swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 12:29:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into haskell-updates

Browse source
This commit is contained in:
github-actions[bot] 2023-10-23 00:12:11 +00:00 committed by GitHub
parent 5ea114083c 32d09494bc
commit cb8c0b6ac0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1110 changed files with 26373 additions and 7941 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
doc/stdenv/stdenv.chapter.md
View file

@ -101,25 +101,62 @@ genericBuild
### Building a `stdenv` package in `nix-shell` {#sec-building-stdenv-package-in-nix-shell}
To build a `stdenv` package in a [`nix-shell`](https://nixos.org/manual/nix/unstable/command-ref/nix-shell.html), use
To build a `stdenv` package in a [`nix-shell`](https://nixos.org/manual/nix/unstable/command-ref/nix-shell.html), enter a shell, find the [phases](#sec-stdenv-phases) you wish to build, then invoke `genericBuild` manually:
Go to an empty directory, invoke `nix-shell` with the desired package, and from inside the shell, set the output variables to a writable directory:
```bash
cd "$(mktemp -d)"
nix-shell '<nixpkgs>' -A some_package
eval "${unpackPhase:-unpackPhase}"
cd $sourceRoot
eval "${patchPhase:-patchPhase}"
eval "${configurePhase:-configurePhase}"
eval "${buildPhase:-buildPhase}"
export out=$(pwd)/out
```
Next, invoke the desired parts of the build.
First, run the phases that generate a working copy of the sources, which will change directory to the sources for you:
```bash
phases="${prePhases[*]:-} unpackPhase patchPhase" genericBuild
```
Then, run more phases up until the failure is reached.
For example, if the failure is in the build phase, the following phases would be required:
```bash
phases="${preConfigurePhases[*]:-} configurePhase ${preBuildPhases[*]:-} buildPhase" genericBuild
```
Re-run a single phase as many times as necessary to examine the failure like so:
```bash
phases="buildPhase" genericBuild
```
To modify a [phase](#sec-stdenv-phases), first print it with
```bash
echo "$buildPhase"
```
Or, if that is empty, for instance, if it is using a function:
```bash
type buildPhase
```
then change it in a text editor, and paste it back to the terminal.
::: {.note}
This method may have some inconsistencies in environment variables and behaviour compared to a normal build within the [Nix build sandbox](https://nixos.org/manual/nix/unstable/language/derivations#builder-execution).
The following is a non-exhaustive list of such differences:
- `TMP`, `TMPDIR`, and similar variables likely point to non-empty directories that the build might conflict with files in.
- Output store paths are not writable, so the variables for outputs need to be overridden to writable paths.
- Other environment variables may be inconsistent with a `nix-build` either due to `nix-shell`'s initialization script or due to the use of `nix-shell` without the `--pure` option.
If the build fails differently inside the shell than in the sandbox, consider using [`breakpointHook`](#breakpointhook) and invoking `nix-build` instead.
The [`--keep-failed`](https://nixos.org/manual/nix/unstable/command-ref/conf-file#opt--keep-failed) option for `nix-build` may also be useful to examine the build directory of a failed build.
:::
## Tools provided by `stdenv` {#sec-tools-of-stdenv}
The standard environment provides the following packages:

6
maintainers/maintainer-list.nix
View file

@ -4520,6 +4520,12 @@
githubId = 1708810;
name = "Daniel Vianna";
};
dmytrokyrychuk = {
email = "dmytro@kyrych.uk";
github = "dmytrokyrychuk";
githubId = 699961;
name = "Dmytro Kyrychuk";
};
dnr = {
email = "dnr@dnr.im";
github = "dnr";

1
maintainers/team-list.nix
View file

@ -350,6 +350,7 @@ with lib.maintainers; {
mic92
zowoq
qbit
mfrw
];
githubTeams = [
"golang"

2
nixos/doc/manual/development/settings-options.section.md
View file

@ -58,7 +58,7 @@ have a predefined type and string generator already declared under
and returning a set with YAML-specific attributes `type` and
`generate` as specified [below](#pkgs-formats-result).
`pkgs.formats.ini` { *`listsAsDuplicateKeys`* ? false, *`listToValue`* ? null, \... }
`pkgs.formats.ini` { *`listsAsDuplicateKeys`* ? false, *`listToValue`* ? null, \.\.\. }
: A function taking an attribute set with values

4
nixos/doc/manual/release-notes/rl-1509.section.md
View file

@ -2,7 +2,7 @@
In addition to numerous new and upgraded packages, this release has the following highlights:
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up ("Haskell NG"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) \-- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement ["Full Stackage Support in Nixpkgs"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
- The [Haskell](http://haskell.org/) packages infrastructure has been re-designed from the ground up ("Haskell NG"). NixOS now distributes the latest version of every single package registered on [Hackage](http://hackage.haskell.org/) -- well in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the [User's Guide to the Haskell Infrastructure](https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure). Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional Haskell package sets that provide every single [LTS Haskell](http://www.stackage.org/) release since version 0.0 as well as the most recent [Stackage Nightly](http://www.stackage.org/) snapshot. The announcement ["Full Stackage Support in Nixpkgs"](https://nixos.org/nix-dev/2015-September/018138.html) gives additional details.
- Nix has been updated to version 1.10, which among other improvements enables cryptographic signatures on binary caches for improved security.
@ -178,7 +178,7 @@ The new option `system.stateVersion` ensures that certain configuration changes
- Nix now requires binary caches to be cryptographically signed. If you have unsigned binary caches that you want to continue to use, you should set `nix.requireSignedBinaryCaches = false`.
- Steam now doesn't need root rights to work. Instead of using `*-steam-chrootenv`, you should now just run `steam`. `steamChrootEnv` package was renamed to `steam`, and old `steam` package \-- to `steamOriginal`.
- Steam now doesn't need root rights to work. Instead of using `*-steam-chrootenv`, you should now just run `steam`. `steamChrootEnv` package was renamed to `steam`, and old `steam` package -- to `steamOriginal`.
- CMPlayer has been renamed to bomi upstream. Package `cmplayer` was accordingly renamed to `bomi`

