swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-22 05:19:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2022-12-17 12:01:41 +00:00 committed by GitHub
parent 4804305f6e d6225be6d4
commit 392cc9b8fe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
56 changed files with 842 additions and 527 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/CODEOWNERS vendored
View file

@ -78,6 +78,8 @@
/nixos/doc/manual/man-nixos-option.xml @nbp
/nixos/modules/installer/tools/nixos-option.sh @nbp
/nixos/modules/system @dasJ
/nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius
/nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius
# NixOS integration test driver
/nixos/lib/test-driver @tfc

34
nixos/doc/manual/configuration/gpu-accel.chapter.md
View file

@ -159,6 +159,40 @@ environment.variables.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
```
## VA-API {#sec-gpu-accel-va-api}
[VA-API (Video Acceleration API)](https://www.intel.com/content/www/us/en/developer/articles/technical/linuxmedia-vaapi.html)
is an open-source library and API specification, which provides access to
graphics hardware acceleration capabilities for video processing.
VA-API drivers are loaded by `libva`. The version in nixpkgs is built to search
the opengl driver path, so drivers can be installed in
[](#opt-hardware.opengl.extraPackages).
VA-API can be tested using:
```ShellSession
$ nix-shell -p libva-utils --run vainfo
```
### Intel {#sec-gpu-accel-va-api-intel}
Modern Intel GPUs use the iHD driver, which can be installed with:
```nix
hardware.opengl.extraPackages = [
intel-media-driver
];
```
Older Intel GPUs use the i965 driver, which can be installed with:
```nix
hardware.opengl.extraPackages = [
vaapiIntel
];
```
## Common issues {#sec-gpu-accel-common-issues}
### User permissions {#sec-gpu-accel-common-issues-permissions}

36
nixos/doc/manual/development/bootspec.chapter.md Normal file
View file

@ -0,0 +1,36 @@
# Experimental feature: Bootspec {#sec-experimental-bootspec}
Bootspec is a experimental feature, introduced in the [RFC-0125 proposal](https://github.com/NixOS/rfcs/pull/125), the reference implementation can be found [there](https://github.com/NixOS/nixpkgs/pull/172237) in order to standardize bootloader support
and advanced boot workflows such as SecureBoot and potentially more.
You can enable the creation of bootspec documents through [`boot.bootspec.enable = true`](options.html#opt-boot.bootspec.enable), which will prompt a warning until [RFC-0125](https://github.com/NixOS/rfcs/pull/125) is officially merged.
## Schema {#sec-experimental-bootspec-schema}
The bootspec schema is versioned and validated against [a CUE schema file](https://cuelang.org/) which should considered as the source of truth for your applications.
You will find the current version [here](../../../modules/system/activation/bootspec.cue).
## Extensions mechanism {#sec-experimental-bootspec-extensions}
Bootspec cannot account for all usecases.
For this purpose, Bootspec offers a generic extension facility [`boot.bootspec.extensions`](options.html#opt-boot.bootspec.extensions) which can be used to inject any data needed for your usecases.
An example for SecureBoot is to get the Nix store path to `/etc/os-release` in order to bake it into a unified kernel image:
```nix
{ config, lib, ... }: {
boot.bootspec.extensions = {
"org.secureboot.osRelease" = config.environment.etc."os-release".source;
};
}
```
To reduce incompatibility and prevent names from clashing between applications, it is **highly recommended** to use a unique namespace for your extensions.
## External bootloaders {#sec-experimental-bootspec-external-bootloaders}
It is possible to enable your own bootloader through [`boot.loader.external.installHook`](options.html#opt-boot.loader.external.installHook) which can wrap an existing bootloader.
Currently, there is no good story to compose existing bootloaders to enrich their features, e.g. SecureBoot, etc. It will be necessary to reimplement or reuse existing parts.

1
nixos/doc/manual/development/development.xml
View file

@ -12,6 +12,7 @@
<xi:include href="../from_md/development/sources.chapter.xml" />
<xi:include href="../from_md/development/writing-modules.chapter.xml" />
<xi:include href="../from_md/development/building-parts.chapter.xml" />
<xi:include href="../from_md/development/bootspec.chapter.xml" />
<xi:include href="../from_md/development/what-happens-during-a-system-switch.chapter.xml" />
<xi:include href="../from_md/development/writing-documentation.chapter.xml" />
<xi:include href="../from_md/development/nixos-tests.chapter.xml" />

42
nixos/doc/manual/from_md/configuration/gpu-accel.chapter.xml
View file

@ -177,6 +177,48 @@ environment.variables.AMD_VULKAN_ICD = &quot;RADV&quot;;
# Or
environment.variables.VK_ICD_FILENAMES =
&quot;/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json&quot;;
</programlisting>
</section>
</section>
<section xml:id="sec-gpu-accel-va-api">
<title>VA-API</title>
<para>
<link xlink:href="https://www.intel.com/content/www/us/en/developer/articles/technical/linuxmedia-vaapi.html">VA-API
(Video Acceleration API)</link> is an open-source library and API
specification, which provides access to graphics hardware
acceleration capabilities for video processing.
</para>
<para>
VA-API drivers are loaded by <literal>libva</literal>. The version
in nixpkgs is built to search the opengl driver path, so drivers
can be installed in
<xref linkend="opt-hardware.opengl.extraPackages" />.
</para>
<para>
VA-API can be tested using:
</para>
<programlisting>
$ nix-shell -p libva-utils --run vainfo
</programlisting>
<section xml:id="sec-gpu-accel-va-api-intel">
<title>Intel</title>
<para>
Modern Intel GPUs use the iHD driver, which can be installed
with:
</para>
<programlisting language="bash">
hardware.opengl.extraPackages = [
intel-media-driver
];
</programlisting>
<para>
Older Intel GPUs use the i965 driver, which can be installed
with:
</para>
<programlisting language="bash">
hardware.opengl.extraPackages = [
vaapiIntel
];
</programlisting>
</section>
</section>

73
nixos/doc/manual/from_md/development/bootspec.chapter.xml Normal file
View file

@ -0,0 +1,73 @@
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-experimental-bootspec">
<title>Experimental feature: Bootspec</title>
<para>
Bootspec is a experimental feature, introduced in the
<link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125
proposal</link>, the reference implementation can be found
<link xlink:href="https://github.com/NixOS/nixpkgs/pull/172237">there</link>
in order to standardize bootloader support and advanced boot
workflows such as SecureBoot and potentially more.
</para>
<para>
You can enable the creation of bootspec documents through
<link xlink:href="options.html#opt-boot.bootspec.enable"><literal>boot.bootspec.enable = true</literal></link>,
which will prompt a warning until
<link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125</link>
is officially merged.
</para>
<section xml:id="sec-experimental-bootspec-schema">
<title>Schema</title>
<para>
The bootspec schema is versioned and validated against
<link xlink:href="https://cuelang.org/">a CUE schema file</link>
which should considered as the source of truth for your
applications.
</para>
<para>
You will find the current version
<link xlink:href="../../../modules/system/activation/bootspec.cue">here</link>.
</para>
</section>
<section xml:id="sec-experimental-bootspec-extensions">
<title>Extensions mechanism</title>
<para>
Bootspec cannot account for all usecases.
</para>
<para>
For this purpose, Bootspec offers a generic extension facility
<link xlink:href="options.html#opt-boot.bootspec.extensions"><literal>boot.bootspec.extensions</literal></link>
which can be used to inject any data needed for your usecases.
</para>
<para>
An example for SecureBoot is to get the Nix store path to
<literal>/etc/os-release</literal> in order to bake it into a
unified kernel image:
</para>
<programlisting language="bash">
{ config, lib, ... }: {
boot.bootspec.extensions = {
&quot;org.secureboot.osRelease&quot; = config.environment.etc.&quot;os-release&quot;.source;
};
}
</programlisting>
<para>
To reduce incompatibility and prevent names from clashing between
applications, it is <emphasis role="strong">highly
recommended</emphasis> to use a unique namespace for your
extensions.
</para>
</section>
<section xml:id="sec-experimental-bootspec-external-bootloaders">
<title>External bootloaders</title>
<para>
It is possible to enable your own bootloader through
<link xlink:href="options.html#opt-boot.loader.external.installHook"><literal>boot.loader.external.installHook</literal></link>
which can wrap an existing bootloader.
</para>
<para>
Currently, there is no good story to compose existing bootloaders
to enrich their features, e.g. SecureBoot, etc. It will be
necessary to reimplement or reuse existing parts.
</para>
</section>
</chapter>

2
nixos/modules/module-list.nix
View file

@ -1246,6 +1246,7 @@
./services/x11/xserver.nix
./system/activation/activation-script.nix
./system/activation/specialisation.nix
./system/activation/bootspec.nix
./system/activation/top-level.nix
./system/boot/binfmt.nix
./system/boot/emergency-mode.nix
@ -1261,6 +1262,7 @@
./system/boot/loader/grub/grub.nix
./system/boot/loader/grub/ipxe.nix
./system/boot/loader/grub/memtest.nix
./system/boot/loader/external/external.nix
./system/boot/loader/init-script/init-script.nix
./system/boot/loader/loader.nix
./system/boot/loader/raspberrypi/raspberrypi.nix

17
nixos/modules/system/activation/bootspec.cue Normal file
View file

@ -0,0 +1,17 @@
#V1: {
init: string
initrd?: string
initrdSecrets?: string
kernel: string
kernelParams: [...string]
label: string
toplevel: string
specialisation?: {
[=~"^"]: #V1
}
extensions?: {...}
}
Document: {
v1: #V1
}

124
nixos/modules/system/activation/bootspec.nix Normal file
View file

@ -0,0 +1,124 @@
# Note that these schemas are defined by RFC-0125.
# This document is considered a stable API, and is depended upon by external tooling.
# Changes to the structure of the document, or the semantics of the values should go through an RFC.
#
# See: https://github.com/NixOS/rfcs/pull/125
{ config
, pkgs
, lib
, ...
