Merge staging-next into staging

nixos/modules/services/networking/pleroma.nix

@@ -1,6 +1,7 @@
 { config, options, lib, pkgs, stdenv, ... }:
 let
   cfg = config.services.pleroma;
+  cookieFile = "/var/lib/pleroma/.cookie";
 in {
   options = {
     services.pleroma = with lib; {
@@ -8,7 +9,7 @@ in {
 
       package = mkOption {
         type = types.package;
-        default = pkgs.pleroma;
+        default = pkgs.pleroma.override { inherit cookieFile; };
         defaultText = literalExpression "pkgs.pleroma";
         description = "Pleroma package to use.";
       };
@@ -100,7 +101,6 @@ in {
       after = [ "network-online.target" "postgresql.service" ];
       wantedBy = [ "multi-user.target" ];
       restartTriggers = [ config.environment.etc."/pleroma/config.exs".source ];
-      environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie";
       serviceConfig = {
         User = cfg.user;
         Group = cfg.group;
@@ -118,10 +118,10 @@ in {
         # Better be safe than sorry migration-wise.
         ExecStartPre =
           let preScript = pkgs.writers.writeBashBin "pleromaStartPre" ''
-            if [ ! -f /var/lib/pleroma/.cookie ]
+            if [ ! -f "${cookieFile}" ] || [ ! -s "${cookieFile}" ]
             then
               echo "Creating cookie file"
-              dd if=/dev/urandom bs=1 count=16 | hexdump -e '16/1 "%02x"' > /var/lib/pleroma/.cookie
+              dd if=/dev/urandom bs=1 count=16 | ${pkgs.hexdump}/bin/hexdump -e '16/1 "%02x"' > "${cookieFile}"
             fi
             ${cfg.package}/bin/pleroma_ctl migrate
           '';

nixos/modules/services/x11/display-managers/default.nix

@@ -219,24 +219,7 @@ in
 
       session = mkOption {
         default = [];
-        type = with types; listOf (submodule ({ ... }: {
-          options = {
-            manage = mkOption {
-              description = "Whether this is a desktop or a window manager";
-              type = enum [ "desktop" "window" ];
-            };
-
-            name = mkOption {
-              description = "Name of this session";
-              type = str;
-            };
-
-            start = mkOption {
-              description = "Commands to run to start this session";
-              type = lines;
-            };
-          };
-        }));
+        type = types.listOf types.attrs;
         example = literalExpression
           ''
             [ { manage = "desktop";

nixos/tests/pleroma.nix

@@ -32,8 +32,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
     # system one. Overriding this pretty bad default behaviour.
     export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
 
-    export TOOT_LOGIN_CLI_PASSWORD="jamy-password"
-    toot login_cli -i "pleroma.nixos.test" -e "jamy@nixos.test"
+    echo "jamy-password" | toot login_cli -i "pleroma.nixos.test" -e "jamy@nixos.test"
     echo "Login OK"
 
     # Send a toot then verify it's part of the public timeline
@@ -168,21 +167,6 @@ import ./make-test-python.nix ({ pkgs, ... }:
     cp key.pem cert.pem $out
   '';
 
-  /* Toot is preventing users from feeding login_cli a password non
-     interactively. While it makes sense most of the times, it's
-     preventing us to login in this non-interactive test. This patch
-     introduce a TOOT_LOGIN_CLI_PASSWORD env variable allowing us to
-     provide a password to toot login_cli
-
-     If https://github.com/ihabunek/toot/pull/180 gets merged at some
-     point, feel free to remove this patch. */
-  custom-toot = pkgs.toot.overrideAttrs(old:{
-    patches = [ (pkgs.fetchpatch {
-      url = "https://github.com/NinjaTrappeur/toot/commit/b4a4c30f41c0cb7e336714c2c4af9bc9bfa0c9f2.patch";
-      sha256 = "sha256-0xxNwjR/fStLjjUUhwzCCfrghRVts+fc+fvVJqVcaFg=";
-    }) ];
-  });
-
   hosts = nodes: ''
     ${nodes.pleroma.config.networking.primaryIPAddress} pleroma.nixos.test
     ${nodes.client.config.networking.primaryIPAddress} client.nixos.test
@@ -194,7 +178,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
       security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ];
       networking.extraHosts = hosts nodes;
       environment.systemPackages = with pkgs; [
-        custom-toot
+        toot
         send-toot
       ];
     };