12
nixos/doc/manual/release-notes/rl-2311.section.md
View file

@ -4,6 +4,8 @@
- FoundationDB now defaults to major version 7.
- PostgreSQL now defaults to major version 15.
- Support for WiFi6 (IEEE 802.11ax) and WPA3-SAE-PK was enabled in the `hostapd` package, along with a significant rework of the hostapd module.
- LXD now supports virtual machine instances to complement the existing container support
@ -24,6 +26,8 @@
- `root` and `wheel` are not given the ability to set (or preserve)
arbitrary environment variables.
- [glibc](https://www.gnu.org/software/libc/) has been updated from version 2.37 to 2.38, see [the release notes](https://sourceware.org/glibc/wiki/Release/2.38) for what was changed.
[`sudo-rs`]: https://github.com/memorysafety/sudo-rs/
- All [ROCm](https://rocm.docs.amd.com/en/latest/) packages have been updated to 5.7.0.
@ -76,6 +80,8 @@
- [Jool](https://nicmx.github.io/Jool/en/index.html), a kernelspace NAT64 and SIIT implementation, providing translation between IPv4 and IPv6. Available as [networking.jool.enable](#opt-networking.jool.enable).
- [Home Assistant Satellite], a streaming audio satellite for Home Assistant voice pipelines, where you can reuse existing mic/speaker hardware. Available as [services.homeassistant-satellite](#opt-services.homeassistant-satellite.enable).
- [Apache Guacamole](https://guacamole.apache.org/), a cross-platform, clientless remote desktop gateway. Available as [services.guacamole-server](#opt-services.guacamole-server.enable) and [services.guacamole-client](#opt-services.guacamole-client.enable) services.
- [pgBouncer](https://www.pgbouncer.org), a PostgreSQL connection pooler. Available as [services.pgbouncer](#opt-services.pgbouncer.enable).
@ -317,6 +323,8 @@
- `win-virtio` package was renamed to `virtio-win` to be consistent with the upstream package name.
- `ps3netsrv` has been replaced with the webman-mod fork, the executable has been renamed from `ps3netsrv++` to `ps3netsrv` and cli parameters have changed.
## Other Notable Changes {#sec-release-23.11-notable-changes}
- The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration.
@ -444,6 +452,8 @@ The module update takes care of the new config syntax and the data itself (user
If you use this feature, updates to CoreDNS may require updating `vendorHash` by following these steps again.
- `ffmpeg` default upgraded from `ffmpeg_5` to `ffmpeg_6`.
- `fusuma` now enables the following plugins: [appmatcher](https://github.com/iberianpig/fusuma-plugin-appmatcher), [keypress](https://github.com/iberianpig/fusuma-plugin-keypress), [sendkey](https://github.com/iberianpig/fusuma-plugin-sendkey), [tap](https://github.com/iberianpig/fusuma-plugin-tap) and [wmctrl](https://github.com/iberianpig/fusuma-plugin-wmctrl).
## Nixpkgs internals {#sec-release-23.11-nixpkgs-internals}
@ -487,3 +497,5 @@ The module update takes care of the new config syntax and the data itself (user
- The `electron` packages now places its application files in `$out/libexec/electron` instead of `$out/lib/electron`. Packages using electron-builder will fail to build and need to be adjusted by changing `lib` to `libexec`.
- `teleport` has been upgraded from major version 12 to major version 14. Please see upstream [upgrade instructions](https://goteleport.com/docs/management/operations/upgrading/) and release notes for versions [13](https://goteleport.com/docs/changelog/#1300-050823) and [14](https://goteleport.com/docs/changelog/#1400-092023). Note that Teleport does not officially support upgrades across more than one major version at a time. If you're running Teleport server components, it is recommended to first upgrade to an intermediate 13.x version by setting `services.teleport.package = pkgs.teleport_13`. Afterwards, this option can be removed to upgrade to the default version (14).
- The Linux kernel module `msr` (see [`msr(4)`](https://man7.org/linux/man-pages/man4/msr.4.html)), which provides an interface to read and write the model-specific registers (MSRs) of an x86 CPU, can now be configured via `hardware.cpu.x86.msr`.

15
nixos/lib/test-driver/test_driver/machine.py
View file

@ -19,6 +19,8 @@ from typing import Any, Callable, Dict, Iterable, List, Optional, Tuple
from test_driver.logger import rootlog
from .qmp import QMPSession
CHAR_TO_KEY = {
"A": "shift-a",
"N": "shift-n",
@ -144,6 +146,7 @@ class StartCommand:
def cmd(
self,
monitor_socket_path: Path,
qmp_socket_path: Path,
shell_socket_path: Path,
allow_reboot: bool = False,
) -> str:
@ -167,6 +170,7 @@ class StartCommand:
return (
f"{self._cmd}"
f" -qmp unix:{qmp_socket_path},server=on,wait=off"
f" -monitor unix:{monitor_socket_path}"
f" -chardev socket,id=shell,path={shell_socket_path}"
f"{qemu_opts}"
@ -194,11 +198,14 @@ class StartCommand:
state_dir: Path,
shared_dir: Path,
monitor_socket_path: Path,
qmp_socket_path: Path,
shell_socket_path: Path,
allow_reboot: bool,
) -> subprocess.Popen:
return subprocess.Popen(
self.cmd(monitor_socket_path, shell_socket_path, allow_reboot),
self.cmd(
monitor_socket_path, qmp_socket_path, shell_socket_path, allow_reboot
),
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
@ -309,6 +316,7 @@ class Machine:
shared_dir: Path
state_dir: Path
monitor_path: Path
qmp_path: Path
shell_path: Path
start_command: StartCommand
@ -317,6 +325,7 @@ class Machine:
process: Optional[subprocess.Popen]
pid: Optional[int]
monitor: Optional[socket.socket]
qmp_client: Optional[QMPSession]
shell: Optional[socket.socket]
serial_thread: Optional[threading.Thread]
@ -352,6 +361,7 @@ class Machine:
self.state_dir = self.tmp_dir / f"vm-state-{self.name}"
self.monitor_path = self.state_dir / "monitor"
self.qmp_path = self.state_dir / "qmp"
self.shell_path = self.state_dir / "shell"
if (not self.keep_vm_state) and self.state_dir.exists():
self.cleanup_statedir()
@ -360,6 +370,7 @@ class Machine:
self.process = None
self.pid = None
self.monitor = None
self.qmp_client = None
self.shell = None
self.serial_thread = None
@ -1112,11 +1123,13 @@ class Machine:
self.state_dir,
self.shared_dir,
self.monitor_path,
self.qmp_path,
self.shell_path,
allow_reboot,
)
self.monitor, _ = monitor_socket.accept()
self.shell, _ = shell_socket.accept()
self.qmp_client = QMPSession.from_path(self.qmp_path)
# Store last serial console lines for use
# of wait_for_console_text