}:
let
cfg = config.boot.bootspec;
children = lib.mapAttrs (childName: childConfig: childConfig.configuration.system.build.toplevel) config.specialisation;
schemas = {
v1 = rec {
filename = "boot.json";
json =
pkgs.writeText filename
(builtins.toJSON
{
v1 = {
kernel = "${config.boot.kernelPackages.kernel}/${config.system.boot.loader.kernelFile}";
kernelParams = config.boot.kernelParams;
initrd = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}";
initrdSecrets = "${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets";
label = "NixOS ${config.system.nixos.codeName} ${config.system.nixos.label} (Linux ${config.boot.kernelPackages.kernel.modDirVersion})";
inherit (cfg) extensions;
};
});
generator =
let
# NOTE: Be careful to not introduce excess newlines at the end of the
# injectors, as that may affect the pipes and redirects.
# Inject toplevel and init into the bootspec.
# This can only be done here because we *cannot* depend on $out
# referring to the toplevel, except by living in the toplevel itself.
toplevelInjector = lib.escapeShellArgs [
"${pkgs.jq}/bin/jq"
''
.v1.toplevel = $toplevel |
.v1.init = $init
''
"--sort-keys"
"--arg" "toplevel" "${placeholder "out"}"
"--arg" "init" "${placeholder "out"}/init"
] + " < ${json}";
# We slurp all specialisations and inject them as values, such that
# `.specialisations.${name}` embeds the specialisation's bootspec
# document.
specialisationInjector =
let
specialisationLoader = (lib.mapAttrsToList
(childName: childToplevel: lib.escapeShellArgs [ "--slurpfile" childName "${childToplevel}/bootspec/${filename}" ])
children);
in
lib.escapeShellArgs [
"${pkgs.jq}/bin/jq"
"--sort-keys"
".v1.specialisation = ($ARGS.named | map_values(. | first | .v1))"
] + " ${lib.concatStringsSep " " specialisationLoader}";
in
''
mkdir -p $out/bootspec
${toplevelInjector} | ${specialisationInjector} > $out/bootspec/${filename}
'';
validator = pkgs.writeCueValidator ./bootspec.cue {
document = "Document"; # Universal validator for any version as long the schema is correctly set.
};
};
};
in
{
options.boot.bootspec = {
enable = lib.mkEnableOption (lib.mdDoc "Enable generation of RFC-0125 bootspec in $system/bootspec, e.g. /run/current-system/bootspec");
extensions = lib.mkOption {
type = lib.types.attrs;
default = { };
description = lib.mdDoc ''
User-defined data that extends the bootspec document.
To reduce incompatibility and prevent names from clashing
between applications, it is **highly recommended** to use a
unique namespace for your extensions.
'';
};
# This will be run as a part of the `systemBuilder` in ./top-level.nix. This
# means `$out` points to the output of `config.system.build.toplevel` and can
# be used for a variety of things (though, for now, it's only used to report
# the path of the `toplevel` itself and the `init` executable).
writer = lib.mkOption {
internal = true;
default = schemas.v1.generator;
};
validator = lib.mkOption {
internal = true;
default = schemas.v1.validator;
};
filename = lib.mkOption {
internal = true;
default = schemas.v1.filename;
};
};
config = lib.mkIf (cfg.enable) {
warnings = [
''RFC-0125 is not merged yet, this is a feature preview of bootspec.
The schema is not definitive and features are not guaranteed to be stable until RFC-0125 is merged.
See:
- https://github.com/NixOS/nixpkgs/pull/172237 to track merge status in nixpkgs.
- https://github.com/NixOS/rfcs/pull/125 to track RFC status.
''
];
};
}

5
nixos/modules/system/activation/top-level.nix
View file

@ -79,6 +79,11 @@ let
echo -n "$extraDependencies" > $out/extra-dependencies
${optionalString (!config.boot.isContainer && config.boot.bootspec.enable) ''
${config.boot.bootspec.writer}
${config.boot.bootspec.validator} "$out/bootspec/${config.boot.bootspec.filename}"
''}
${config.system.extraSystemBuilderCmds}
'';

26
nixos/modules/system/boot/loader/external/external.md vendored Normal file
View file

@ -0,0 +1,26 @@
# External Bootloader Backends {#sec-bootloader-external}
NixOS has support for several bootloader backends by default: systemd-boot, grub, uboot, etc.
The built-in bootloader backend support is generic and supports most use cases.
Some users may prefer to create advanced workflows around managing the bootloader and bootable entries.
You can replace the built-in bootloader support with your own tooling using the "external" bootloader option.
Imagine you have created a new package called FooBoot.
FooBoot provides a program at `${pkgs.fooboot}/bin/fooboot-install` which takes the system closure's path as its only argument and configures the system's bootloader.
You can enable FooBoot like this:
```nix
{ pkgs, ... }: {
boot.loader.external = {
enable = true;
installHook = "${pkgs.fooboot}/bin/fooboot-install";
};
}
```
## Developing Custom Bootloader Backends
Bootloaders should use [RFC-0125](https://github.com/NixOS/rfcs/pull/125)'s Bootspec format and synthesis tools to identify the key properties for bootable system generations.

38
nixos/modules/system/boot/loader/external/external.nix vendored Normal file
View file

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.boot.loader.external;
in
{
meta = {
maintainers = with maintainers; [ cole-h grahamc raitobezarius ];
# Don't edit the docbook xml directly, edit the md and generate it:
# `pandoc external.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > external.xml`
doc = ./external.xml;
};
options.boot.loader.external = {
enable = mkEnableOption (lib.mdDoc "use an external tool to install your bootloader");
installHook = mkOption {
type = with types; path;
description = lib.mdDoc ''
The full path to a program of your choosing which performs the bootloader installation process.
The program will be called with an argument pointing to the output of the system's toplevel.
'';
};
};
config = mkIf cfg.enable {
boot.loader = {
grub.enable = mkDefault false;
systemd-boot.enable = mkDefault false;
supportsInitrdSecrets = mkDefault false;
};
system.build.installBootLoader = cfg.installHook;
};
}

41
nixos/modules/system/boot/loader/external/external.xml vendored Normal file
View file

@ -0,0 +1,41 @@
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-bootloader-external">
<title>External Bootloader Backends</title>
<para>
NixOS has support for several bootloader backends by default:
systemd-boot, grub, uboot, etc. The built-in bootloader backend
support is generic and supports most use cases. Some users may
prefer to create advanced workflows around managing the bootloader
and bootable entries.
</para>
<para>
You can replace the built-in bootloader support with your own
tooling using the <quote>external</quote> bootloader option.
</para>
<para>
Imagine you have created a new package called FooBoot. FooBoot
provides a program at
<literal>${pkgs.fooboot}/bin/fooboot-install</literal> which takes
the system closures path as its only argument and configures the
systems bootloader.
</para>
<para>
You can enable FooBoot like this:
</para>
<programlisting language="nix">
{ pkgs, ... }: {
boot.loader.external = {
enable = true;
installHook = &quot;${pkgs.fooboot}/bin/fooboot-install&quot;;
};
}
</programlisting>
<section xml:id="developing-custom-bootloader-backends">
<title>Developing Custom Bootloader Backends</title>
<para>
Bootloaders should use
<link xlink:href="https://github.com/NixOS/rfcs/pull/125">RFC-0125</link>s
Bootspec format and synthesis tools to identify the key properties
for bootable system generations.
</para>
</section>
</chapter>

144
nixos/tests/bootspec.nix Normal file
View file

@ -0,0 +1,144 @@
{ system ? builtins.currentSystem,
config ? {},
pkgs ? import ../.. { inherit system config; }
}:
with import ../lib/testing-python.nix { inherit system pkgs; };
with pkgs.lib;
let
baseline = {
virtualisation.useBootLoader = true;
};
grub = {
boot.loader.grub.enable = true;
};
systemd-boot = {
boot.loader.systemd-boot.enable = true;
};
uefi = {
virtualisation.useEFIBoot = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.efiSupport = true;
environment.systemPackages = [ pkgs.efibootmgr ];
};
standard = {
boot.bootspec.enable = true;
imports = [
baseline
systemd-boot
uefi
];
};
in
{
basic = makeTest {
name = "systemd-boot-with-bootspec";
meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ];
nodes.machine = standard;
testScript = ''
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /run/current-system/bootspec/boot.json")
'';
};
grub = makeTest {
name = "grub-with-bootspec";
meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ];
nodes.machine = {
boot.bootspec.enable = true;
imports = [
baseline
grub
uefi
];
};
testScript = ''
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /run/current-system/bootspec/boot.json")
'';
};
legacy-boot = makeTest {
name = "legacy-boot-with-bootspec";
meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ];
nodes.machine = {
boot.bootspec.enable = true;
imports = [
baseline
grub
];
};
testScript = ''
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /run/current-system/bootspec/boot.json")
'';
};
# Check that specialisations create corresponding entries in bootspec.
specialisation = makeTest {
name = "bootspec-with-specialisation";
meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ];
nodes.machine = {
imports = [ standard ];
environment.systemPackages = [ pkgs.jq ];
specialisation.something.configuration = {};
};
testScript = ''
import json
machine.start()
machine.wait_for_unit("multi-user.target")
machine.succeed("test -e /run/current-system/bootspec/boot.json")
machine.succeed("test -e /run/current-system/specialisation/something/bootspec/boot.json")
sp_in_parent = json.loads(machine.succeed("jq -r '.v1.specialisation.something' /run/current-system/bootspec/boot.json"))
sp_in_fs = json.loads(machine.succeed("cat /run/current-system/specialisation/something/bootspec/boot.json"))
assert sp_in_parent == sp_in_fs['v1'], "Bootspecs of the same specialisation are different!"
