71,7 +71,7 @@ current2=malloc(10000);
- 
- fprintf(stderr, "Enter thesaurus language [WordNet_English]: ");
- fflush(stderr);
--fgets(lang, 100, stdin);
-+fgets(lang, 50, stdin);
- if ((p=strchr(lang, '\n'))!=NULL) *p=0;
- if (*lang==0) strcpy(lang, "WordNet_English");
- F=fopen((argc>1)? argv[1]: "/usr/share/myspell/dicts/th_en_US_v2.dat", "rt");

pkgs/applications/misc/stardict/stardict-3.0.3-zlib-1.2.5.2.patch

@@ -1,39 +0,0 @@
-http://bugs.gentoo.org/401887
-
-diff --git a/lib/src/libcommon.cpp b/lib/src/libcommon.cpp
-index 16770a3..a4299e7 100644
---- a/lib/src/libcommon.cpp
-+++ b/lib/src/libcommon.cpp
-@@ -614,7 +614,7 @@ int unpack_zlib(const char* arch_file_name, const char* out_file_name)
- 		return EXIT_FAILURE;
- 	}
- 	while(true) {
--		len = gzread(get_impl(in), buf, buffer_size);
-+		len = gzread((gzFile)get_impl(in), buf, buffer_size);
- 		if(len < 0) {
- 			g_critical(read_file_err, arch_file_name, "");
- 			return EXIT_FAILURE;
-@@ -871,3 +871,8 @@ int remove_recursive(const std::string& path)
- 		return res;
- 	}
- }
-+
-+int gzclose_compat(void * file)
-+{
-+    return gzclose ((gzFile)file);
-+}
-diff --git a/lib/src/libcommon.h b/lib/src/libcommon.h
-index 10f13b4..bdcbf2f 100644
---- a/lib/src/libcommon.h
-+++ b/lib/src/libcommon.h
-@@ -187,8 +187,9 @@ namespace clib {
- 	typedef ResourceWrapper<FILE, FILE*, int, fclose> File;
- }
- 
-+extern int gzclose_compat(void * file);
- namespace zip {
--typedef ResourceWrapper<void, void*, int, gzclose> gzFile;
-+typedef ResourceWrapper<void, void*, int, gzclose_compat> gzFile;
- }
- 
- /* Create a new temporary file. Return file name in file name encoding.

pkgs/applications/misc/stardict/stardict.nix

@@ -1,45 +0,0 @@
-{stdenv, fetchurl, pkgconfig, gtk, glib, zlib, libxml2, intltool, gnome_doc_utils, libgnomeui, scrollkeeper, mysql, pcre, which, libxslt}:
-stdenv.mkDerivation rec {
-  name= "stardict-3.0.3";
-
-  src = fetchurl {
-    url = "http://stardict-3.googlecode.com/files/${name}.tar.bz2";
-    sha256 = "0wrb8xqy6x9piwrn0vw5alivr9h3b70xlf51qy0jpl6d7mdhm8cv";
-  };
-
-  buildInputs = [ pkgconfig gtk glib zlib libxml2 intltool gnome_doc_utils libgnomeui scrollkeeper mysql.lib pcre which libxslt];
-
-  postPatch = ''
-    # mysql hacks: we need dynamic linking as there is no libmysqlclient.a
-    substituteInPlace tools/configure --replace '/usr/local/include/mysql' '${mysql.lib}/include/mysql/'
-    substituteInPlace tools/configure --replace 'AC_FIND_FILE([libmysqlclient.a]' 'AC_FIND_FILE([libmysqlclient.so]'
-    substituteInPlace tools/configure --replace '/usr/local/lib/mysql' '${mysql.lib}/lib/mysql/'
-    substituteInPlace tools/configure --replace 'for y in libmysqlclient.a' 'for y in libmysqlclient.so'
-    substituteInPlace tools/configure --replace 'libmysqlclient.a' 'libmysqlclient.so'
-
-    # a list of p0 patches from gentoo devs
-    patch -p0 < ${./stardict-3.0.3-overflow.patch}
-    patch -p0 < ${./stardict-3.0.3-gcc46.patch}
-    patch -p0 < ${./stardict-3.0.3-compositelookup_cpp.patch}
-    patch -p0 < ${./stardict-3.0.3-correct-glib-include.patch}
-    patch -p0 < ${./stardict-3.0.3-entry.patch}
-
-    # disable the xsltproc internet query
-    substituteInPlace dict/help/Makefile.am --replace 'xsltproc -o' 'xsltproc --nonet -o'
-    substituteInPlace dict/help/Makefile.in --replace 'xsltproc -o' 'xsltproc --nonet -o'
-  '';
-
-  # another gentoo patch: a p1 patch
-  patches = [ ./stardict-3.0.3-zlib-1.2.5.2.patch ];
-
-  configurePhase = ''
-    ./configure --disable-spell --disable-gucharmap --disable-festival --disable-espeak --disable-scrollkeeper --prefix=$out
-  '';
-
-  meta = {
-    description = "An international dictionary supporting fuzzy and glob style matching";
-    license = stdenv.lib.licenses.lgpl3;
-    maintainers = with stdenv.lib.maintainers; [qknight];
-    broken = true;
-  };
-}