98
nixos/lib/test-driver/test_driver/qmp.py Normal file
View file

@ -0,0 +1,98 @@
import json
import logging
import os
import socket
from collections.abc import Iterator
from pathlib import Path
from queue import Queue
from typing import Any
logger = logging.getLogger(__name__)
class QMPAPIError(RuntimeError):
def __init__(self, message: dict[str, Any]):
assert "error" in message, "Not an error message!"
try:
self.class_name = message["class"]
self.description = message["desc"]
# NOTE: Some errors can occur before the Server is able to read the
# id member; in these cases the id member will not be part of the
# error response, even if provided by the client.
self.transaction_id = message.get("id")
except KeyError:
raise RuntimeError("Malformed QMP API error response")
def __str__(self) -> str:
return f"<QMP API error related to transaction {self.transaction_id} [{self.class_name}]: {self.description}>"
class QMPSession:
def __init__(self, sock: socket.socket) -> None:
self.sock = sock
self.results: Queue[dict[str, str]] = Queue()
self.pending_events: Queue[dict[str, Any]] = Queue()
self.reader = sock.makefile("r")
self.writer = sock.makefile("w")
# Make the reader non-blocking so we can kind of select on it.
os.set_blocking(self.reader.fileno(), False)
hello = self._wait_for_new_result()
logger.debug(f"Got greeting from QMP API: {hello}")
# The greeting message format is:
# { "QMP": { "version": json-object, "capabilities": json-array } }
assert "QMP" in hello, f"Unexpected result: {hello}"
self.send("qmp_capabilities")
@classmethod
def from_path(cls, path: Path) -> "QMPSession":
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.connect(str(path))
return cls(sock)
def __del__(self) -> None:
self.sock.close()
def _wait_for_new_result(self) -> dict[str, str]:
assert self.results.empty(), "Results set is not empty, missed results!"
while self.results.empty():
self.read_pending_messages()
return self.results.get()
def read_pending_messages(self) -> None:
line = self.reader.readline()
if not line:
return
evt_or_result = json.loads(line)
logger.debug(f"Received a message: {evt_or_result}")
# It's a result
if "return" in evt_or_result or "QMP" in evt_or_result:
self.results.put(evt_or_result)
# It's an event
elif "event" in evt_or_result:
self.pending_events.put(evt_or_result)
else:
raise QMPAPIError(evt_or_result)
def wait_for_event(self, timeout: int = 10) -> dict[str, Any]:
while self.pending_events.empty():
self.read_pending_messages()
return self.pending_events.get(timeout=timeout)
def events(self, timeout: int = 10) -> Iterator[dict[str, Any]]:
while not self.pending_events.empty():
yield self.pending_events.get(timeout=timeout)
def send(self, cmd: str, args: dict[str, str] = {}) -> dict[str, str]:
self.read_pending_messages()
assert self.results.empty(), "Results set is not empty, missed results!"
data: dict[str, Any] = dict(execute=cmd)
if args != {}:
data["arguments"] = args
logger.debug(f"Sending {data} to QMP...")
json.dump(data, self.writer)
self.writer.write("\n")
self.writer.flush()
return self._wait_for_new_result()

91
nixos/modules/hardware/cpu/x86-msr.nix Normal file
View file

@ -0,0 +1,91 @@
{ lib
, config
, options
, ...
}:
let
inherit (builtins) hasAttr;
inherit (lib) mkIf mdDoc;
cfg = config.hardware.cpu.x86.msr;
opt = options.hardware.cpu.x86.msr;
defaultGroup = "msr";
isDefaultGroup = cfg.group == defaultGroup;
set = "to set for devices of the `msr` kernel subsystem.";
# Generates `foo=bar` parameters to pass to the kernel.
# If `module = baz` is passed, generates `baz.foo=bar`.
# Adds double quotes on demand to handle `foo="bar baz"`.
kernelParam = { module ? null }: name: value:
assert lib.asserts.assertMsg (!lib.strings.hasInfix "=" name) "kernel parameter cannot have '=' in name";
let
key = (if module == null then "" else module + ".") + name;
valueString = lib.generators.mkValueStringDefault {} value;
quotedValueString = if lib.strings.hasInfix " " valueString
then lib.strings.escape ["\""] valueString
else valueString;
in "${key}=${quotedValueString}";
msrKernelParam = kernelParam { module = "msr"; };
in
{
options.hardware.cpu.x86.msr = with lib.options; with lib.types; {
enable = mkEnableOption (mdDoc "the `msr` (Model-Specific Registers) kernel module and configure `udev` rules for its devices (usually `/dev/cpu/*/msr`)");
owner = mkOption {
type = str;
default = "root";
example = "nobody";
description = mdDoc "Owner ${set}";
};
group = mkOption {
type = str;
default = defaultGroup;
example = "nobody";
description = mdDoc "Group ${set}";
};
mode = mkOption {
type = str;
default = "0640";
example = "0660";
description = mdDoc "Mode ${set}";
};
settings = mkOption {
type = submodule {
freeformType = attrsOf (oneOf [ bool int str ]);
options.allow-writes = mkOption {
type = nullOr (enum ["on" "off"]);
default = null;
description = "Whether to allow writes to MSRs (`\"on\"`) or not (`\"off\"`).";
};
};
default = {};
description = "Parameters for the `msr` kernel module.";
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = hasAttr cfg.owner config.users.users;
message = "Owner '${cfg.owner}' set in `${opt.owner}` is not configured via `${options.users.users}.\"${cfg.owner}\"`.";
}
{
assertion = isDefaultGroup || (hasAttr cfg.group config.users.groups);
message = "Group '${cfg.group}' set in `${opt.group}` is not configured via `${options.users.groups}.\"${cfg.group}\"`.";
}
];
boot = {
kernelModules = [ "msr" ];
kernelParams = lib.attrsets.mapAttrsToList msrKernelParam (lib.attrsets.filterAttrs (_: value: value != null) cfg.settings);
};
users.groups.${cfg.group} = mkIf isDefaultGroup { };
services.udev.extraRules = ''
SUBSYSTEM=="msr", OWNER="${cfg.owner}", GROUP="${cfg.group}", MODE="${cfg.mode}"
'';
};
meta = with lib; {
maintainers = with maintainers; [ lorenzleutgeb ];
};
}

16
nixos/modules/installer/tools/nixos-generate-config.pl
View file

@ -102,22 +102,6 @@ sub cpuManufacturer {
return $cpuinfo =~ /^vendor_id\s*:.* $id$/m;
}
# Determine CPU governor to use
if (-e "/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors") {
my $governors = read_file("/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors");
# ondemand governor is not available on sandy bridge or later Intel CPUs
my @desired_governors = ("ondemand", "powersave");
my $e;
foreach $e (@desired_governors) {
if (index($governors, $e) != -1) {
last if (push @attrs, "powerManagement.cpuFreqGovernor = lib.mkDefault \"$e\";");
}
}
}
# Virtualization support?
push @kernelModules, "kvm-intel" if hasCPUFeature "vmx";
push @kernelModules, "kvm-amd" if hasCPUFeature "svm";

5
nixos/modules/module-list.nix
View file

@ -55,6 +55,7 @@
./hardware/cpu/amd-sev.nix
./hardware/cpu/intel-microcode.nix
./hardware/cpu/intel-sgx.nix
./hardware/cpu/x86-msr.nix
./hardware/decklink.nix
./hardware/device-tree.nix
./hardware/digitalbitbox.nix
@ -519,6 +520,7 @@
./services/hardware/hddfancontrol.nix
./services/hardware/illum.nix
./services/hardware/interception-tools.nix
./services/hardware/iptsd.nix
./services/hardware/irqbalance.nix
./services/hardware/joycond.nix
./services/hardware/kanata.nix
@ -557,6 +559,7 @@
./services/home-automation/esphome.nix
./services/home-automation/evcc.nix
./services/home-automation/home-assistant.nix
./services/home-automation/homeassistant-satellite.nix
./services/home-automation/zigbee2mqtt.nix
./services/logging/SystemdJournal2Gelf.nix
./services/logging/awstats.nix
@ -723,6 +726,7 @@
./services/misc/ripple-data-api.nix
./services/misc/rippled.nix
./services/misc/rmfakecloud.nix
./services/misc/rkvm.nix
./services/misc/rshim.nix
./services/misc/safeeyes.nix
./services/misc/sdrplay.nix
@ -734,6 +738,7 @@
./services/misc/soft-serve.nix
./services/misc/sonarr.nix
./services/misc/sourcehut
./services/misc/spice-autorandr.nix
./services/misc/spice-vdagentd.nix
./services/misc/spice-webdavd.nix
./services/misc/ssm-agent.nix