'';
};
# Check that extensions are propagated.
extensions = makeTest {
name = "bootspec-with-extensions";
meta.maintainers = with pkgs.lib.maintainers; [ raitobezarius ];
nodes.machine = { config, ... }: {
imports = [ standard ];
environment.systemPackages = [ pkgs.jq ];
boot.bootspec.extensions = {
osRelease = config.environment.etc."os-release".source;
};
};
testScript = ''
machine.start()
machine.wait_for_unit("multi-user.target")
current_os_release = machine.succeed("cat /etc/os-release")
bootspec_os_release = machine.succeed("cat $(jq -r '.v1.extensions.osRelease' /run/current-system/bootspec/boot.json)")
assert current_os_release == bootspec_os_release, "Filename referenced by extension has unexpected contents"
'';
};
}

4
pkgs/applications/editors/kakoune/default.nix
View file

@ -4,12 +4,12 @@ with lib;
stdenv.mkDerivation rec {
pname = "kakoune-unwrapped";
version = "2021.11.08";
version = "2022.10.31";
src = fetchFromGitHub {
repo = "kakoune";
owner = "mawww";
rev = "v${version}";
sha256 = "sha256-lMGMt0H1G8EN/7zSVSvU1yU4BYPnSF1vWmozLdrRTQk=";
sha256 = "sha256-vmzGaGl0KSjseSD/s6DXxvMUTmAle+Iv/ZP9llaFnXk=";
};
makeFlags = [ "debug=no" "PREFIX=${placeholder "out"}" ];

4
pkgs/applications/networking/browsers/firefox/packages.nix
View file

@ -3,10 +3,10 @@
rec {
firefox = buildMozillaMach rec {
pname = "firefox";
version = "108.0";
version = "108.0.1";
src = fetchurl {
url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz";
sha512 = "fa800f62cca395a51b9a04373a27be48fc3860208e34ecf74d908127638d1eb8c41cf9898be6896777d408127d5c4b7104d9ee89c97da923b2dc6ea32186187e";
sha512 = "e6219ed6324422ec293ed96868738e056582bb9f7fb82e59362541f3465c6ebca806d26ecd801156b074c3675bd5a22507b1f1fa53eebf82b7dd35f2b1ff0625";
};
meta = {

371
pkgs/applications/virtualization/qemu/9pfs-use-GHashTable-for-fid-table.patch
View file

@ -1,371 +0,0 @@
From 8ab70b8958a8f9cb9bd316eecd3ccbcf05c06614 Mon Sep 17 00:00:00 2001
From: Linus Heckemann <git@sphalerite.org>
Date: Tue, 4 Oct 2022 12:41:21 +0200
Subject: [PATCH] 9pfs: use GHashTable for fid table
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The previous implementation would iterate over the fid table for
lookup operations, resulting in an operation with O(n) complexity on
the number of open files and poor cache locality -- for every open,
stat, read, write, etc operation.
This change uses a hashtable for this instead, significantly improving
the performance of the 9p filesystem. The runtime of NixOS's simple
installer test, which copies ~122k files totalling ~1.8GiB from 9p,
decreased by a factor of about 10.
Signed-off-by: Linus Heckemann <git@sphalerite.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
[CS: - Retain BUG_ON(f->clunked) in get_fid().
- Add TODO comment in clunk_fid(). ]
Message-Id: <20221004104121.713689-1-git@sphalerite.org>
[CS: - Drop unnecessary goto and out: label. ]
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
---
hw/9pfs/9p.c | 194 +++++++++++++++++++++++++++++----------------------
hw/9pfs/9p.h | 2 +-
2 files changed, 112 insertions(+), 84 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index aebadeaa03..9bf13133e5 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -256,7 +256,8 @@ static size_t v9fs_string_size(V9fsString *str)
}
/*
- * returns 0 if fid got re-opened, 1 if not, < 0 on error */
+ * returns 0 if fid got re-opened, 1 if not, < 0 on error
+ */
static int coroutine_fn v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f)
{
int err = 1;
@@ -282,33 +283,32 @@ static V9fsFidState *coroutine_fn get_fid(V9fsPDU *pdu, int32_t fid)
V9fsFidState *f;
V9fsState *s = pdu->s;
- QSIMPLEQ_FOREACH(f, &s->fid_list, next) {
+ f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));
+ if (f) {
BUG_ON(f->clunked);
- if (f->fid == fid) {
- /*
- * Update the fid ref upfront so that
- * we don't get reclaimed when we yield
- * in open later.
- */
- f->ref++;
- /*
- * check whether we need to reopen the
- * file. We might have closed the fd
- * while trying to free up some file
- * descriptors.
- */
- err = v9fs_reopen_fid(pdu, f);
- if (err < 0) {
- f->ref--;
- return NULL;
- }
- /*
- * Mark the fid as referenced so that the LRU
- * reclaim won't close the file descriptor
- */
- f->flags |= FID_REFERENCED;
- return f;
+ /*
+ * Update the fid ref upfront so that
+ * we don't get reclaimed when we yield
+ * in open later.
+ */
+ f->ref++;
+ /*
+ * check whether we need to reopen the
+ * file. We might have closed the fd
+ * while trying to free up some file
+ * descriptors.
+ */
+ err = v9fs_reopen_fid(pdu, f);
+ if (err < 0) {
+ f->ref--;
+ return NULL;
}
+ /*
+ * Mark the fid as referenced so that the LRU
+ * reclaim won't close the file descriptor
+ */
+ f->flags |= FID_REFERENCED;
+ return f;
}
return NULL;
}
@@ -317,12 +317,11 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid)
{
V9fsFidState *f;
- QSIMPLEQ_FOREACH(f, &s->fid_list, next) {
+ f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));
+ if (f) {
/* If fid is already there return NULL */
BUG_ON(f->clunked);
- if (f->fid == fid) {
- return NULL;
- }
+ return NULL;
}
f = g_new0(V9fsFidState, 1);
f->fid = fid;
@@ -333,7 +332,7 @@ static V9fsFidState *alloc_fid(V9fsState *s, int32_t fid)
* reclaim won't close the file descriptor
*/
f->flags |= FID_REFERENCED;
- QSIMPLEQ_INSERT_TAIL(&s->fid_list, f, next);
+ g_hash_table_insert(s->fids, GINT_TO_POINTER(fid), f);
v9fs_readdir_init(s->proto_version, &f->fs.dir);
v9fs_readdir_init(s->proto_version, &f->fs_reclaim.dir);
@@ -424,12 +423,12 @@ static V9fsFidState *clunk_fid(V9fsState *s, int32_t fid)
{
V9fsFidState *fidp;
- QSIMPLEQ_FOREACH(fidp, &s->fid_list, next) {
- if (fidp->fid == fid) {
- QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next);
- fidp->clunked = true;
- return fidp;
- }
+ /* TODO: Use g_hash_table_steal_extended() instead? */
+ fidp = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));
+ if (fidp) {
+ g_hash_table_remove(s->fids, GINT_TO_POINTER(fid));
+ fidp->clunked = true;
+ return fidp;
}
return NULL;
}
@@ -439,10 +438,15 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu)
int reclaim_count = 0;
V9fsState *s = pdu->s;
V9fsFidState *f;
+ GHashTableIter iter;
+ gpointer fid;
+
+ g_hash_table_iter_init(&iter, s->fids);
+
QSLIST_HEAD(, V9fsFidState) reclaim_list =
QSLIST_HEAD_INITIALIZER(reclaim_list);
- QSIMPLEQ_FOREACH(f, &s->fid_list, next) {
+ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &f)) {
/*
* Unlink fids cannot be reclaimed. Check
* for them and skip them. Also skip fids
@@ -514,72 +518,85 @@ void coroutine_fn v9fs_reclaim_fd(V9fsPDU *pdu)
}
}
+/*
+ * This is used when a path is removed from the directory tree. Any
+ * fids that still reference it must not be closed from then on, since
+ * they cannot be reopened.
+ */
static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path)
{
- int err;
+ int err = 0;
V9fsState *s = pdu->s;
- V9fsFidState *fidp, *fidp_next;
+ V9fsFidState *fidp;
+ gpointer fid;
+ GHashTableIter iter;
+ /*
+ * The most common case is probably that we have exactly one
+ * fid for the given path, so preallocate exactly one.
+ */
+ g_autoptr(GArray) to_reopen = g_array_sized_new(FALSE, FALSE,
+ sizeof(V9fsFidState *), 1);
+ gint i;
- fidp = QSIMPLEQ_FIRST(&s->fid_list);
- if (!fidp) {
- return 0;
- }
+ g_hash_table_iter_init(&iter, s->fids);
/*
- * v9fs_reopen_fid() can yield : a reference on the fid must be held
- * to ensure its pointer remains valid and we can safely pass it to
- * QSIMPLEQ_NEXT(). The corresponding put_fid() can also yield so
- * we must keep a reference on the next fid as well. So the logic here
- * is to get a reference on a fid and only put it back during the next
- * iteration after we could get a reference on the next fid. Start with
- * the first one.
+ * We iterate over the fid table looking for the entries we need
+ * to reopen, and store them in to_reopen. This is because
+ * v9fs_reopen_fid() and put_fid() yield. This allows the fid table
+ * to be modified in the meantime, invalidating our iterator.
*/
- for (fidp->ref++; fidp; fidp = fidp_next) {
+ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &fidp)) {
if (fidp->path.size == path->size &&
!memcmp(fidp->path.data, path->data, path->size)) {
- /* Mark the fid non reclaimable. */
- fidp->flags |= FID_NON_RECLAIMABLE;
-
- /* reopen the file/dir if already closed */
- err = v9fs_reopen_fid(pdu, fidp);
- if (err < 0) {
- put_fid(pdu, fidp);
- return err;
- }
- }
-
- fidp_next = QSIMPLEQ_NEXT(fidp, next);
-
- if (fidp_next) {
/*
- * Ensure the next fid survives a potential clunk request during
- * put_fid() below and v9fs_reopen_fid() in the next iteration.