pkgs/applications/misc/xautoclick/default.nix

@@ -0,0 +1,24 @@
+{ stdenv, fetchurl, xorg, pkgconfig
+, gtkSupport ? true, gtk
+, qtSupport ? true, qt4
+}:
+
+stdenv.mkDerivation rec {
+  version = "0.31";
+  name = "xautoclick-${version}";
+  src = fetchurl {
+    url = "http://downloads.sourceforge.net/project/xautoclick/xautoclick/xautoclick-0.31/xautoclick-0.31.tar.gz";
+    sha256 = "0h522f12a7v2b89411xm51iwixmjp2mp90rnizjgiakx9ajnmqnm";
+  };
+  buildInputs = [ xorg.libX11 xorg.libXtst xorg.xinput xorg.libXi xorg.libXext pkgconfig ]
+    ++ stdenv.lib.optionals gtkSupport [ gtk ]
+    ++ stdenv.lib.optionals qtSupport [ qt4 ];
+  patchPhase = ''
+    substituteInPlace configure --replace /usr/X11R6 ${xorg.libX11}
+  '';
+  preConfigure = stdenv.lib.optional qtSupport ''
+    mkdir .bin
+    ln -s ${qt4}/bin/moc .bin/moc-qt4
+    addToSearchPath PATH .bin
+  '';
+}

pkgs/applications/misc/yakuake/3.0.nix

@@ -0,0 +1,66 @@
+{ stdenv
+, lib
+, fetchurl
+, cmake
+, extra-cmake-modules
+, karchive
+, kcrash
+, kdbusaddons
+, ki18n
+, kiconthemes
+, knewstuff
+, knotifications
+, knotifyconfig
+, konsole
+, kparts
+, kwindowsystem
+, makeQtWrapper
+
+}:
+
+let
+  pname = "yakuake";
+  version = "3.0.2";
+in
+stdenv.mkDerivation rec {
+  name = "${pname}-${version}";
+
+  src = fetchurl {
+    url = "http://download.kde.org/stable/${pname}/${version}/src/${name}.tar.xz";
+    sha256 = "0vcdji1k8d3pz7k6lkw8ighkj94zff2l2cf9v1avf83f4hjyfhg5";
+  };
+
+  buildInputs = [
+    cmake
+    extra-cmake-modules
+    karchive
+    kcrash
+    kdbusaddons
+    ki18n
+    kiconthemes
+    knewstuff
+    knotifications
+    knotifyconfig
+    kparts
+    kwindowsystem
+  ];
+
+  nativeBuildInputs = [
+    extra-cmake-modules
+    makeQtWrapper
+  ];
+
+  propagatedUserEnvPkgs = [
+    konsole
+  ];
+
+  postInstall = ''
+    wrapQtProgram "$out/bin/yakuake"
+  '';
+
+  meta = {
+    homepage = https://yakuake.kde.org;
+    description = "Quad-style terminal emulator for KDE";
+    maintainers = with lib.maintainers; [ fridh ];
+  };
+}

pkgs/applications/networking/browsers/chromium/browser.nix

@@ -29,8 +29,6 @@ mkChromiumDerivation (base: rec {
     done
   '';
 
-  preHook = "unset NIX_ENFORCE_PURITY";
-
   meta = {
     description = "An open source web browser from Google";
     homepage = http://www.chromium.org/;

pkgs/applications/networking/browsers/chromium/common.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, ninja, which
+{ stdenv, ninja, which
 
 # default dependencies
 , bzip2, flac, speex, libopus
@@ -29,8 +29,7 @@
 , pulseSupport ? false, libpulseaudio ? null
 , hiDPISupport ? false
 
-, source
+, upstream-info
-, plugins
 }:
 
 buildFun:
@@ -98,9 +97,17 @@ let
 
   base = rec {
     name = "${packageName}-${version}";
-    inherit (source) version;
+    inherit (upstream-info) version;
     inherit packageName buildType buildPath;
-    src = source;
+
+    src = upstream-info.main;
+
+    unpackCmd = ''
+      tar xf "$src" \
+        --anchored \
+        --no-wildcards-match-slash \
+        --exclude='*/tools/gyp'
+    '';
 
     buildInputs = defaultDependencies ++ [
       which
@@ -118,16 +125,21 @@ let
       ++ optionals cupsSupport [ libgcrypt cups ]
       ++ optional pulseSupport libpulseaudio;
 