2
nixos/modules/security/acme/default.nix
View file

@ -592,7 +592,7 @@ let
description = lib.mdDoc ''
Key type to use for private keys.
For an up to date list of supported values check the --key-type option
at <https://go-acme.github.io/lego/usage/cli/#usage>.
at <https://go-acme.github.io/lego/usage/cli/options/>.
'';
};

2
nixos/modules/services/audio/wyoming/openwakeword.nix
View file

@ -136,7 +136,7 @@ in
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectProc = "invisible";
ProcSubset = "pid";
ProcSubset = "all"; # reads /proc/cpuinfo
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"

3
nixos/modules/services/databases/postgresql.nix
View file

@ -458,7 +458,8 @@ in
services.postgresql.package = let
mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version.";
base = if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
base = if versionAtLeast config.system.stateVersion "23.11" then pkgs.postgresql_15
else if versionAtLeast config.system.stateVersion "22.05" then pkgs.postgresql_14
else if versionAtLeast config.system.stateVersion "21.11" then pkgs.postgresql_13
else if versionAtLeast config.system.stateVersion "20.03" then pkgs.postgresql_11
else if versionAtLeast config.system.stateVersion "17.09" then mkThrow "9_6"

53
nixos/modules/services/hardware/iptsd.nix Normal file
View file

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.iptsd;
format = pkgs.formats.ini { };
configFile = format.generate "iptsd.conf" cfg.config;
in {
options.services.iptsd = {
enable = lib.mkEnableOption (lib.mdDoc "the userspace daemon for Intel Precise Touch & Stylus");
config = lib.mkOption {
default = { };
description = lib.mdDoc ''
Configuration for IPTSD. See the
[reference configuration](https://github.com/linux-surface/iptsd/blob/master/etc/iptsd.conf)
for available options and defaults.
'';
type = lib.types.submodule {
freeformType = format.type;
options = {
Touch = {
DisableOnPalm = lib.mkOption {
default = false;
description = lib.mdDoc "Ignore all touch inputs if a palm was registered on the display.";
type = lib.types.bool;
};
DisableOnStylus = lib.mkOption {
default = false;
description = lib.mdDoc "Ignore all touch inputs if a stylus is in proximity.";
type = lib.types.bool;
};
};
Stylus = {
Disable = lib.mkOption {
default = false;
description = lib.mdDoc "Disables the stylus. No stylus data will be processed.";
type = lib.types.bool;
};
};
};
};
};
};
config = lib.mkIf cfg.enable {
systemd.packages = [ pkgs.iptsd ];
environment.etc."iptsd.conf".source = configFile;
systemd.services."iptsd@".restartTriggers = [ configFile ];
services.udev.packages = [ pkgs.iptsd ];
};
meta.maintainers = with lib.maintainers; [ dotlambda ];
}

5
nixos/modules/services/hardware/throttled.nix
View file

@ -29,8 +29,7 @@ in {
# Kernel 5.9 spams warnings whenever userspace writes to CPU MSRs.
# See https://github.com/erpalma/throttled/issues/215
boot.kernelParams =
optional (versionAtLeast config.boot.kernelPackages.kernel.version "5.9")
"msr.allow_writes=on";
hardware.cpu.x86.msr.settings.allow-writes =
mkIf (versionAtLeast config.boot.kernelPackages.kernel.version "5.9") "on";
};
}

2
nixos/modules/services/hardware/tlp.nix
View file

@ -47,7 +47,7 @@ in
###### implementation
config = mkIf cfg.enable {
boot.kernelModules = [ "msr" ];
hardware.cpu.x86.msr.enable = true;
warnings = optional (cfg.extraConfig != "") ''
Using config.services.tlp.extraConfig is deprecated and will become unsupported in a future release. Use config.services.tlp.settings instead.

2
nixos/modules/services/hardware/undervolt.nix
View file

@ -159,7 +159,7 @@ in
};
config = mkIf cfg.enable {
boot.kernelModules = [ "msr" ];
hardware.cpu.x86.msr.enable = true;
environment.systemPackages = [ cfg.package ];

2
nixos/modules/services/home-automation/esphome.nix
View file

@ -112,7 +112,7 @@ in
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProcSubset = "pid";
ProcSubset = "all"; # Using "pid" breaks bwrap
ProtectSystem = "strict";
#RemoveIPC = true; # Implied by DynamicUser
RestrictAddressFamilies = [

225
nixos/modules/services/home-automation/homeassistant-satellite.nix Normal file
View file

@ -0,0 +1,225 @@
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.services.homeassistant-satellite;
inherit (lib)
escapeShellArg
escapeShellArgs
mkOption
mdDoc
mkEnableOption
mkIf
mkPackageOptionMD
types
;
inherit (builtins)
toString
;
# override the package with the relevant vad dependencies
package = cfg.package.overridePythonAttrs (oldAttrs: {
propagatedBuildInputs = oldAttrs.propagatedBuildInputs
++ lib.optional (cfg.vad == "webrtcvad") cfg.package.optional-dependencies.webrtc
++ lib.optional (cfg.vad == "silero") cfg.package.optional-dependencies.silerovad
++ lib.optional (cfg.pulseaudio.enable) cfg.package.optional-dependencies.pulseaudio;
});
in
{
meta.buildDocsInSandbox = false;
options.services.homeassistant-satellite = with types; {
enable = mkEnableOption (mdDoc "Home Assistant Satellite");
package = mkPackageOptionMD pkgs "homeassistant-satellite" { };
user = mkOption {
type = str;
example = "alice";
description = mdDoc ''
User to run homeassistant-satellite under.
'';
};
group = mkOption {
type = str;
default = "users";
description = mdDoc ''
Group to run homeassistant-satellite under.
'';
};
host = mkOption {
type = str;
example = "home-assistant.local";
description = mdDoc ''
Hostname on which your Home Assistant instance can be reached.
'';
};
port = mkOption {
type = port;
example = 8123;
description = mdDoc ''
Port on which your Home Assistance can be reached.
'';
apply = toString;
};
protocol = mkOption {
type = enum [ "http" "https" ];
default = "http";
example = "https";
description = mdDoc ''
The transport protocol used to connect to Home Assistant.
'';
};
tokenFile = mkOption {
type = path;
example = "/run/keys/hass-token";
description = mdDoc ''
Path to a file containing a long-lived access token for your Home Assistant instance.
'';
apply = escapeShellArg;
};
sounds = {
awake = mkOption {
type = nullOr str;
default = null;
description = mdDoc ''
Audio file to play when the wake word is detected.
'';
};
done = mkOption {
type = nullOr str;
default = null;
description = mdDoc ''
Audio file to play when the voice command is done.
'';
};
};
vad = mkOption {
type = enum [ "disabled" "webrtcvad" "silero" ];
default = "disabled";
example = "silero";
description = mdDoc ''
Voice activity detection model. With `disabled` sound will be transmitted continously.
'';
};
pulseaudio = {
enable = mkEnableOption "recording/playback via PulseAudio or PipeWire";
socket = mkOption {
type = nullOr str;
default = null;
example = "/run/user/1000/pulse/native";
description = mdDoc ''
Path or hostname to connect with the PulseAudio server.
'';
};
duckingVolume = mkOption {
type = nullOr float;
default = null;
example = 0.4;
description = mdDoc ''
Reduce output volume (between 0 and 1) to this percentage value while recording.
'';
};
echoCancellation = mkEnableOption "acoustic echo cancellation";
};
extraArgs = mkOption {
type = listOf str;
default = [ ];
description = mdDoc ''
Extra arguments to pass to the commandline.
'';
apply = escapeShellArgs;
};
};
config = mkIf cfg.enable {
systemd.services."homeassistant-satellite" = {
description = "Home Assistant Satellite";
after = [
"network-online.target"
];
wants = [
"network-online.target"
];
wantedBy = [
"multi-user.target"
];
path = with pkgs; [
ffmpeg-headless
] ++ lib.optionals (!cfg.pulseaudio.enable) [
alsa-utils
];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
# https://github.com/rhasspy/hassio-addons/blob/master/assist_microphone/rootfs/etc/s6-overlay/s6-rc.d/assist_microphone/run
ExecStart = ''
${package}/bin/homeassistant-satellite \
--host ${cfg.host} \
--port ${cfg.port} \
--protocol ${cfg.protocol} \
--token-file ${cfg.tokenFile} \
--vad ${cfg.vad} \
${lib.optionalString cfg.pulseaudio.enable "--pulseaudio"}${lib.optionalString (cfg.pulseaudio.socket != null) "=${cfg.pulseaudio.socket}"} \
${lib.optionalString (cfg.pulseaudio.enable && cfg.pulseaudio.duckingVolume != null) "--ducking-volume=${toString cfg.pulseaudio.duckingVolume}"} \
${lib.optionalString (cfg.pulseaudio.enable && cfg.pulseaudio.echoCancellation) "--echo-cancel"} \
${lib.optionalString (cfg.sounds.awake != null) "--awake-sound=${toString cfg.sounds.awake}"} \
${lib.optionalString (cfg.sounds.done != null) "--done-sound=${toString cfg.sounds.done}"} \
${cfg.extraArgs}
'';
CapabilityBoundingSet = "";
DeviceAllow = "";
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = false; # onnxruntime/capi/onnxruntime_pybind11_state.so: cannot enable executable stack as shared object requires: Operation not permitted
PrivateDevices = true;
PrivateUsers = true;
ProtectHome = false; # Would deny access to local pulse/pipewire server
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectProc = "invisible";
ProcSubset = "all"; # Error in cpuinfo: failed to parse processor information from /proc/cpuinfo
Restart = "always";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
SupplementaryGroups = [
"audio"
];
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
};
};
};
}