+ * Ensure the fid survives a potential clunk request during
+ * v9fs_reopen_fid or put_fid.
*/
- fidp_next->ref++;
+ fidp->ref++;
+ fidp->flags |= FID_NON_RECLAIMABLE;
+ g_array_append_val(to_reopen, fidp);
}
+ }
- /* We're done with this fid */
- put_fid(pdu, fidp);
+ for (i = 0; i < to_reopen->len; i++) {
+ fidp = g_array_index(to_reopen, V9fsFidState*, i);
+ /* reopen the file/dir if already closed */
+ err = v9fs_reopen_fid(pdu, fidp);
+ if (err < 0) {
+ break;
+ }
}
- return 0;
+ for (i = 0; i < to_reopen->len; i++) {
+ put_fid(pdu, g_array_index(to_reopen, V9fsFidState*, i));
+ }
+ return err;
}
static void coroutine_fn virtfs_reset(V9fsPDU *pdu)
{
V9fsState *s = pdu->s;
V9fsFidState *fidp;
+ GList *freeing;
+ /*
+ * Get a list of all the values (fid states) in the table, which
+ * we then...
+ */
+ g_autoptr(GList) fids = g_hash_table_get_values(s->fids);
- /* Free all fids */
- while (!QSIMPLEQ_EMPTY(&s->fid_list)) {
- /* Get fid */
- fidp = QSIMPLEQ_FIRST(&s->fid_list);
- fidp->ref++;
+ /* ... remove from the table, taking over ownership. */
+ g_hash_table_steal_all(s->fids);
- /* Clunk fid */
- QSIMPLEQ_REMOVE(&s->fid_list, fidp, V9fsFidState, next);
+ /*
+ * This allows us to release our references to them asynchronously without
+ * iterating over the hash table and risking iterator invalidation
+ * through concurrent modifications.
+ */
+ for (freeing = fids; freeing; freeing = freeing->next) {
+ fidp = freeing->data;
+ fidp->ref++;
fidp->clunked = true;
-
put_fid(pdu, fidp);
}
}
@@ -3205,6 +3222,8 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp,
V9fsFidState *tfidp;
V9fsState *s = pdu->s;
V9fsFidState *dirfidp = NULL;
+ GHashTableIter iter;
+ gpointer fid;
v9fs_path_init(&new_path);
if (newdirfid != -1) {
@@ -3238,11 +3257,13 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp,
if (err < 0) {
goto out;
}
+
/*
* Fixup fid's pointing to the old name to
* start pointing to the new name
*/
- QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) {
+ g_hash_table_iter_init(&iter, s->fids);
+ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) {
if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) {
/* replace the name */
v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data));
@@ -3320,6 +3341,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir,
V9fsPath oldpath, newpath;
V9fsState *s = pdu->s;
int err;
+ GHashTableIter iter;
+ gpointer fid;
v9fs_path_init(&oldpath);
v9fs_path_init(&newpath);
@@ -3336,7 +3359,8 @@ static int coroutine_fn v9fs_fix_fid_paths(V9fsPDU *pdu, V9fsPath *olddir,
* Fixup fid's pointing to the old name to
* start pointing to the new name
*/
- QSIMPLEQ_FOREACH(tfidp, &s->fid_list, next) {
+ g_hash_table_iter_init(&iter, s->fids);
+ while (g_hash_table_iter_next(&iter, &fid, (gpointer *) &tfidp)) {
if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) {
/* replace the name */
v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data));
@@ -4226,7 +4250,7 @@ int v9fs_device_realize_common(V9fsState *s, const V9fsTransport *t,
s->ctx.fmode = fse->fmode;
s->ctx.dmode = fse->dmode;
- QSIMPLEQ_INIT(&s->fid_list);
+ s->fids = g_hash_table_new(NULL, NULL);
qemu_co_rwlock_init(&s->rename_lock);
if (s->ops->init(&s->ctx, errp) < 0) {
@@ -4286,6 +4310,10 @@ void v9fs_device_unrealize_common(V9fsState *s)
if (s->ctx.fst) {
fsdev_throttle_cleanup(s->ctx.fst);
}
+ if (s->fids) {
+ g_hash_table_destroy(s->fids);
+ s->fids = NULL;
+ }
g_free(s->tag);
qp_table_destroy(&s->qpd_table);
qp_table_destroy(&s->qpp_table);
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 994f952600..10fd2076c2 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -339,7 +339,7 @@ typedef struct {
struct V9fsState {
QLIST_HEAD(, V9fsPDU) free_list;
QLIST_HEAD(, V9fsPDU) active_list;
- QSIMPLEQ_HEAD(, V9fsFidState) fid_list;
+ GHashTable *fids;
FileOperations *ops;
FsContext ctx;
char *tag;
--
2.36.2

16
pkgs/applications/virtualization/qemu/default.nix
View file

@ -2,7 +2,7 @@
, perl, pixman, vde2, alsa-lib, texinfo, flex
, bison, lzo, snappy, libaio, libtasn1, gnutls, nettle, curl, ninja, meson, sigtool
, makeWrapper, runtimeShell, removeReferencesTo
, attr, libcap, libcap_ng, socat
, attr, libcap, libcap_ng, socat, libslirp
, CoreServices, Cocoa, Hypervisor, rez, setfile, vmnet
, guestAgentSupport ? with stdenv.hostPlatform; isLinux || isSunOS || isWindows
, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl
@ -42,11 +42,11 @@ stdenv.mkDerivation rec {
+ lib.optionalString xenSupport "-xen"
+ lib.optionalString hostCpuOnly "-host-cpu-only"
+ lib.optionalString nixosTestRunner "-for-vm-tests";
version = "7.1.0";
version = "7.2.0";
src = fetchurl {
url = "https://download.qemu.org/qemu-${version}.tar.xz";
sha256 = "1rmvrgqjhrvcmchnz170dxvrrf14n6nm39y8ivrprmfydd9lwqx0";
sha256 = "sha256-W0nOJod0Ta1JSukKiYxSIEo0BuhNBySCoeG+hU7rIVc=";
};
depsBuildBuild = [ buildPackages.stdenv.cc ];
@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
buildInputs = [ zlib glib perl pixman
vde2 texinfo lzo snappy libtasn1
gnutls nettle curl
gnutls nettle curl libslirp
]
++ lib.optionals ncursesSupport [ ncurses ]
++ lib.optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile vmnet ]
@ -111,18 +111,12 @@ stdenv.mkDerivation rec {
sha256 = "sha256-oC+bRjEHixv1QEFO9XAm4HHOwoiT+NkhknKGPydnZ5E=";
revert = true;
})
./9pfs-use-GHashTable-for-fid-table.patch
(fetchpatch {
name = "CVE-2022-3165.patch";
url = "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18bfcb1393b910f1bae753d5c12a4dc7.patch";
sha256 = "sha256-YPhm580lBNuAv7G1snYccKZ2V5ycdV8Ri8mTw5jjFBc=";
})
]
++ lib.optional nixosTestRunner ./force-uid0-on-9p.patch;
postPatch = ''
# Otherwise tries to ensure /var/run exists.
sed -i "/install_subdir('run', install_dir: get_option('localstatedir'))/d" \
sed -i "/install_emptydir(get_option('localstatedir') \/ 'run')/d" \
qga/meson.build
'';

42
pkgs/applications/virtualization/qemu/revert-ui-cocoa-add-clipboard-support.patch
View file

@ -1,14 +1,5 @@
From 756021d1e433925cf9a732d7ea67b01b0beb061c Mon Sep 17 00:00:00 2001
From: Will Cohen <willcohen@users.noreply.github.com>
Date: Tue, 29 Mar 2022 14:00:56 -0400
Subject: [PATCH] Revert "ui/cocoa: Add clipboard support"
This reverts commit 7e3e20d89129614f4a7b2451fe321cc6ccca3b76.