pkgs/applications/blockchains/alfis/default.nix

@@ -14,16 +14,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "alfis";
-  version = "0.6.10";
+  version = "0.6.11";
 
   src = fetchFromGitHub {
     owner = "Revertron";
     repo = "Alfis";
     rev = "v${version}";
-    sha256 = "sha256-JJTU3wZ3cG5TmgHYShWJaNAZBA4z3qZXPfb7WUX6/80=";
+    sha256 = "sha256-vm/JBJh58UaSem18RpJuPUzM2GCy4RfCb6Hr1B7KWQA=";
   };
 
-  cargoSha256 = "sha256-BsFe1Fp+Q5Gqa1w4xov0tVLDKV7S+6b5fKBl09ggLB0=";
+  cargoSha256 = "sha256-8ijGO8up0qVQ/kVX5/DveKyovYLh7jm+d7vooS1waAA=";
 
   checkFlags = [
     # these want internet access, disable them

pkgs/applications/networking/nextcloud-client/default.nix

@@ -22,13 +22,13 @@
 
 mkDerivation rec {
   pname = "nextcloud-client";
-  version = "3.4.3";
+  version = "3.4.4";
 
   src = fetchFromGitHub {
     owner = "nextcloud";
     repo = "desktop";
     rev = "v${version}";
-    sha256 = "sha256-nryoueoqnbBAJaU11OUXKP5PNrYf4515ojBkdMFIEMA=";
+    sha256 = "sha256-e4me4mpK0N3UyM5MuJP3jxwM5h1dGBd+JzAr5f3BOGQ=";
   };
 
   patches = [

pkgs/development/libraries/exiv2/default.nix

@@ -52,6 +52,7 @@ stdenv.mkDerivation rec {
   cmakeFlags = [
     "-DEXIV2_ENABLE_NLS=ON"
     "-DEXIV2_BUILD_DOC=ON"
+    "-DEXIV2_ENABLE_BMFF=ON"
   ];
 
   buildFlags = [

pkgs/development/python-modules/ailment/default.nix

@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "ailment";
-  version = "9.1.11752";
+  version = "9.1.12332";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
@@ -16,7 +16,7 @@ buildPythonPackage rec {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-UbcPxYEyuX8W0uZXeCu00yBshdcPBAQKzZqhAYXTf+8=";
+    hash = "sha256-qWKvNhiOAonUi0qpOWtwbNZa2lgBQ+gaGrAHMgDdr4Q=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/aiobotocore/default.nix

@@ -10,12 +10,12 @@
 
 buildPythonPackage rec {
   pname = "aiobotocore";
-  version = "2.1.1";
+  version = "2.1.2";
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-2+mrmXhRwkWLB6hfaCvizPNdZ51d4Pj1cSKfdArXunE=";
+    sha256 = "sha256-AP1/Q8wEhNjtJ0/QvkkqoWp/6medvqlqYCu3IspMLSI=";
   };
 
   # relax version constraints: aiobotocore works with newer botocore versions

pkgs/development/python-modules/angr/default.nix

@@ -46,7 +46,7 @@ in
 
 buildPythonPackage rec {
   pname = "angr";
-  version = "9.1.11752";
+  version = "9.1.12332";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
@@ -55,7 +55,7 @@ buildPythonPackage rec {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-4DUM1c3M/naJFqN/gdrX/NnJrY3ElUEOQ34cwcpSC+s=";
+    hash = "sha256-GaW1XyFOnjU28HqptFC6+Fe41zYZMR716Nsq0dPy660=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/angrop/default.nix

@@ -9,7 +9,7 @@
 
 buildPythonPackage rec {
   pname = "angrop";
-  version = "9.1.11752";
+  version = "9.1.12332";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
@@ -18,7 +18,7 @@ buildPythonPackage rec {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-nZGAuWp07VMpOvqw38FGSiUhaFjJOfCzOaam4Ex7qbY=";
+    hash = "sha256-lhwlZ7eHaEMaTW7c+WCRSeGSIQ5IeEx6XALyYJH+Ey0=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/archinfo/default.nix