2
nixos/modules/services/mail/mailman.nix
View file

@ -592,7 +592,7 @@ in {
# Since the mailman-web settings.py obstinately creates a logs
# dir in the cwd, change to the (writable) runtime directory before
# starting uwsgi.
ExecStart = "${pkgs.coreutils}/bin/env -C $RUNTIME_DIRECTORY ${pkgs.uwsgi.override { plugins = ["python3"]; }}/bin/uwsgi --json ${uwsgiConfigFile}";
ExecStart = "${pkgs.coreutils}/bin/env -C $RUNTIME_DIRECTORY ${pkgs.uwsgi.override { plugins = ["python3"]; python3 = webEnv.python; }}/bin/uwsgi --json ${uwsgiConfigFile}";
User = cfg.webUser;
Group = "mailman";
RuntimeDirectory = "mailman-uwsgi";

11
nixos/modules/services/misc/forgejo.nix
View file

@ -428,6 +428,17 @@ in
];
};
# Work around 'pq: permission denied for schema public' with postgres v15, until a
# solution for `services.postgresql.ensureUsers` is found.
# See https://github.com/NixOS/nixpkgs/issues/216989
systemd.services.postgresql.postStart = lib.mkIf (
usePostgresql
&& cfg.database.createDatabase
&& lib.strings.versionAtLeast config.services.postgresql.package.version "15.0"
) (lib.mkAfter ''
$PSQL -tAc 'ALTER DATABASE "${cfg.database.name}" OWNER TO "${cfg.database.user}";'
'');
services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) {
enable = mkDefault true;
package = mkDefault pkgs.mariadb;

164
nixos/modules/services/misc/rkvm.nix Normal file
View file

@ -0,0 +1,164 @@
{ options, config, pkgs, lib, ... }:
with lib;
let
opt = options.services.rkvm;
cfg = config.services.rkvm;
toml = pkgs.formats.toml { };
in
{
meta.maintainers = with maintainers; [ ckie ];
options.services.rkvm = {
enable = mkOption {
default = cfg.server.enable || cfg.client.enable;
defaultText = literalExpression "config.${opt.server.enable} || config.${opt.client.enable}";
type = types.bool;
description = mdDoc ''
Whether to enable rkvm, a Virtual KVM switch for Linux machines.
'';
};
package = mkPackageOption pkgs "rkvm" { };
server = {
enable = mkEnableOption "the rkvm server daemon (input transmitter)";
settings = mkOption {
type = types.submodule
{
freeformType = toml.type;
options = {
listen = mkOption {
type = types.str;
default = "0.0.0.0:5258";
description = mdDoc ''
An internet socket address to listen on, either IPv4 or IPv6.
'';
};
switch-keys = mkOption {
type = types.listOf types.str;
default = [ "left-alt" "left-ctrl" ];
description = mdDoc ''
A key list specifying a host switch combination.
_A list of key names is available in <https://github.com/htrefil/rkvm/blob/master/switch-keys.md>._
'';
};
certificate = mkOption {
type = types.path;
default = "/etc/rkvm/certificate.pem";
description = mdDoc ''
TLS certificate path.
::: {.note}
This should be generated with {command}`rkvm-certificate-gen`.
:::
'';
};
key = mkOption {
type = types.path;
default = "/etc/rkvm/key.pem";
description = mdDoc ''
TLS key path.
::: {.note}
This should be generated with {command}`rkvm-certificate-gen`.
:::
'';
};
password = mkOption {
type = types.str;
description = mdDoc ''
Shared secret token to authenticate the client.
Make sure this matches your client's config.
'';
};
};
};
default = { };
description = mdDoc "Structured server daemon configuration";
};
};
client = {
enable = mkEnableOption "the rkvm client daemon (input receiver)";
settings = mkOption {
type = types.submodule
{
freeformType = toml.type;
options = {
server = mkOption {
type = types.str;
example = "192.168.0.123:5258";
description = mdDoc ''
An RKVM server's internet socket address, either IPv4 or IPv6.
'';
};
certificate = mkOption {
type = types.path;
default = "/etc/rkvm/certificate.pem";
description = mdDoc ''
TLS ceritficate path.
::: {.note}
This should be generated with {command}`rkvm-certificate-gen`.
:::
'';
};
password = mkOption {
type = types.str;
description = mdDoc ''
Shared secret token to authenticate the client.
Make sure this matches your server's config.
'';
};
};
};
default = {};
description = mdDoc "Structured client daemon configuration";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.services =
let
mkBase = component: {
description = "RKVM ${component}";
wantedBy = [ "multi-user.target" ];
after = {
server = [ "network.target" ];
client = [ "network-online.target" ];
}.${component};
wants = {
server = [ ];
client = [ "network-online.target" ];
}.${component};
serviceConfig = {
ExecStart = "${cfg.package}/bin/rkvm-${component} ${toml.generate "rkvm-${component}.toml" cfg.${component}.settings}";
Restart = "always";
RestartSec = 5;
Type = "simple";
};
};
in
{
rkvm-server = mkIf cfg.server.enable (mkBase "server");
rkvm-client = mkIf cfg.client.enable (mkBase "client");
};
};
}