---
include/ui/clipboard.h | 2 +-
ui/clipboard.c | 2 +-
ui/cocoa.m | 123 -----------------------------------------
3 files changed, 2 insertions(+), 125 deletions(-)
Based on a reversion of upstream 7e3e20d89129614f4a7b2451fe321cc6ccca3b76,
adapted for 7.2.0
diff --git a/include/ui/clipboard.h b/include/ui/clipboard.h
index ce76aa451f..c4e1dc4ff4 100644
@ -24,10 +15,10 @@ index ce76aa451f..c4e1dc4ff4 100644
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QemuClipboardInfo, qemu_clipboard_info_unref)
diff --git a/ui/clipboard.c b/ui/clipboard.c
index 9079ef829b..6b9ed59e1b 100644
index 3d14bffaf8..2c3f4c3ba0 100644
--- a/ui/clipboard.c
+++ b/ui/clipboard.c
@@ -140,7 +140,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer,
@@ -154,7 +154,7 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer,
QemuClipboardInfo *info,
QemuClipboardType type,
uint32_t size,
@ -37,7 +28,7 @@ index 9079ef829b..6b9ed59e1b 100644
{
if (!info ||
diff --git a/ui/cocoa.m b/ui/cocoa.m
index 5a8bd5dd84..79ed6d043f 100644
index 660d3e0935..0e6760c360 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -29,7 +29,6 @@
@ -48,8 +39,8 @@ index 5a8bd5dd84..79ed6d043f 100644
#include "ui/console.h"
#include "ui/input.h"
#include "ui/kbd-state.h"
@@ -109,10 +108,6 @@ static void cocoa_switch(DisplayChangeListener *dcl,
static QemuSemaphore app_started_sem;
@@ -105,10 +104,6 @@ static void cocoa_switch(DisplayChangeListener *dcl,
static bool allow_events;
-static NSInteger cbchangecount = -1;
@ -59,7 +50,7 @@ index 5a8bd5dd84..79ed6d043f 100644
// Utility functions to run specified code block with iothread lock held
typedef void (^CodeBlock)(void);
typedef bool (^BoolCodeBlock)(void);
@@ -1815,107 +1810,6 @@ static void addRemovableDevicesMenuItems(void)
@@ -1799,107 +1794,6 @@ static void addRemovableDevicesMenuItems(void)
qapi_free_BlockInfoList(pointerToFree);
}
@ -167,15 +158,15 @@ index 5a8bd5dd84..79ed6d043f 100644
/*
* The startup process for the OSX/Cocoa UI is complicated, because
* OSX insists that the UI runs on the initial main thread, and so we
@@ -1950,7 +1844,6 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info,
COCOA_DEBUG("Second thread: calling qemu_main()\n");
status = qemu_main(gArgc, gArgv, *_NSGetEnviron());
COCOA_DEBUG("Second thread: qemu_main() returned, exiting\n");
@@ -1922,7 +1816,6 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info,
status = qemu_default_main();
qemu_mutex_unlock_iothread();
COCOA_DEBUG("Second thread: qemu_default_main() returned, exiting\n");
- [cbowner release];
exit(status);
}
@@ -2066,18 +1959,6 @@ static void cocoa_refresh(DisplayChangeListener *dcl)
@@ -2003,18 +1896,6 @@ static void cocoa_refresh(DisplayChangeListener *dcl)
[cocoaView setAbsoluteEnabled:YES];
});
}
@ -194,7 +185,7 @@ index 5a8bd5dd84..79ed6d043f 100644
[pool release];
}
@@ -2117,10 +1998,6 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts)
@@ -2071,12 +1952,6 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts)
// register vga output callbacks
register_displaychangelistener(&dcl);
@ -202,9 +193,8 @@ index 5a8bd5dd84..79ed6d043f 100644
- qemu_event_init(&cbevent, false);
- cbowner = [[QemuCocoaPasteboardTypeOwner alloc] init];
- qemu_clipboard_peer_register(&cbpeer);
-
- [pool release];
}
static QemuDisplay qemu_display_cocoa = {
--
2.35.1

6
pkgs/development/compilers/gleam/default.nix
View file

@ -2,13 +2,13 @@
rustPlatform.buildRustPackage rec {
pname = "gleam";
version = "0.25.1";
version = "0.25.3";
src = fetchFromGitHub {
owner = "gleam-lang";
repo = pname;
rev = "v${version}";
sha256 = "sha256-PzvFX1ssBPXhHBNGK38y427HYJ9Q40c4w2mqGZ/2rtI=";
sha256 = "sha256-JT9NUca+DaqxT36heaNKijIuqdnSvrYCfY2uM7wTOGo=";
};
nativeBuildInputs = [ pkg-config ];
@ -16,7 +16,7 @@ rustPlatform.buildRustPackage rec {
buildInputs = [ openssl ] ++
lib.optionals stdenv.isDarwin [ Security libiconv ];
cargoSha256 = "sha256-NeNpT/yOXE70ElawrOGBc4G5bN2ohzYVVUtF4yVCJOo=";
cargoSha256 = "sha256-YPyGCd4//yta3jy5tWB4C5yRgxNbfG+hGF5/QSch/6M=";
meta = with lib; {
description = "A statically typed language for the Erlang VM";

44
pkgs/development/compilers/julia/1.8.nix
View file

@ -12,19 +12,13 @@
, libwhich
, libxml2
, libunwind
, libgit2
, curl
, nghttp2
, mbedtls_2
, libssh2
, gmp
, mpfr
, suitesparse
, utf8proc
, zlib
, p7zip
, ncurses
, pcre2
}:
stdenv.mkDerivation rec {
@ -41,15 +35,6 @@ stdenv.mkDerivation rec {
path = name: "https://raw.githubusercontent.com/archlinux/svntogit-community/6fd126d089d44fdc875c363488a7c7435a223cec/trunk/${name}";
in
[
# Pull upstream fix to fix tests mpfr-4.1.1
# https://github.com/JuliaLang/julia/pull/47659
(fetchpatch {
name = "mfr-4.1.1.patch";
url = "https://github.com/JuliaLang/julia/commit/59965205ccbdffb4e25e1b60f651ca9df79230a4.patch";
hash = "sha256-QJ5wxZMhz+or8BqcYv/5fNSTxDAvdSizTYqt7630kcw=";
includes = [ "stdlib/MPFR_jll/test/runtests.jl" ];
})
(fetchurl {
url = path "julia-hardcoded-libs.patch";
sha256 = "sha256-kppSpVA7bRohd0wXDs4Jgct9ocHnpbeiiSz7ElFom1U=";
@ -77,17 +62,11 @@ stdenv.mkDerivation rec {
buildInputs = [
libxml2
libunwind
libgit2
curl
nghttp2
mbedtls_2
libssh2
gmp
mpfr
utf8proc
zlib
p7zip
pcre2
];
JULIA_RPATH = lib.makeLibraryPath (buildInputs ++ [ stdenv.cc.cc gfortran.cc ncurses ]);
@ -106,29 +85,32 @@ stdenv.mkDerivation rec {
"USE_SYSTEM_CSL=1"
"USE_SYSTEM_LLVM=0" # a patched version is required
"USE_SYSTEM_LIBUNWIND=1"
"USE_SYSTEM_PCRE=1"
"USE_SYSTEM_PCRE=0" # version checks
"USE_SYSTEM_LIBM=0"
"USE_SYSTEM_OPENLIBM=0"
"USE_SYSTEM_DSFMT=0" # not available in nixpkgs
"USE_SYSTEM_LIBBLASTRAMPOLINE=0" # not available in nixpkgs
"USE_SYSTEM_BLAS=0" # test failure
"USE_SYSTEM_LAPACK=0" # test failure
"USE_SYSTEM_GMP=1"
"USE_SYSTEM_MPFR=1"
"USE_SYSTEM_GMP=1" # version checks, but bundled version fails build
"USE_SYSTEM_MPFR=0" # version checks
"USE_SYSTEM_LIBSUITESPARSE=0" # test failure
"USE_SYSTEM_LIBUV=0" # a patched version is required
"USE_SYSTEM_UTF8PROC=1"
"USE_SYSTEM_MBEDTLS=1"
"USE_SYSTEM_LIBSSH2=1"
"USE_SYSTEM_NGHTTP2=1"
"USE_SYSTEM_MBEDTLS=0" # version checks
"USE_SYSTEM_LIBSSH2=0" # version checks
"USE_SYSTEM_NGHTTP2=0" # version checks
"USE_SYSTEM_CURL=1"
"USE_SYSTEM_LIBGIT2=1"
"USE_SYSTEM_LIBGIT2=0" # version checks
"USE_SYSTEM_PATCHELF=1"
"USE_SYSTEM_LIBWHICH=1"
"USE_SYSTEM_ZLIB=1"
"USE_SYSTEM_ZLIB=1" # version checks, but the system zlib is used anyway
"USE_SYSTEM_P7ZIP=1"
"PCRE_INCL_PATH=${pcre2.dev}/include/pcre2.h"
] ++ lib.optionals stdenv.isx86_64 [
# https://github.com/JuliaCI/julia-buildbot/blob/master/master/inventory.py
"JULIA_CPU_TARGET=generic;sandybridge,-xsaveopt,clone_all;haswell,-rdrnd,base(1)"
] ++ lib.optionals stdenv.isAarch64 [
"JULIA_CPU_TERGET=generic;cortex-a57;thunderx2t99;armv8.2-a,crypto,fullfp16,lse,rdm"
];
doInstallCheck = true;

2
pkgs/development/compilers/julia/patches/1.8/0001-skip-symlink-system-libraries.patch
View file

@ -1,4 +1,4 @@
From 1faa30525c9671ffd3a08901896b521a040d7e5c Mon Sep 17 00:00:00 2001
From b2a58160fd194858267c433ae551f24840a0b3f4 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Tue, 20 Sep 2022 18:42:08 +0800
Subject: [PATCH 1/4] skip symlink system libraries

6
pkgs/development/compilers/julia/patches/1.8/0002-skip-building-doc.patch
View file

@ -1,4 +1,4 @@
From 05c008dcabaf94f5623f2f7e267005eef0a8c5fc Mon Sep 17 00:00:00 2001
From ddf422a97973a1f4d2d4d32272396c7165580702 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Tue, 20 Sep 2022 18:42:31 +0800
Subject: [PATCH 2/4] skip building doc
@ -8,10 +8,10 @@ Subject: [PATCH 2/4] skip building doc
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index d38311dce..a775d36e1 100644
index 57b595310..563be74c9 100644
--- a/Makefile
+++ b/Makefile
@@ -227,7 +227,7 @@ define stringreplace
@@ -229,7 +229,7 @@ define stringreplace
endef

25
pkgs/development/compilers/julia/patches/1.8/0003-skip-failing-and-flaky-tests.patch Normal file
View file

@ -0,0 +1,25 @@
From ed596b33005a438109f0078ed0ba30ebe464b4b5 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Tue, 20 Sep 2022 18:42:59 +0800
Subject: [PATCH 3/4] skip failing and flaky tests
---
test/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/Makefile b/test/Makefile
index 24e137a5b..553d9d095 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -23,7 +23,7 @@ default:
$(TESTS):
@cd $(SRCDIR) && \
- $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl $@)
+ $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip MozillaCACerts_jll --skip NetworkOptions --skip Zlib_jll --skip GMP_jll --skip channels $@)
$(addprefix revise-, $(TESTS)): revise-% :
@cd $(SRCDIR) && \
--
2.38.1

6
pkgs/development/compilers/julia/patches/1.8/0003-skip-failing-tests.patch
View file

@ -1,4 +1,4 @@
From 756d4e977f8f224e20effa82c612e5a9cc14d82e Mon Sep 17 00:00:00 2001
From f91c8c6364eb321dd5e66fa443472fca6bcda7d6 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Tue, 20 Sep 2022 18:42:59 +0800
Subject: [PATCH 3/4] skip failing tests
@ -8,7 +8,7 @@ Subject: [PATCH 3/4] skip failing tests
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/Makefile b/test/Makefile
index 24e137a5b..c17ccea8a 100644
index 24e137a5b..2b30ab392 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -23,7 +23,7 @@ default:
@ -16,7 +16,7 @@ index 24e137a5b..c17ccea8a 100644
$(TESTS):
@cd $(SRCDIR) && \
- $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl $@)
+ $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip LibGit2_jll --skip MozillaCACerts_jll --skip NetworkOptions --skip nghttp2_jll --skip Zlib_jll --skip MbedTLS_jll $@)
+ $(call PRINT_JULIA, $(call spawn,$(JULIA_EXECUTABLE)) --check-bounds=yes --startup-file=no --depwarn=error ./runtests.jl --skip MozillaCACerts_jll --skip NetworkOptions --skip Zlib_jll --skip GMP_jll $@)
$(addprefix revise-, $(TESTS)): revise-% :
@cd $(SRCDIR) && \

2
pkgs/development/compilers/julia/patches/1.8/0004-ignore-absolute-path-when-loading-library.patch
View file

@ -1,4 +1,4 @@
From c0e587f4c50bd7bedfe6e5102e9b47c9704fac9b Mon Sep 17 00:00:00 2001
From 4bd87f2f3151ad07d311f7d33c2b890977aca93d Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Tue, 20 Sep 2022 18:43:15 +0800
Subject: [PATCH 4/4] ignore absolute path when loading library

2
pkgs/development/compilers/rust/make-rust-platform.nix
View file

@ -18,7 +18,7 @@ rec {
fetchCargoTarball importCargoLock rustc;
};
importCargoLock = buildPackages.callPackage ../../../build-support/rust/import-cargo-lock.nix {};
importCargoLock = buildPackages.callPackage ../../../build-support/rust/import-cargo-lock.nix { inherit cargo; };
rustcSrc = callPackage ./rust-src.nix {
inherit runCommand rustc;

4
pkgs/development/libraries/grpc/default.nix
View file

@ -60,7 +60,9 @@ stdenv.mkDerivation rec {
# only an issue with the useLLVM stdenv, not the darwin stdenv…
# https://github.com/grpc/grpc/issues/26473#issuecomment-860885484
useLLVMAndOldCC = (stdenv.hostPlatform.useLLVM or false) && lib.versionOlder stdenv.cc.cc.version "11.0";
cxxStandard = if useLLVMAndOldCC then "11" else "17";