@@ -1,6 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchFromGitHub
+, fetchpatch
 , pytestCheckHook
 , nose
 , pythonOlder
@@ -8,7 +9,7 @@
 
 buildPythonPackage rec {
   pname = "archinfo";
-  version = "9.1.11752";
+  version = "9.1.12332";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
@@ -17,7 +18,7 @@ buildPythonPackage rec {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-D1YssHa14q2jxn4HtOYZlTdwGPkiiMhWuOh08fj87ic=";
+    hash = "sha256-nv/hwQZgKv/cM8fF6GqI8zY9GAe8aCZ/AGFOmhz+bMM=";
   };
 
   checkInputs = [
@@ -25,6 +26,15 @@ buildPythonPackage rec {
     pytestCheckHook
   ];
 
+  patches = [
+    # Make archinfo import without installing pyvex, https://github.com/angr/archinfo/pull/113
+    (fetchpatch {
+      name = "fix-import-issue.patch";
+      url = "https://github.com/angr/archinfo/commit/d29c108f55ffd458ff1d3d65db2d651c76b19267.patch";
+      sha256 = "sha256-9vi0QyqQLIPQxFuB8qrpcnPXWOJ6d27/IXJE/Ui6HhM=";
+    })
+  ];
+
   pythonImportsCheck = [
     "archinfo"
   ];

pkgs/development/python-modules/claripy/default.nix

@@ -13,7 +13,7 @@
 
 buildPythonPackage rec {
   pname = "claripy";
-  version = "9.1.11752";
+  version = "9.1.12332";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
@@ -22,7 +22,7 @@ buildPythonPackage rec {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-Z50oKwS0MZVBEUeXfj9cgtPYXFAYf4i7QkgJiXdWrxo=";
+    sha256 = "sha256-YrR8OkDoop6kHAuk4cM4STYYOjjaMLZCQuE07/5IXqs=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/cle/default.nix

@@ -15,7 +15,7 @@
 
 let
   # The binaries are following the argr projects release cycle
-  version = "9.1.11752";
+  version = "9.1.12332";
 
   # Binary files from https://github.com/angr/binaries (only used for testing and only here)
   binaries = fetchFromGitHub {
@@ -37,7 +37,7 @@ buildPythonPackage rec {
     owner = "angr";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-pnbFnv/te7U2jB6gNRvE9DQssBkFsara1g6Gtqf+WVo=";
+    hash = "sha256-xcj6Skzzmw5g+0KsBMLNOhRyXQA7nbgnc9YyfJLteCM=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/cloudsmith-api/default.nix

@@ -9,14 +9,14 @@
 
 buildPythonPackage rec {
   pname = "cloudsmith-api";
-  version = "1.33.7";
+  version = "1.42.3";
 
   format = "wheel";
 
   src = fetchPypi {
     pname = "cloudsmith_api";
     inherit format version;
-    sha256 = "sha256-KNm2O2kZg+YzjtebsBoL7BOHCuffDELXm2k8vIFtKdk=";
+    sha256 = "sha256-P0QuKkyFk3jvYJwtul0/eUTrDyj2QKAjU/Ac+4VCYYk=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/jax/default.nix

@@ -19,7 +19,7 @@ let
 in
 buildPythonPackage rec {
   pname = "jax";
-  version = "0.3.3";
+  version = "0.3.4";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -27,8 +27,8 @@ buildPythonPackage rec {
   src = fetchFromGitHub {
     owner = "google";
     repo = pname;
-    rev = "${pname}-v${version}";
-    sha256 = "12k5kzgs2cxf9nvcc10a9ldl4zn68b5cnkhchfj1s7f61abx6nq3";
+    rev = "jax-v${version}";
+    sha256 = "sha256-RZqSJP2vtt8U6nmftV2VzfkMGkkk3100QqsjI7PpQbc=";
   };
 
   patches = [

pkgs/development/python-modules/pysaml2/default.nix

@@ -22,7 +22,7 @@
 
 buildPythonPackage rec {
   pname = "pysaml2";
-  version = "7.1.1";
+  version = "7.1.2";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
@@ -31,7 +31,7 @@ buildPythonPackage rec {
     owner = "IdentityPython";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-uRfcn3nCK+tx6ol6ZFarOSrDOh0cfC9gZXBZ7EICQzw=";
+    sha256 = "sha256-nyQcQ1OO9PuuQROg+km2vIRF1sZ22MZhiHpmVXWl+is=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pyvex/default.nix