26
nixos/modules/services/misc/spice-autorandr.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.spice-autorandr;
in
{
options = {
services.spice-autorandr = {
enable = lib.mkEnableOption (lib.mdDoc "spice-autorandr service that will automatically resize display to match SPICE client window size.");
package = lib.mkPackageOptionMD pkgs "spice-autorandr" { };
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.user.services.spice-autorandr = {
wantedBy = [ "default.target" ];
after = [ "spice-vdagentd.service" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/spice-autorandr";
Restart = "on-failure";
};
};
};
}

2
nixos/modules/services/misc/xmrig.nix
View file

@ -52,7 +52,7 @@ with lib;
};
config = mkIf cfg.enable {
boot.kernelModules = [ "msr" ];
hardware.cpu.x86.msr.enable = true;
systemd.services.xmrig = {
wantedBy = [ "multi-user.target" ];

2
nixos/modules/system/boot/initrd-network.nix
View file

@ -80,7 +80,7 @@ in
};
boot.initrd.network.udhcpc.enable = mkOption {
default = config.networking.useDHCP;
default = config.networking.useDHCP && !config.boot.initrd.systemd.enable;
defaultText = "networking.useDHCP";
type = types.bool;
description = lib.mdDoc ''

6
nixos/modules/system/boot/networkd.nix
View file

@ -2985,10 +2985,10 @@ in
stage2Config
(mkIf config.boot.initrd.systemd.enable {
assertions = [{
assertion = config.boot.initrd.network.udhcpc.extraArgs == [];
assertion = !config.boot.initrd.network.udhcpc.enable && config.boot.initrd.network.udhcpc.extraArgs == [];
message = ''
boot.initrd.network.udhcpc.extraArgs is not supported when
boot.initrd.systemd.enable is enabled
systemd stage 1 networking does not support 'boot.initrd.network.udhcpc'. Configure
DHCP with 'networking.*' options or with 'boot.initrd.systemd.network' options.
'';
}];

2
nixos/modules/system/boot/systemd.nix
View file

@ -575,7 +575,7 @@ in
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled
[ "DEVTMPFS" "CGROUPS" "INOTIFY_USER" "SIGNALFD" "TIMERFD" "EPOLL" "NET"
"SYSFS" "PROC_FS" "FHANDLE" "CRYPTO_USER_API_HASH" "CRYPTO_HMAC"
"CRYPTO_SHA256" "DMIID" "AUTOFS4_FS" "TMPFS_POSIX_ACL"
"CRYPTO_SHA256" "DMIID" "AUTOFS_FS" "TMPFS_POSIX_ACL"
"TMPFS_XATTR" "SECCOMP"
];

9
nixos/modules/system/boot/systemd/repart.nix
View file

@ -74,6 +74,15 @@ in
};
config = lib.mkIf (cfg.enable || initrdCfg.enable) {
assertions = [
{
assertion = initrdCfg.enable -> config.boot.initrd.systemd.enable;
message = ''
'boot.initrd.systemd.repart.enable' requires 'boot.initrd.systemd.enable' to be enabled.
'';
}
];
boot.initrd.systemd = lib.mkIf initrdCfg.enable {
additionalUpstreamUnits = [
"systemd-repart.service"

2
nixos/modules/virtualisation/lxc-container.nix
View file

@ -66,7 +66,7 @@ in {
system.build.installBootLoader = pkgs.writeScript "install-lxd-sbin-init.sh" ''
#!${pkgs.runtimeShell}
ln -fs "$1/init" /sbin/init
${pkgs.coreutils}/bin/ln -fs "$1/init" /sbin/init
'';
systemd.additionalUpstreamSystemUnits = lib.mkIf cfg.nestedContainer ["systemd-udev-trigger.service"];

1
nixos/release-combined.nix
View file

@ -79,6 +79,7 @@ in rec {
(onFullSupported "nixos.tests.firewall")
(onFullSupported "nixos.tests.fontconfig-default-fonts")
(onFullSupported "nixos.tests.gitlab")
(onFullSupported "nixos.tests.gnome")
(onFullSupported "nixos.tests.gnome-xorg")
(onSystems ["x86_64-linux"] "nixos.tests.hibernate")

1
nixos/tests/all-tests.nix
View file

@ -699,6 +699,7 @@ in {
restartByActivationScript = handleTest ./restart-by-activation-script.nix {};
restic = handleTest ./restic.nix {};
retroarch = handleTest ./retroarch.nix {};
rkvm = handleTest ./rkvm {};
robustirc-bridge = handleTest ./robustirc-bridge.nix {};
roundcube = handleTest ./roundcube.nix {};
rshim = handleTest ./rshim.nix {};

28
nixos/tests/mosquitto.nix
View file

@ -4,7 +4,6 @@ let
port = 1888;
tlsPort = 1889;
anonPort = 1890;
bindTestPort = 18910;
password = "VERY_secret";
hashedPassword = "$7$101$/WJc4Mp+I+uYE9sR$o7z9rD1EYXHPwEP5GqQj6A7k4W1yVbePlb8TqNcuOLV9WNCiDgwHOB0JHC1WCtdkssqTBduBNUnUGd6kmZvDSw==";
topic = "test/foo";
@ -127,10 +126,6 @@ in {
};
};
}
{
settings.bind_interface = "eth0";
port = bindTestPort;
}
];
};
};
@ -140,8 +135,6 @@ in {
};
testScript = ''
import json
def mosquitto_cmd(binary, user, topic, port):
return (
"mosquitto_{} "
@ -174,27 +167,6 @@ in {
start_all()
server.wait_for_unit("mosquitto.service")
with subtest("bind_interface"):
addrs = dict()
for iface in json.loads(server.succeed("ip -json address show")):
for addr in iface['addr_info']:
# don't want to deal with multihoming here
assert addr['local'] not in addrs
addrs[addr['local']] = (iface['ifname'], addr['family'])
# mosquitto grabs *one* random address per type for bind_interface
(has4, has6) = (False, False)
for line in server.succeed("ss -HlptnO sport = ${toString bindTestPort}").splitlines():
items = line.split()
if "mosquitto" not in items[5]: continue
listener = items[3].rsplit(':', maxsplit=1)[0].strip('[]')
assert listener in addrs
assert addrs[listener][0] == "eth0"
has4 |= addrs[listener][1] == 'inet'
has6 |= addrs[listener][1] == 'inet6'
assert has4
assert has6
with subtest("check passwords"):
client1.succeed(publish("-m test", "password_store"))
client1.succeed(publish("-m test", "password_file"))