# With GCC 9 (current aarch64-linux) it fails with c++17 but OK with c++14.
useOldGCC = !(stdenv.hostPlatform.useLLVM or false) && lib.versionOlder stdenv.cc.cc.version "10";
cxxStandard = if useLLVMAndOldCC then "11" else if useOldGCC then "14" else "17";
in
[
"-DgRPC_ZLIB_PROVIDER=package"

4
pkgs/development/libraries/mbedtls/2.nix
View file

@ -1,6 +1,6 @@
{ callPackage }:
callPackage ./generic.nix {
version = "2.28.1";
hash = "sha256-brbZB3fINDeVWXf50ct4bxYkoBVyD6bBBijZyFQSnyw=";
version = "2.28.2";
hash = "sha256-rbWvPrFoY31QyW/TbMndPXTzAJS6qT/bo6J0IL6jRvQ=";
}

4
pkgs/development/libraries/mbedtls/3.nix
View file

@ -1,6 +1,6 @@
{ callPackage }:
callPackage ./generic.nix {
version = "3.2.1";
hash = "sha256-+M36NvFe4gw2PRbld/2JV3yBGrqK6soWcmrSEkUNcrc=";
version = "3.3.0";
hash = "sha256-yb5migP5Tcw99XHFzJkCct4f5R6ztxPR43VQcfTGRtE=";
}

12
pkgs/development/libraries/mbedtls/generic.nix
View file

@ -32,10 +32,14 @@ stdenv.mkDerivation rec {
perl scripts/config.pl set MBEDTLS_THREADING_PTHREAD # POSIX thread wrapper layer for the threading layer.
'';
cmakeFlags = [ "-DUSE_SHARED_MBEDTLS_LIBRARY=on" ];
NIX_CFLAGS_COMPILE = lib.optionals stdenv.cc.isGNU [
"-Wno-error=format"
"-Wno-error=format-truncation"
cmakeFlags = [
"-DUSE_SHARED_MBEDTLS_LIBRARY=on"
# Avoid a dependency on jsonschema and jinja2 by not generating source code
# using python. In releases, these generated files are already present in
# the repository and do not need to be regenerated. See:
# https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0 below "Requirement changes".
"-DGEN_FILES=off"
];
meta = with lib; {

2
pkgs/development/mobile/androidenv/compose-android-packages.nix
View file

@ -123,7 +123,7 @@ rec {
build-tools = map (version:
callPackage ./build-tools.nix {
inherit deployAndroidPackage;
inherit deployAndroidPackage os;
package = packages.build-tools.${version};
}
) buildToolsVersions;

7
pkgs/development/ocaml-modules/apron/default.nix
View file

@ -1,4 +1,6 @@
{ stdenv, lib, fetchFromGitHub, perl, gmp, mpfr, ppl, ocaml, findlib, camlidl, mlgmpidl }:
{ stdenv, lib, fetchFromGitHub, perl, gmp, mpfr, ppl, ocaml, findlib, camlidl, mlgmpidl
, gnumake42
}:
stdenv.mkDerivation rec {
pname = "ocaml${ocaml.version}-apron";
@ -10,7 +12,8 @@ stdenv.mkDerivation rec {
sha256 = "14ymjahqdxj26da8wik9d5dzlxn81b3z1iggdl7rn2nn06jy7lvy";
};
nativeBuildInputs = [ ocaml findlib perl ];
# fails with make 4.4
nativeBuildInputs = [ ocaml findlib perl gnumake42 ];
buildInputs = [ gmp mpfr ppl camlidl ];
propagatedBuildInputs = [ mlgmpidl ];

8
pkgs/development/ocaml-modules/lru/default.nix
View file

@ -2,13 +2,11 @@
buildDunePackage rec {
pname = "lru";
version = "0.3.0";
useDune2 = true;
version = "0.3.1";
src = fetchurl {
url = "https://github.com/pqwy/lru/releases/download/v${version}/lru-v${version}.tbz";
sha256 = "1ab9rd7cq15ml8x0wjl44wy99h5z7x4g9vkkz4i2d7n84ghy7vw4";
url = "https://github.com/pqwy/lru/releases/download/v${version}/lru-${version}.tbz";
hash = "sha256-bL4j0np9WyRPhpwLiBQNR/cPQTpkYu81wACTJdSyNv0=";
};
propagatedBuildInputs = [ psq ];

4
pkgs/development/python-modules/adafruit-platformdetect/default.nix
View file

@ -7,7 +7,7 @@
buildPythonPackage rec {
pname = "adafruit-platformdetect";
version = "3.37.0";
version = "3.38.0";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -15,7 +15,7 @@ buildPythonPackage rec {
src = fetchPypi {
pname = "Adafruit-PlatformDetect";
inherit version;
hash = "sha256-vhBx/NABOD2patBzI15XZqbTTtbf3rTUIDx1sYg+yYg=";
hash = "sha256-USnOf/nwuAyZpvy/cXpQtkWKXPKu0hj1HFwolrpecQM=";
};
nativeBuildInputs = [

4
pkgs/development/python-modules/azure-mgmt-resource/default.nix
View file

@ -9,7 +9,7 @@
buildPythonPackage rec {
pname = "azure-mgmt-resource";
version = "21.2.1";
version = "22.0.0";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -17,7 +17,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
extension = "zip";
hash = "sha256-vSBg1WOT/+Ykao8spn51Tt0D7Ae5dWMLMK4DqIYFl6c=";
hash = "sha256-/rXZeeGLUvLP0CO0oKM+VKb3bMaiUtyM117OLGMpjpQ=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/brother/default.nix
View file

@ -11,7 +11,7 @@
buildPythonPackage rec {
pname = "brother";
version = "2.0.0";
version = "2.1.1";
format = "setuptools";
disabled = pythonOlder "3.8";
@ -20,7 +20,7 @@ buildPythonPackage rec {
owner = "bieniu";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-pk9VBFha2NfQWI+fbWwGKcGFa93eKr5Cqh85r1CAXpI=";
hash = "sha256-jMvbZ4/NOA3dnJUdDWk2KTRz1gBOC+oDE0ChGNdFl1o=";
};
propagatedBuildInputs = [

5
pkgs/development/python-modules/discogs-client/default.nix
View file

@ -10,7 +10,7 @@
buildPythonPackage rec {
pname = "discogs-client";
version = "2.5";
version = "2.6";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -19,7 +19,7 @@ buildPythonPackage rec {
owner = "joalla";
repo = "discogs_client";
rev = "refs/tags/v${version}";
sha256 = "sha256-whLneq8RE1bok8jPlOteqIb5U07TvEa0O2mrzORp5HU=";
hash = "sha256-Si1EH5TalNC3BY7L/GqbGSCjDBWzbodB4NZlNayhZYs=";
};
propagatedBuildInputs = [
@ -39,6 +39,7 @@ buildPythonPackage rec {
meta = with lib; {
description = "Unofficial Python API client for Discogs";
homepage = "https://github.com/joalla/discogs_client";
changelog = "https://github.com/joalla/discogs_client/releases/tag/v${version}";
license = licenses.bsd2;
maintainers = with maintainers; [ fab ];
};

4
pkgs/development/python-modules/peaqevcore/default.nix
View file

@ -6,14 +6,14 @@
buildPythonPackage rec {
pname = "peaqevcore";
version = "9.1.0";
version = "9.2.2";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-6SA+JdZwF2Q0RrlPlJvsTXDofrluVcQ+hVMlSFYTjxw=";
hash = "sha256-Azco/ZFWDqb+gTskW3V44YJ9Zi3Fg2nYLY4PXvqOrRo=";
};
postPatch = ''

4
pkgs/development/python-modules/pyairvisual/default.nix
View file

@ -15,7 +15,7 @@
buildPythonPackage rec {
pname = "pyairvisual";
version = "2022.12.0";
version = "2022.12.1";
format = "pyproject";
disabled = pythonOlder "3.9";
@ -24,7 +24,7 @@ buildPythonPackage rec {
owner = "bachya";
repo = pname;
rev = version;
hash = "sha256-vuniAmjbC3EmFliLFhZ1LQvh533XeLGaIn8ll/Etb/4=";
hash = "sha256-xzTho4HsIU2YLURz9DfFfaRL3tsrtVi8n5IA2bRkyzw=";
};
nativeBuildInputs = [

9
pkgs/development/python-modules/pymyq/default.nix
View file

@ -9,14 +9,14 @@
buildPythonPackage rec {
pname = "pymyq";
version = "3.1.5";
version = "3.1.6";
disabled = pythonOlder "3.8";
src = fetchFromGitHub {
owner = "arraylabs";
repo = pname;
rev = "refs/tags/v${version}";
sha256 = "sha256-/2eWB4rtHPptfc8Tm0CGk0UB+Hq1EmNhWmdrpPiUJcw=";
hash = "sha256-zhGCoZ7mkHlfDjEbQihtM23u+N6nfYsQhKmrloevzp8=";
};
propagatedBuildInputs = [