@@ -12,14 +12,14 @@
 
 buildPythonPackage rec {
   pname = "pyvex";
-  version = "9.1.11752";
+  version = "9.1.12332";
   format = "setuptools";
 
   disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-DI+Jc5MtDd2XXfjIDtPd8qt4/eQ/3nwbDUqWE2haUhM=";
+    hash = "sha256-e1lruHgppQ8mJbTx6xsUDSkLCYQISqM9c1vsjdQU4eI=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/scikit-hep-testdata/default.nix

@@ -10,7 +10,7 @@
 
 buildPythonPackage rec {
   pname = "scikit-hep-testdata";
-  version = "0.4.11";
+  version = "0.4.12";
   format = "pyproject";
 
   # fetch from github as we want the data files
@@ -19,7 +19,7 @@ buildPythonPackage rec {
     owner = "scikit-hep";
     repo = pname;
     rev = "v${version}";
-    sha256 = "18r5nk8d5y79ihzjkjm5l0hiw2sjgj87px7vwb0bxbs73f5v353b";
+    sha256 = "sha256-ZnsOmsajW4dDv53I/Cuu97mPJywGiwFhNGpT1WRfxSw=";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/scrapy/default.nix

@@ -22,6 +22,7 @@
 , service-identity
 , sybil
 , testfixtures
+, tldextract
 , twisted
 , w3lib
 , zope_interface
@@ -29,13 +30,13 @@
 
 buildPythonPackage rec {
   pname = "scrapy";
-  version = "2.5.1";
+  version = "2.6.1";
   disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit version;
     pname = "Scrapy";
-    sha256 = "13af6032476ab4256158220e530411290b3b934dd602bb6dacacbf6d16141f49";
+    sha256 = "56fd55a59d0f329ce752892358abee5a6b50b4fc55a40420ea317dc617553827";
   };
 
   nativeBuildInputs = [
@@ -54,6 +55,7 @@ buildPythonPackage rec {
     pyopenssl
     queuelib
     service-identity
+    tldextract
     twisted
     w3lib
     zope_interface
@@ -68,22 +70,6 @@ buildPythonPackage rec {
     testfixtures
   ];
 
-  patches = [
-    # Require setuptools, https://github.com/scrapy/scrapy/pull/5122
-    (fetchpatch {
-      name = "add-setuptools.patch";
-      url = "https://github.com/scrapy/scrapy/commit/4f500342c8ad4674b191e1fab0d1b2ac944d7d3e.patch";
-      sha256 = "14030sfv1cf7dy4yww02b49mg39cfcg4bv7ys1iwycfqag3xcjda";
-    })
-    # Make Twisted[http2] installation optional, https://github.com/scrapy/scrapy/pull/5113
-    (fetchpatch {
-      name = "remove-h2.patch";
-      url = "https://github.com/scrapy/scrapy/commit/c5b1ee810167266fcd259f263dbfc0fe0204761a.patch";
-      sha256 = "0sa39yx9my4nqww8a12bk9zagx7b56vwy7xpxm4xgjapjl6mcc0k";
-      excludes = [ "tox.ini" ];
-    })
-  ];
-
   LC_ALL = "en_US.UTF-8";
 
   preCheck = ''

pkgs/development/python-modules/typed-settings/default.nix

@@ -12,13 +12,13 @@
 
 buildPythonPackage rec {
   pname = "typed-settings";
-  version = "0.11.1";
+  version = "1.0.0";
   format = "pyproject";
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-gcyOeUyRAwU5s+XoQO/yM0tx7QHjDsBeyoe5HRZHtIs=";
+    sha256 = "sha256-c+iOb1F8+9IoRbwpMTdyDfOPW2ZEo4xDAlbzLAxgSfk=";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/types-pytz/default.nix

@@ -5,12 +5,12 @@
 
 buildPythonPackage rec {
   pname = "types-pytz";
-  version = "2021.3.5";
+  version = "2021.3.6";
   format = "setuptools";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-/vjeI47pUTWVIimiojv7h71j1abIWYEGpGz89I8Gnqg=";
+    sha256 = "sha256-dFR/2Q2NirTx7t86NEp9GG2XSGlziV+BIhpxLh4s2ZM=";
   };
 