18
nixos/tests/rkvm/cert.pem Normal file
View file

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC3jCCAcagAwIBAgIUWW1hb9xdRtxAhA42jkS89goW9LUwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEcmt2bTAeFw0yMzA4MjIxOTI1NDlaFw0zMzA4MTkxOTI1
NDlaMA8xDTALBgNVBAMMBHJrdm0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCuBsh0+LDXN4b2o/PJjzuiZ9Yv9Pz1Oho9WRiXtNIuHTRdBCcht/iu3PGF
ICIX+H3dqQOziGSCTAQGJD2p+1ik8d+boJbpa0oxXuHuomsMAT3mib3GpipQoBLP
KaEbWEsvQbr3RMx8WOtG4dmRQFzSVVtmAXyM0pNyisd4eUCplyIl9gsRJIvsO/0M
OkgOZW9XLfKiAWlZoyXEkBmPAshg3EkwQtmwxPA/NgWbAOW3zJKSChxnnGYiuIIu
R/wJ8OQXHP6boQLQGUhCWBKa1uK1gEBmV3Pj6uK8RzTkQq6/47F5sPa6VfqQYdyl
TCs9bSqHXZjqMBoiSp22uH6+Lh9RAgMBAAGjMjAwMA8GA1UdEQQIMAaHBAoAAAEw
HQYDVR0OBBYEFEh9HEsnY3dfNKVyPWDbwfR0qHopMA0GCSqGSIb3DQEBCwUAA4IB
AQB/r+K20JqegUZ/kepPxIU95YY81aUUoxvLbu4EAgh8o46Fgm75qrTZPg4TaIZa
wtVejekrF+p3QVf0ErUblh/iCjTZPSzCmKHZt8cc9OwTH7bt3bx7heknzLDyIa5z
szAL+6241UggQ5n5NUGn5+xZHA7TMe47xAZPaRMlCQ/tp5pWFjH6WSSQSP5t4Ag9
ObhY+uudFjmWi3QIBTr3iIscbWx7tD8cjus7PzM7+kszSDRV04xb6Ox8JzW9MKIN
GwgwVgs3zCuyqBmTGnR1og3aMk6VtlyZUYE78uuc+fMBxqoBZ0mykeOp0Tbzgtf7
gPkYcQ6vonoQhuTXYj/NrY+b
-----END CERTIFICATE-----

104
nixos/tests/rkvm/default.nix Normal file
View file

@ -0,0 +1,104 @@
import ../make-test-python.nix ({ pkgs, ... }:
let
# Generated with
#
# nix shell .#rkvm --command "rkvm-certificate-gen --ip-addresses 10.0.0.1 cert.pem key.pem"
#
snakeoil-cert = ./cert.pem;
snakeoil-key = ./key.pem;
in
{
name = "rkvm";
nodes = {
server = { pkgs, ... }: {
imports = [ ../common/user-account.nix ];
virtualisation.vlans = [ 1 ];
networking = {
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "10.0.0.1/24";
};
services.getty.autologinUser = "alice";
services.rkvm.server = {
enable = true;
settings = {
certificate = snakeoil-cert;
key = snakeoil-key;
password = "snakeoil";
switch-keys = [ "left-alt" "right-alt" ];
};
};
};
client = { pkgs, ... }: {
imports = [ ../common/user-account.nix ];
virtualisation.vlans = [ 1 ];
networking = {
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
};
systemd.network.networks."01-eth1" = {
name = "eth1";
networkConfig.Address = "10.0.0.2/24";
};
services.getty.autologinUser = "alice";
services.rkvm.client = {
enable = true;
settings = {
server = "10.0.0.1:5258";
certificate = snakeoil-cert;
key = snakeoil-key;
password = "snakeoil";
};
};
};
};
testScript = ''
server.wait_for_unit("getty@tty1.service")
server.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
server.wait_for_unit("rkvm-server")
server.wait_for_open_port(5258)
client.wait_for_unit("getty@tty1.service")
client.wait_until_succeeds("pgrep -f 'agetty.*tty1'")
client.wait_for_unit("rkvm-client")
server.sleep(1)
# Switch to client
server.send_key("alt-alt_r", delay=0.2)
server.send_chars("echo 'hello client' > /tmp/test.txt\n")
# Switch to server
server.send_key("alt-alt_r", delay=0.2)
server.send_chars("echo 'hello server' > /tmp/test.txt\n")
server.sleep(1)
client.systemctl("stop rkvm-client.service")
server.systemctl("stop rkvm-server.service")
server_file = server.succeed("cat /tmp/test.txt")
assert server_file.strip() == "hello server"
client_file = client.succeed("cat /tmp/test.txt")
assert client_file.strip() == "hello client"
'';
})

28
nixos/tests/rkvm/key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCuBsh0+LDXN4b2
o/PJjzuiZ9Yv9Pz1Oho9WRiXtNIuHTRdBCcht/iu3PGFICIX+H3dqQOziGSCTAQG
JD2p+1ik8d+boJbpa0oxXuHuomsMAT3mib3GpipQoBLPKaEbWEsvQbr3RMx8WOtG
4dmRQFzSVVtmAXyM0pNyisd4eUCplyIl9gsRJIvsO/0MOkgOZW9XLfKiAWlZoyXE
kBmPAshg3EkwQtmwxPA/NgWbAOW3zJKSChxnnGYiuIIuR/wJ8OQXHP6boQLQGUhC
WBKa1uK1gEBmV3Pj6uK8RzTkQq6/47F5sPa6VfqQYdylTCs9bSqHXZjqMBoiSp22
uH6+Lh9RAgMBAAECggEABo2V1dBu5E51zsAiFCMdypdLZEyUNphvWC5h3oXowONz
pH8ICYfXyEnkma/kk2+ALy0dSRDn6/94dVIUX7Fpx0hJCcoJyhSysK+TJWfIonqX
ffYOMeFG8vicIgs+GFKs/hoPtB5LREbFkUqRj/EoWE6Y3aX3roaCwTZC8vaUk0OK
54gExcNXRwQtFmfM9BiPT76F2J641NVsddgKumrryMi605CgZ57OFfSYEena6T3t
JbQ1TKB3SH1LvSQIspyp56E3bjh8bcwSh72g88YxWZI9yarOesmyU+fXnmVqcBc+
CiJDX3Te1C2GIkBiH3HZJo4P88aXrkJ7J8nub/812QKBgQDfCHjBy5uWzzbDnqZc
cllIyUqMHq1iY2/btdZQbz83maZhQhH2UL4Zvoa7qgMX7Ou5jn1xpDaMeXNaajGK
Fz66nmqQEUFX1i+2md2J8TeKD37yUJRdlrMiAc+RNp5wiOH9EI18g2m6h/nj3s/P
MdNyxsz+wqOiJT0sZatarKiFhQKBgQDHv+lPy4OPH1MeSv5vmv3Pa41O/CeiPy+T
gi6nEZayVRVog3zF9T6gNIHrZ1fdIppWPiPXv9fmC3s/IVEftLG6YC+MAfigYhiz
Iceoal0iJJ8DglzOhlKgHEnxEwENCz8aJxjpvbxHHcpvgXdBSEVfHvVqDkAFTsvF
JA5YTmqGXQKBgQCL6uqm2S7gq1o12p+PO4VbrjwAL3aiVLNl6Gtsxn2oSdIhDavr
FLhNukMYFA4gwlcXb5au5k/6TG7bd+dgNDj8Jkm/27NcgVgpe9mJojQvfo0rQvXw
yIvUd8JZ3SQEgTsU4X+Bb4eyp39TPwKrfxyh0qnj4QN6w1XfNmELX2nRaQKBgEq6
a0ik9JTovSnKGKIcM/QTYow4HYO/a8cdnuJ13BDfb+DnwBg3BbTdr/UndmGOfnrh
SHuAk/7GMNePWVApQ4xcS61vV1p5GJB7hLxm/my1kp+3d4z0B5lKvAbqeywsFvFr
yxA3IWbhqEhLARh1Ny684EdLCXxy3Bzmvk8fFw8pAoGAGkt9pJC2wkk9fnJIHq+f
h/WnEO0YrGzYnVA+RyCNKrimRd+GylGHJ/Ev6PRZvMwyGE7RCB+fHVrrEcEJAcxL
SaOg5NA8cwrG+UpTQqi4gt6tCW87afVCyL6dC/E8giJlzI0LY9DnFGoVqYL0qJvm
Sj4SU0fyLsW/csOLd5T+Bf8=
-----END PRIVATE KEY-----