@ -28,11 +28,14 @@ buildPythonPackage rec {
# Project has no tests
doCheck = false;
pythonImportsCheck = [ "pymyq" ];
pythonImportsCheck = [
"pymyq"
];
meta = with lib; {
description = "Python wrapper for MyQ API";
homepage = "https://github.com/arraylabs/pymyq";
changelog = "https://github.com/arraylabs/pymyq/releases/tag/v${version}";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};

4
pkgs/development/python-modules/pyswitchbot/default.nix
View file

@ -9,7 +9,7 @@
buildPythonPackage rec {
pname = "pyswitchbot";
version = "0.23.1";
version = "0.23.2";
format = "setuptools";
disabled = pythonOlder "3.7";
@ -18,7 +18,7 @@ buildPythonPackage rec {
owner = "Danielhiversen";
repo = "pySwitchbot";
rev = "refs/tags/${version}";
hash = "sha256-vBXOZ+AhhqWUD6XukmkHF4wjjJxXbK7r0V+qCuZGc6s=";
hash = "sha256-bpa83uT3Gebwryb7Fc7kBv0m9aYgoL84Q625AavLw40=";
};
propagatedBuildInputs = [

4
pkgs/development/python-modules/twilio/default.nix
View file

@ -14,7 +14,7 @@
buildPythonPackage rec {
pname = "twilio";
version = "7.15.4";
version = "7.16.0";
format = "setuptools";
disabled = pythonOlder "3.6";
@ -23,7 +23,7 @@ buildPythonPackage rec {
owner = "twilio";
repo = "twilio-python";
rev = "refs/tags/${version}";
hash = "sha256-V7JLFesMj0W6k9+svgIBAfemDWiyi7DGdFLBk4/wd+8=";
hash = "sha256-+cbcINDnPmgNtZeQUOuTwU24Fe0i3xisxTYurV4GW7Y=";
};
propagatedBuildInputs = [

3
pkgs/development/tools/build-managers/redo-apenwarr/default.nix
View file

@ -1,5 +1,5 @@
{ stdenv, lib, python3, fetchFromGitHub, which, coreutils
, perl, installShellFiles
, perl, installShellFiles, gnumake42
, doCheck ? true
}: stdenv.mkDerivation rec {
@ -53,6 +53,7 @@
(with python3.pkgs; [ beautifulsoup4 markdown ])
which
installShellFiles
gnumake42 # fails with make 4.4
];
postInstall = ''

4
pkgs/development/tools/pip-audit/default.nix
View file

@ -25,14 +25,14 @@ with py.pkgs;
buildPythonApplication rec {
pname = "pip-audit";
version = "2.4.8";
version = "2.4.10";
format = "pyproject";
src = fetchFromGitHub {
owner = "trailofbits";
repo = pname;
rev = "refs/tags/v${version}";
hash = "sha256-j5B/aDDVV/Wb71nVwc4CUxS8AY05AI+n042Q/yNAl0c=";
hash = "sha256-/NkV5KNjJfzLhAJEjePHOXqaGIwRJrD0ewe/vpFEYts=";
};
nativeBuildInputs = [

20
pkgs/servers/adguardhome/bins.nix
View file

@ -1,23 +1,23 @@
{ fetchurl, fetchzip }:
{
x86_64-darwin = fetchzip {
sha256 = "sha256-pCyMhfDl371zzc3oXo+n09qNcxMtDQEqaqVW+YIrx28=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_darwin_amd64.zip";
sha256 = "sha256-ViWbvpGU6mk9N8Nstn0urZrcd8JIPs9Ok9806+vUvy0=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_darwin_amd64.zip";
};
aarch64-darwin = fetchzip {
sha256 = "sha256-O2UTzaWaYTkeR3z/O8U/Btigjp/8gns4Y/D9yoX2Hns=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_darwin_arm64.zip";
sha256 = "sha256-ixfeTi2Y44Om7RCKZOw3oJX+FiwTT+s7MSSqowyNKUU=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_darwin_arm64.zip";
};
i686-linux = fetchurl {
sha256 = "sha256-ao/uebGho3CafFEcCfcS+awsC9lO/6z1UL57Yvr/q14=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_386.tar.gz";
sha256 = "sha256-EZzZ8Z6N+wctI/ncLjIAvFgQN1YWOnywhihxF+C6MOs=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_386.tar.gz";
};
x86_64-linux = fetchurl {
sha256 = "sha256-KJIogRRlZFPy3jBb9JeEA7xgZkl9/97cA13rBK6/1fI=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_amd64.tar.gz";
sha256 = "sha256-xU5PxscqBEGNCgA241UbhJcxlNXpCxbFeU7bfmSqf7I=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_amd64.tar.gz";
};
aarch64-linux = fetchurl {
sha256 = "sha256-r8gqUa9dULAYPUB64X4aqyaNf0CpckUNIsWl+VylhaM=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.20/AdGuardHome_linux_arm64.tar.gz";
sha256 = "sha256-ajhvvxYwttEaCQXL4WaDcjzk8g0krhIXJv5VHEEdfqg=";
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.21/AdGuardHome_linux_arm64.tar.gz";
};
}

2
pkgs/servers/adguardhome/default.nix
View file

@ -7,7 +7,7 @@ in
stdenv.mkDerivation rec {
pname = "adguardhome";
version = "0.107.20";
version = "0.107.21";
src = sources.${system} or (throw "Source for ${pname} is not available for ${system}");
installPhase = ''

15
pkgs/servers/snappymail/default.nix
View file

@ -1,12 +1,17 @@
{ lib, stdenv, fetchurl, writeText
, dataPath ? "/var/lib/snappymail" }:
{ lib
, stdenv
, fetchurl
, writeText
, dataPath ? "/var/lib/snappymail"
}:
stdenv.mkDerivation rec {
pname = "snappymail";
version = "2.22.6";
version = "2.23.0";
src = fetchurl {
url = "https://github.com/the-djmaze/snappymail/releases/download/v${version}/snappymail-${version}.tar.gz";
sha256 = "sha256-B3ojd6Xd5qk6KL5JAnrp52XeW0xJ7z9VJQRPjVmPgv0=";
sha256 = "sha256-wOHp0hNxpDa6JPDaGNHG2+TL+YTP3GaKLab/PdxtU20=";
};
sourceRoot = "snappymail";
@ -27,8 +32,8 @@ stdenv.mkDerivation rec {
meta = with lib; {
description = "Simple, modern & fast web-based email client";
homepage = "https://snappymail.eu";
changelog = "https://github.com/the-djmaze/snappymail/blob/v${version}/CHANGELOG.md";
downloadPage = "https://github.com/the-djmaze/snappymail/releases";
license = licenses.agpl3;
platforms = platforms.all;

37
pkgs/servers/x11/xorg/overrides.nix
View file

@ -814,6 +814,43 @@ self: super:
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc.diff";
sha256 = "rBiiXQRreMvexW9vOKblcfCYzul+9La01EAhir4FND8=";
})
]
# TODO: remove with xorgserver >= 21.1.5; https://www.mail-archive.com/xorg-announce@lists.x.org/msg01511.html
++ [
(fetchpatch {
name = "CVE-2022-46340.diff";
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63.diff";
sha256 = "sha256-XPjLwZcJPLVv1ufgqnUxl73HKcJWWTDy2J/oxFiFnAU=";
})
(fetchpatch {
name = "CVE-2022-46341.diff";
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b.diff";
sha256 = "sha256-w+tzzoI1TfjjiFw5GNxVBgPc7M2lRY60zl+ySsyV59o=";
})
(fetchpatch {
name = "CVE-2022-46342.diff";
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b.diff";
sha256 = "sha256-NytCsqRlqhs8xpOL8PGgluU0nKd7VIY26BXgpzN6WqE=";
})
(fetchpatch {
name = "CVE-2022-46343.diff";
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900.diff";
sha256 = "sha256-oUwKwfN6lAvZ60dylm53+/yDeFnYTVdCINpBAfM6LoY=";
})
(fetchpatch {
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/b8a84cb0f2807b07ab70ca9915fcdee21301b8ca.diff";
sha256 = "sha256-Y2x9/P0SgwUAJRjIXivA32NnMso7gQAid+VjcwNUsa8=";
})
(fetchpatch {
name = "CVE-2022-46344.diff";
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8.diff";
sha256 = "sha256-Cr760UPwmm8Qr0o/R8/IlgggXQ6ENTHRz3bP/nsIwbU=";
})
(fetchpatch {
name = "CVE-2022-4283.diff";
url = "https://gitlab.freedesktop.org/xorg/xserver/-/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c.diff";