   # Modules doesn't have tests

pkgs/development/python-modules/types-tabulate/default.nix

@@ -5,11 +5,11 @@
 
 buildPythonPackage rec {
   pname = "types-tabulate";
-  version = "0.8.5";
+  version = "0.8.6";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-A/KDvzhOoSG3tqWK+zj03vl/MHBPyhOg2mhpNrDzkqw=";
+    hash = "sha256-P037eVRJwheO1cIU7FEUwESx7t1xrQoQA7xnDwnYcQo=";
   };
 
   # Module doesn't have tests

pkgs/development/python-modules/wrf-python/default.nix

@@ -1,14 +1,27 @@
-{lib, fetchFromGitHub, pythonOlder, buildPythonPackage, gfortran, mock, xarray, wrapt, numpy, netcdf4, setuptools}:
+{lib
+, fetchFromGitHub
+, pythonOlder
+, buildPythonPackage
+, gfortran
+, xarray
+, wrapt
+, numpy
+, netcdf4
+, setuptools
+}:
 
 buildPythonPackage rec {
   pname = "wrf-python";
-  version = "1.3.2.6";
+  version = "1.3.3";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
 
   src = fetchFromGitHub {
     owner = "NCAR";
     repo = "wrf-python";
     rev = version;
-    sha256 = "046kflai71r7xrmdw6jn0ifn5656wj9gpnwlgxkx430dgk7zbc2y";
+    hash = "sha256-+v4FEK0FVE0oAIb18XDTOInHKfxXyykb1ngk9Uxwf0c=";
   };
 
   propagatedBuildInputs = [
@@ -24,9 +37,8 @@ buildPythonPackage rec {
 
   checkInputs = [
     netcdf4
-  ] ++ lib.optional (pythonOlder "3.3") mock;
+  ];
 
-  doCheck = true;
   checkPhase = ''
     runHook preCheck
     cd ./test/ci_tests
@@ -34,10 +46,14 @@ buildPythonPackage rec {
     runHook postCheck
   '';
 
-  meta = {
+  pythonImportsCheck = [
+    "wrf"
+  ];
+
+  meta = with lib; {
     description = "WRF postprocessing library for Python";
     homepage = "http://wrf-python.rtfd.org";
-    license = lib.licenses.asl20;
-    maintainers = with lib.maintainers; [ mhaselsteiner ];
+    license = licenses.asl20;
+    maintainers = with maintainers; [ mhaselsteiner ];
   };
 }

pkgs/development/tools/circup/default.nix

@@ -40,7 +40,7 @@ python3.pkgs.buildPythonApplication rec {
   '';
 
   pythonImportsCheck = [
-    " circup "
+    "circup"
   ];
 
   meta = with lib; {

pkgs/development/tools/doctl/default.nix

@@ -2,7 +2,7 @@
 
 buildGoModule rec {
   pname = "doctl";
-  version = "1.71.0";
+  version = "1.71.1";
 
   vendorSha256 = null;
 
@@ -31,7 +31,7 @@ buildGoModule rec {
     owner = "digitalocean";
     repo = "doctl";
     rev = "v${version}";
-    sha256 = "sha256-cj2+DmJyLa6kFkH9JflaR3yFFXBaVZHO6czJGLEH7L0=";
+    sha256 = "sha256-Y6YabrpM1WcNGp5ksvq3SBuAS6KEUVzEfxsPmBDS+Io=";
   };
 
   meta = with lib; {

pkgs/development/tools/ko/default.nix

@@ -7,13 +7,13 @@
 
 buildGoModule rec {
   pname = "ko";
-  version = "0.11.0";
+  version = "0.11.1";
 
   src = fetchFromGitHub {
     owner = "google";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-MT/68znsRPwRnT7150kzE74MunSzyMBftTA50b9ZS3M=";
+    sha256 = "sha256-VtPry8sF+W46gc2lI3uiE4wqilo1WhH+940QKPZ5cyI=";
   };
   vendorSha256 = null;
 