-    # XXX: Wait for https://crbug.com/239107 and https://crbug.com/239181 to
+    patches = [
-    #      be fixed, then try again to unbundle everything into separate
+      ./patches/build_fixes_46.patch
-    #      derivations.
+      ./patches/widevine.patch
-    prePatch = ''
+      (if versionOlder version "50.0.0.0"
-      cp -dr --no-preserve=mode "${source.main}"/* .
+       then ./patches/nix_plugin_paths_46.patch
-      cp -dr "${source.bundled}" third_party
+       else ./patches/nix_plugin_paths_50.patch)
-      chmod -R u+w third_party
+    ];
-    '';
 
     postPatch = ''
+      sed -i -r \
+        -e 's/-f(stack-protector)(-all)?/-fno-\1/' \
+        -e 's|/bin/echo|echo|' \
+        -e "/python_arch/s/: *'[^']*'/: '""'/" \
+        build/common.gypi chrome/chrome_tests.gypi
+
       sed -i -e '/module_path *=.*libexif.so/ {
         s|= [^;]*|= base::FilePath().AppendASCII("${libexif}/lib/libexif.so")|
       }' chrome/utility/media_galleries/image_metadata_extractor.cc
@@ -142,8 +154,8 @@ let
     gypFlags = mkGypFlags (gypFlagsUseSystemLibs // {
       linux_use_bundled_binutils = false;
       linux_use_bundled_gold = false;
-      linux_use_gold_binary = false;
+      linux_use_gold_flags = true;
-      linux_use_gold_flags = false;
+
       proprietary_codecs = false;
       use_sysroot = false;
       use_gnome_keyring = gnomeKeyringSupport;
@@ -182,7 +194,7 @@ let
     } // (extraAttrs.gypFlags or {}));
 
     configurePhase = ''
-      # Precompile .pyc files to prevent race conditions during build
+      echo "Precompiling .py files to prevent race conditions..." >&2
       python -m compileall -q -f . > /dev/null 2>&1 || : # ignore errors
 
       # This is to ensure expansion of $out.

pkgs/applications/networking/browsers/chromium/default.nix

@@ -19,10 +19,9 @@ let
   callPackage = newScope chromium;
 
   chromium = {
-    source = callPackage ./source {
+    upstream-info = (import ./update.nix {
-      inherit channel;
+      inherit (stdenv) system;
-      # XXX: common config
+    }).getChannel channel;
-    };
 
     mkChromiumDerivation = callPackage ./common.nix {
       inherit enableSELinux enableNaCl enableHotwording gnomeSupport

pkgs/applications/networking/browsers/chromium/plugins.nix

@@ -3,7 +3,7 @@
 , enablePepperFlash ? false
 , enableWideVine ? false
 
-, source
+, upstream-info
 }:
 
 with stdenv.lib;
@@ -40,16 +40,15 @@ let
   plugins = stdenv.mkDerivation {
     name = "chromium-binary-plugins";
 
-    # XXX: Only temporary and has to be version-specific
+    src = upstream-info.binary;
-    src = source.plugins;
 
     phases = [ "unpackPhase" "patchPhase" "installPhase" "checkPhase" ];
     outputs = [ "flash" "widevine" ];
 
     unpackCmd = let
-      chan = if source.channel == "dev"    then "chrome-unstable"
+      chan = if upstream-info.channel == "dev"    then "chrome-unstable"
-        else if source.channel == "stable" then "chrome"
+        else if upstream-info.channel == "stable" then "chrome"
-        else "chrome-${source.channel}";
+        else "chrome-${upstream-info.channel}";
     in ''
       mkdir -p plugins
       ar p "$src" data.tar.xz | tar xJ -C plugins --strip-components=4 \
@@ -84,7 +83,9 @@ let
       wvModule = "@widevine@/lib/libwidevinecdmadapter.so";
       wvInfo = "#${wvName}#${wvDescription};${wvMimeTypes}";
     in ''
-      flashVersion="$(${jshon}/bin/jshon -F PepperFlash/manifest.json -e version -u)"
+      flashVersion="$(
+        "${jshon}/bin/jshon" -F PepperFlash/manifest.json -e version -u
+      )"
 
       install -vD PepperFlash/libpepflashplayer.so \
         "$flash/lib/libpepflashplayer.so"