sha256 = "sha256-IGPsjS7KgRPLrs1ImBXvIFCa8Iu5ZiAHRZvHlBYP8KQ=";
})
];
buildInputs = commonBuildInputs ++ [ libdrm mesa ];
propagatedBuildInputs = attrs.propagatedBuildInputs or [] ++ [ libpciaccess libepoxy ] ++ commonPropagatedBuildInputs ++ lib.optionals stdenv.isLinux [

8
pkgs/tools/admin/awscli2/default.nix
View file

@ -73,10 +73,10 @@ with py.pkgs; buildPythonApplication rec {
];
postPatch = ''
substituteInPlace pyproject.toml \
--replace "colorama>=0.2.5,<0.4.4" "colorama" \
--replace "distro>=1.5.0,<1.6.0" "distro" \
--replace "cryptography>=3.3.2,<=38.0.1" "cryptography>=3.3.2,<=38.0.3"
sed -i pyproject.toml \
-e 's/colorama.*/colorama",/' \
-e 's/cryptography.*/cryptography",/' \
-e 's/distro.*/distro",/'
'';
postInstall = ''

3
pkgs/tools/games/weidu/default.nix
View file

@ -5,6 +5,7 @@
, ocaml-ng
, perl
, which
, gnumake42
}:
let
@ -38,7 +39,7 @@ stdenv.mkDerivation rec {
mkdir -p obj/{.depend,x86_LINUX}
'';
nativeBuildInputs = [ elkhound ocaml' perl which ];
nativeBuildInputs = [ elkhound ocaml' perl which gnumake42 ];
buildFlags = [ "weidu" "weinstall" "tolower" ];

25
pkgs/tools/misc/bootspec/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, rustPlatform
, fetchFromGitHub
}:
rustPlatform.buildRustPackage rec {
pname = "bootspec";
version = "unstable-2022-12-05";
src = fetchFromGitHub {
owner = "DeterminateSystems";
repo = pname;
rev = "67a617ab6b99211daa92e748d27ead3f78127cf8";
hash = "sha256-GX6Tzs/ClTUV9OXLvPFw6uBhrpCWSMI+PfrViyFEIxs=";
};
cargoHash = "sha256-N/hbfjsuvwCc0mxOpeVVcTxb5cA024lyLSEpVcrS7kA=";
meta = with lib; {
description = "Implementation of RFC-0125's datatype and synthesis tooling";
homepage = "https://github.com/DeterminateSystems/bootspec";
license = licenses.mit;
maintainers = teams.determinatesystems.members;
platforms = platforms.unix;
};
}

6
pkgs/tools/networking/dnstwist/default.nix
View file

@ -5,13 +5,14 @@
python3.pkgs.buildPythonApplication rec {
pname = "dnstwist";
version = "20221022";
version = "20221213";
format = "setuptools";
src = fetchFromGitHub {
owner = "elceef";
repo = pname;
rev = "refs/tags/${version}";
sha256 = "sha256-qdKMEE97PWkWgstJZxnFWDjc2heIbJjjCwBbl5K2zy4=";
hash = "sha256-xYZGrlrEdot2l1SkXcT2IbeRWouaN6C+WwbBSHXhAtw=";
};
propagatedBuildInputs = with python3.pkgs; [
@ -33,6 +34,7 @@ python3.pkgs.buildPythonApplication rec {
meta = with lib; {
description = "Domain name permutation engine for detecting homograph phishing attacks";
homepage = "https://github.com/elceef/dnstwist";
changelog = "https://github.com/elceef/dnstwist/releases/tag/${version}";
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ fab ];
};

38
pkgs/tools/networking/mozillavpn/default.nix
View file

@ -1,6 +1,7 @@
{ buildGoModule
, cmake
, fetchFromGitHub
, fetchpatch
, go
, lib
, pkg-config
@ -21,14 +22,21 @@
let
pname = "mozillavpn";
version = "2.11.0";
version = "2.12.0";
src = fetchFromGitHub {
owner = "mozilla-mobile";
repo = "mozilla-vpn-client";
rev = "v${version}";
fetchSubmodules = true;
hash = "sha256-QXxZ6RQwXrVsaZRkW13r7aoz8iHxuT0nW/2aFDpLLzU=";
hash = "sha256-T8dPM90X4soVG/plKsf7DM9XgdX5Vcp0i6zTE60gbq0=";
};
patches = [
# vpnglean: Add Cargo.lock file
(fetchpatch {
url = "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/5236/commits/6fdc689001619a06b752fa629647642ea66f4e26.patch";
hash = "sha256-j666Z31D29WIL3EXbek2aLzA4Fui/9VZvupubMDG24Q=";
})
];
netfilter-go-modules = (buildGoModule {
inherit pname version src;
@ -40,19 +48,24 @@ let
inherit src;
name = "${pname}-${version}-extension-bridge";
preBuild = "cd extension/bridge";
hash = "sha256-BRUUEDIVQoF+FuKnoBzFbMyeGOgGb6/boYSaftZPF2U=";
hash = "sha256-/DmKSV0IKxZV0Drh6dTsiqgZhuxt6CoegXpYdqN4UzQ=";
};
signatureDeps = rustPlatform.fetchCargoTarball {
inherit src;
name = "${pname}-${version}-signature";
preBuild = "cd signature";
hash = "sha256-oSO7KS4aBwSVYIyxmWTXKn0CL9t6CDR/hx+0+nbf/dM=";
hash = "sha256-6qyMARhPPgTryEtaBNrIPN9ja/fe7Fyx38iGuTd+Dk8=";
};
vpngleanDeps = rustPlatform.fetchCargoTarball {
inherit src patches;
name = "${pname}-${version}-vpnglean";
preBuild = "cd vpnglean";
hash = "sha256-8OLTQmRvy6pATEBX2za6f9vMEqwkf9L5VyERtAN2BDQ=";
};
in
stdenv.mkDerivation {
inherit pname version src;
inherit pname version src patches;
buildInputs = [
polkit
@ -73,6 +86,7 @@ stdenv.mkDerivation {
python3.pkgs.setuptools
rustPlatform.cargoSetupHook
rustPlatform.rust.cargo
rustPlatform.rust.rustc
which
wrapQtAppsHook
];
@ -87,6 +101,11 @@ stdenv.mkDerivation {
cargoDeps='${signatureDeps}' cargoSetupPostUnpackHook
signatureDepsCopy="$cargoDepsCopy"
popd
pushd source/vpnglean
cargoDeps='${vpngleanDeps}' cargoSetupPostUnpackHook
vpngleanDepsCopy="$cargoDepsCopy"
popd
'';
dontCargoSetupPostUnpack = true;
@ -108,9 +127,6 @@ stdenv.mkDerivation {
substituteInPlace extension/CMakeLists.txt \
--replace '/etc' "$out/etc"
substituteInPlace src/connectionbenchmark/benchmarktasktransfer.cpp \
--replace 'QT_VERSION >= 0x060400' 'false'
ln -s '${netfilter-go-modules}' linux/netfilter/vendor
pushd extension/bridge
@ -121,6 +137,10 @@ stdenv.mkDerivation {
cargoDepsCopy="$signatureDepsCopy" cargoSetupPostPatchHook
popd
pushd vpnglean
cargoDepsCopy="$vpngleanDepsCopy" cargoSetupPostPatchHook
popd
cargoSetupPostPatchHook() { true; }
'';

2
pkgs/tools/typesetting/sile/default.nix
View file

@ -1,4 +1,5 @@
{ lib, stdenv
, gnumake42
, darwin
, fetchurl
, makeWrapper
@ -59,6 +60,7 @@ stdenv.mkDerivation rec {
gitMinimal
pkg-config
makeWrapper
gnumake42
];
buildInputs = [
luaEnv

8
pkgs/top-level/all-packages.nix
View file

@ -2705,6 +2705,8 @@ with pkgs;
brewtarget = libsForQt5.callPackage ../applications/misc/brewtarget { } ;
bootspec = callPackage ../tools/misc/bootspec { };
# Derivation's result is not used by nixpkgs. Useful for validation for
# regressions of bootstrapTools on hydra and on ofborg. Example:
# pkgsCross.aarch64-multiplatform.freshBootstrapTools.build
@ -8489,7 +8491,11 @@ with pkgs;
wrapKakoune = kakoune: attrs: callPackage ../applications/editors/kakoune/wrapper.nix (attrs // { inherit kakoune; });
kakounePlugins = recurseIntoAttrs (callPackage ../applications/editors/kakoune/plugins { });
kakoune-unwrapped = callPackage ../applications/editors/kakoune { };
kakoune-unwrapped = callPackage ../applications/editors/kakoune {
# See comments on https://github.com/NixOS/nixpkgs/pull/198836
# Remove below when stdenv for linux-aarch64 become recent enough.
stdenv = if stdenv.isLinux && stdenv.isAarch64 && stdenv.cc.isGNU then gcc11Stdenv else stdenv;
};
kakoune = wrapKakoune kakoune-unwrapped {
plugins = [ ]; # override with the list of desired plugins
};