@@ -40,8 +40,9 @@ buildGoModule rec {
 
   postInstall = ''
     installShellCompletion --cmd ko \
-      --bash <($out/bin/ko completion) \
-      --zsh <($out/bin/ko completion --zsh)
+      --bash <($out/bin/ko completion bash) \
+      --fish <($out/bin/ko completion fish) \
+      --zsh <($out/bin/ko completion zsh)
   '';
 
   meta = with lib; {

pkgs/development/tools/toml2json/default.nix

@@ -0,0 +1,20 @@
+{ lib, rustPlatform, fetchCrate }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "toml2json";
+  version = "1.3.0";
+
+  src = fetchCrate {
+    inherit pname version;
+    sha256 = "sha256-TxTxKHf5g+mBXDq147T5tuwCqyfyoz6Mj55g1tlgRDY=";
+  };
+
+  cargoHash = "sha256-EYp30TMIpzSCkPIqqdc7sGpfaWs9OLi9ey7DoPE4jzI=";
+
+  meta = with lib; {
+    description = "A very small CLI for converting TOML to JSON";
+    homepage = "https://github.com/woodruffw/toml2json";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ rvarago ];
+  };
+}

pkgs/os-specific/linux/pflask/default.nix

@@ -1,18 +1,22 @@
-{ lib, stdenv, fetchFromGitHub, python2, wafHook }:
+{ lib, stdenv, fetchFromGitHub, python3, wafHook }:
 
 stdenv.mkDerivation rec {
   pname = "pflask";
-  version = "unstable-2015-12-17";
+  version = "unstable-2018-01-23";
 
   src = fetchFromGitHub {
     owner = "ghedo";
-    repo = "pflask";
-    rev = "599418bb6453eaa0ccab493f9411f13726c1a636";
-    hash = "sha256-0RjitZd2JUK7WUEJuw4qhUx3joY5OI0Hh74mTzp7GmY=";
+    repo = pname;
+    rev = "9ac31ffe2ed29453218aac89ae992abbd6e7cc69";
+    hash = "sha256-bAKPUj/EipZ98kHbZiFZZI3hLVMoQpCrYKMmznpSDhg=";
   };
 
-  nativeBuildInputs = [ wafHook ];
-  buildInputs = [ python2 ];
+  nativeBuildInputs = [ python3 wafHook ];
+
+  postInstall = ''
+    mkdir -p $out/bin
+    cp build/pflask $out/bin
+  '';
 
   meta = {
     description = "Lightweight process containers for Linux";

pkgs/servers/dns/knot-resolver/default.nix

@@ -17,11 +17,11 @@ lua = luajitPackages;
 
 unwrapped = stdenv.mkDerivation rec {
   pname = "knot-resolver";
-  version = "5.4.4";
+  version = "5.5.0";
 
   src = fetchurl {
     url = "https://secure.nic.cz/files/knot-resolver/${pname}-${version}.tar.xz";
-    sha256 = "588964319e943679d391cc9c886d40ef858ecd9b33ae160023b4e2b5182b2cea";
+    sha256 = "4e6f48c74d955f143d603f6072670cb41ab9acdd95d4455d6e74b6908562c55a";
   };
 
   outputs = [ "out" "dev" ];

pkgs/servers/imgproxy/default.nix

@@ -3,16 +3,16 @@
 
 buildGoModule rec {
   pname = "imgproxy";
-  version = "3.3.1";
+  version = "3.3.2";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
-    sha256 = "sha256-GZYaFK6g26gbVa3sHwTZ4fNGMFWBWevqcfJc/3SC890=";
+    sha256 = "sha256-LJsiZeKgetFTqX58I82jDr8fIgYJCDVhb44yg8uc/8w=";
     rev = "v${version}";
   };
 
-  vendorSha256 = "sha256-uV5pnnvVYviw2LnceQUiTJXva3WI51pgW6IeZzVhULc=";
+  vendorSha256 = "sha256-088VEntNx3ZX2p6EiAZ6nSeWmM32XLAOmqXu2sd9QG4=";
 
   doCheck = false;
 

pkgs/servers/misc/virtiofsd/default.nix

@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "virtiofsd";
-  version = "1.0.0";
+  version = "1.1.0";
 
   src = fetchFromGitLab {
     owner = "virtio-fs";
     repo = "virtiofsd";
     rev = "v${version}";
-    sha256 = "010xf482qip91mv91wy9zjdsq0gfg1fd6iclrcry0nfnwlbigbwd";
+    sha256 = "sha256-WB0zu2M/5enBOoOUUSXnNAkbsA+JzDgtoLncE1YcDLs=";
   };
 
-  cargoSha256 = "0bfvqbmvkf17slra5k0nnva6j6w07769k226qnbzb3947zf4x2ga";
+  cargoSha256 = "sha256-uRPmZE/xc0yeurBZ4rnrZua5d4lbPwStMUacFgbquuk=";
 
   buildInputs = [ libcap_ng libseccomp ];
 

pkgs/servers/monitoring/prometheus/apcupsd-exporter.nix

@@ -2,18 +2,16 @@
 
 buildGoModule rec {
   pname = "apcupsd-exporter";
-  version = "0.2.0";
+  version = "0.3.0";
 
   src = fetchFromGitHub {
     owner = "mdlayher";
     repo = "apcupsd_exporter";
     rev = "v${version}";
-    sha256 = "0gjj23qdjs7rqimq95rbfw43m4l6g73j840svxjlmpd1vzzz2v2q";
+    sha256 = "sha256-c0LsUqpJbmWQmbmSGdEy7Bbk20my6iWNLeqtU5BjYlw=";
   };
 
-  vendorSha256 = "09x8y8pmgfn897hvnk122ry460y12b8a7y5fafri5wn9vxab9r82";
-
-  doCheck = false;
+  vendorSha256 = "sha256-bvLwHLviIAGmxYY1O0wFDWAMginEUklicrbjIbbPuUw=";
 
   passthru.tests = { inherit (nixosTests.prometheus-exporters) apcupsd; };
 

pkgs/servers/monitoring/prometheus/wireguard-exporter.nix

@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "wireguard-exporter";
-  version = "3.5.0";
+  version = "3.6.2";
 
   src = fetchFromGitHub {
     owner = "MindFlavor";
     repo = "prometheus_wireguard_exporter";
     rev = version;
-    sha256 = "sha256-LHhqQ0p2qt6ZAdkpY1SEAcGXH47TPhHvlDv+eL8GC58=";
+    sha256 = "sha256-eVGyBynKZLGlsaLwUOx7cJWdRHl65S0Wk1K5c9T8ysQ=";
   };
 
-  cargoSha256 = "sha256-lNFsO7FSmH1+DLM7ID0vn6234qTdtUoaLSnqKcbHoXE=";
+  cargoSha256 = "sha256-JbFoaMTs6TPYq2qgBkT7WX1itMXohgcWbC1UvaXOi8o=";
 
   buildInputs = lib.optionals stdenv.isDarwin [ libiconv Security ];
 

pkgs/servers/pleroma/default.nix

@@ -1,7 +1,8 @@
 { lib, beamPackages
 , fetchFromGitHub, fetchFromGitLab
-, file, cmake
+, file, cmake, bash
 , nixosTests, writeText
+, cookieFile ? null
 , ...
 }:
 
@@ -17,6 +18,34 @@ beamPackages.mixRelease rec {
     sha256 = "sha256-RcqqNNNCR4cxETUCyjChkpq+cQ1QzNOHHzdqBLtOc6g=";
   };
 
+  preFixup = if (cookieFile != null) then ''
+    # There's no way to use a subprocess to cat the content of the
+    # file cookie using wrapProgram: it gets escaped (by design) with
+    # a pair of backticks :(
+    # We have to come up with our own custom wrapper to do this.
+    function wrapWithCookie () {
+        local hidden
+        hidden="$(dirname "$1")/.$(basename "$1")"-wrapped
+        while [ -e "$hidden" ]; do
+            hidden="''${hidden}_"
+        done
+        mv "$1" "''${hidden}"
+
+        cat > "$1" << EOF
+    #!${bash}/bin/bash
+    export RELEASE_COOKIE="\$(cat "${cookieFile}")"
+    exec -a "\$0" "''${hidden}" "\$@"
+    EOF
+        chmod +x "$1"
+    }
+
+    for f in "$out"/bin/*; do
+        if [[ -x "$f" ]]; then
+            wrapWithCookie "$f"
+        fi
+    done
+  '' else "";
+
   mixNixDeps = import ./mix.nix {
     inherit beamPackages lib;
     overrides = (final: prev: {

pkgs/servers/sql/materialize/default.nix

@@ -40,17 +40,17 @@ let
 in
 rustPlatform.buildRustPackage rec {
   pname = "materialize";
-  version = "0.15.0";
-  MZ_DEV_BUILD_SHA = "f79f63205649d6011822893c5b55396b2bef7b0b";
+  version = "0.17.0";
+  MZ_DEV_BUILD_SHA = "9f8cf75b461d288335cb6a7a73aaa670bab4a466";
 
   src = fetchFromGitHub {
     owner = "MaterializeInc";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-/A6+0fehBa8XEB8P8QUV5Lsl9Lwfz4FhQLgotvBG1Gw=";
+    hash = "sha256-wKYU5S77VoOX7UA9/d21Puz9NYs/om08eNM69/m3Orc=";
   };
 
-  cargoHash = "sha256-NJvAIy9b39HWJaG860Mlf3WasanUnz+Nq39k4WpddB0=";
+  cargoHash = "sha256-GTkn/fUprkpsDeQxtzdmS7Fub9QODO5/4nh9ERswOY0=";
 
   nativeBuildInputs = [ cmake perl pkg-config ]
     # Provides the mig command used by the krb5-src build script
@@ -71,9 +71,6 @@ rustPlatform.buildRustPackage rec {
     "--skip test_client_subject_and_references"
     "--skip test_no_block"
     "--skip test_safe_mode"
-    # this test is broken on 0.15.0
-    # TODO: re-add it in a subsequent release
-    "--skip test_threads"
     "--skip test_tls"
   ];
 

pkgs/servers/tailscale/default.nix

@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "tailscale";
-  version = "1.22.1";
+  version = "1.22.2";
 
   src = fetchFromGitHub {
     owner = "tailscale";
     repo = "tailscale";
     rev = "v${version}";
-    sha256 = "sha256-VUML5GwHrRYPd9lnOZuMA3T1SfdC0rVLP5m1yf+SA0A=";
+    sha256 = "sha256-W4BcUDMxUZKFXueSI/Xlml17Jabi/hnnOyXgitao76A=";
   };
 
   nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper ];

pkgs/servers/web-apps/wordpress/default.nix

@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "wordpress";
-  version = "5.9";
+  version = "5.9.2";
 
   src = fetchurl {
     url = "https://wordpress.org/${pname}-${version}.tar.gz";
-    sha256 = "sha256-RVg45GvS0wqEka6b0lv3Acgu1p28fImAbioTCGjG/7c=";
+    sha256 = "sha256-d2Xy3SpWzpIHmXh8x5BKWF9jNlvKK6D3uwbqIGDGn4s=";
   };
 
   installPhase = ''

pkgs/tools/networking/corerad/default.nix

@@ -1,17 +1,17 @@
-{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
+{ lib, buildGo118Module, fetchFromGitHub, nixosTests }:
 
-buildGoModule rec {
+buildGo118Module rec {
   pname = "corerad";
-  version = "1.0.0";
+  version = "1.1.0";
 
   src = fetchFromGitHub {
     owner = "mdlayher";
     repo = "corerad";
     rev = "v${version}";
-    sha256 = "sha256-23f+WJcTf+x9GW+hGUU3/j4Qi9MfcsfQuS7aEU4uGU4=";
+    sha256 = "sha256-i7TvXP8aKW5izWv1AATvc5aP5qO3WxM09AiN5NRRylY=";
   };
 
-  vendorSha256 = "sha256-SSa+yBZjZ+5vRfzfCtNhF+kRyJ/VMgd9uWqKPwIi8+Y=";
+  vendorSha256 = "sha256-+9KjgbKuAJexdGEKu9hIsHfHsVbKeB5ZtSgFzM2/bOI=";
 
   doCheck = false;
 

pkgs/top-level/all-packages.nix

@@ -10556,6 +10556,8 @@ with pkgs;
 
   tokio-console = callPackage ../development/tools/tokio-console { };
 
+  toml2json = callPackage ../development/tools/toml2json { };
+
   toml2nix = (callPackage ../tools/toml2nix { }).toml2nix { };
 
   topgrade = callPackage ../tools/misc/topgrade {