11
nixos/tests/systemd.nix
View file

@ -76,6 +76,17 @@ import ./make-test-python.nix ({ pkgs, ... }: {
# wait for user services
machine.wait_for_unit("default.target", "alice")
with subtest("systemctl edit suggests --runtime"):
# --runtime is suggested when using `systemctl edit`
ret, out = machine.execute("systemctl edit testservice1.service 2>&1")
assert ret == 1
assert out.rstrip("\n") == "The unit-directory '/etc/systemd/system' is read-only on NixOS, so it's not possible to edit system-units directly. Use 'systemctl edit --runtime' instead."
# editing w/o `--runtime` is possible for user-services, however
# it's not possible because we're not in a tty when grepping
# (i.e. hacky way to ensure that the error from above doesn't appear here).
_, out = machine.execute("systemctl --user edit testservice2.service 2>&1")
assert out.rstrip("\n") == "Cannot edit units if not on a tty."
# Regression test for https://github.com/NixOS/nixpkgs/issues/105049
with subtest("systemd reads timezone database in /etc/zoneinfo"):
timer = machine.succeed("TZ=UTC systemctl show --property=TimersCalendar oncalendar-test.timer")

6
pkgs/applications/audio/ams-lv2/default.nix
View file

@ -15,6 +15,12 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ pkg-config wafHook python3 ];
buildInputs = [ cairo fftw gtkmm2 lv2 lvtk ];
postPatch = ''
# U was removed in python 3.11 because it had no effect
substituteInPlace waflib/*.py \
--replace "m='rU" "m='r"
'';
meta = with lib; {
description = "An LV2 port of the internal modules found in Alsa Modular Synth";
homepage = "https://github.com/blablack/ams-lv2";

3
pkgs/applications/audio/mamba/default.nix
View file

@ -37,5 +37,8 @@ stdenv.mkDerivation rec {
license = licenses.bsd0;
maintainers = with maintainers; [ magnetophon orivej ];
platforms = platforms.linux;
# 2023-08-19, `-Werror=format-security` fails for xputty
# reported as https://github.com/brummer10/libxputty/issues/12
broken = true;
};
}

44
pkgs/applications/audio/mbrola/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, stdenvNoCC, lib, symlinkJoin, fetchFromGitHub }:
{ stdenv, lib, fetchFromGitHub, runCommandLocal }:
let
pname = "mbrola";
@ -12,26 +12,14 @@ let
homepage = "https://github.com/numediart/MBROLA";
};
voices = stdenvNoCC.mkDerivation {
pname = "${pname}-voices";
inherit version;
src = fetchFromGitHub {
owner = "numediart";
repo = "MBROLA-voices";
rev = "fe05a0ccef6a941207fd6aaad0b31294a1f93a51"; # using latest commit
sha256 = "1w0y2xjp9rndwdjagp2wxh656mdm3d6w9cs411g27rjyfy1205a0";
};
dontBuild = true;
installPhase = ''
runHook preInstall
install -d $out/share/mbrola/voices
cp -R $src/data/* $out/share/mbrola/voices/
runHook postInstall
'';
dontFixup = true;
# Very big (0.65 G) so kept as a fixed-output derivation to limit "duplicates".
voices = fetchFromGitHub {
owner = "numediart";
repo = "MBROLA-voices";
rev = "fe05a0ccef6a941207fd6aaad0b31294a1f93a51"; # using latest commit
sha256 = "1w0y2xjp9rndwdjagp2wxh656mdm3d6w9cs411g27rjyfy1205a0";
name = "${pname}-voices-${version}";
meta = meta // {
description = "Speech synthesizer based on the concatenation of diphones (voice files)";
homepage = "https://github.com/numediart/MBROLA-voices";
@ -65,8 +53,14 @@ let
};
in
symlinkJoin {
inherit pname version meta;
name = "${pname}-${version}";
paths = [ bin voices ];
}
runCommandLocal
"${pname}-${version}"
{
inherit pname version meta;
}
''
mkdir -p "$out/share/mbrola"
ln -s '${voices}/data' "$out/share/mbrola/voices"
ln -s '${bin}/bin' "$out/"
''

4
pkgs/applications/blockchains/atomic-swap/default.nix
View file

@ -1,7 +1,9 @@
{ lib, buildGoModule, fetchFromGitHub, nix-update-script, makeWrapper, monero-cli }:
{ lib, buildGo120Module, fetchFromGitHub, nix-update-script, makeWrapper, monero-cli }:
let
pname = "atomic-swap";
version = "0.4.2";
buildGoModule = buildGo120Module;
in
buildGoModule {
inherit pname version;

5
pkgs/applications/blockchains/exodus/default.nix
View file

@ -1,6 +1,6 @@
{ stdenv
, lib
, requireFile
, fetchurl
, unzip
, glib
, systemd
@ -29,9 +29,10 @@ stdenv.mkDerivation rec {
pname = "exodus";
version = "23.9.25";
src = requireFile {
src = fetchurl {
name = "exodus-linux-x64-${version}.zip";
url = "https://downloads.exodus.com/releases/${pname}-linux-x64-${version}.zip";
curlOptsList = [ "--user-agent" "Mozilla/5.0" ];
sha256 = "a3e314de257e1ec01baa1023886f327ade4b233d833f7fe79f6c3e0f26d07ced";
};

10
pkgs/applications/editors/emacs/elisp-packages/manual-packages/lsp-bridge/default.nix
View file

@ -5,7 +5,6 @@
, substituteAll
, acm
, markdown-mode
, posframe
, git
, go
, gopls
@ -17,23 +16,25 @@
}:
let
rev = "6f93deb32ebb3799dfedd896a17a0428a9b461bb";
rev = "0b30d95c6de95b150d93ecee325b95e04ff09e46";
python = python3.withPackages (ps: with ps; [
epc
orjson
paramiko
rapidfuzz
sexpdata
six
]);
in
melpaBuild {
pname = "lsp-bridge";
version = "20230607.135"; # 1:35 UTC
version = "20231021.309"; # 3:09 UTC
src = fetchFromGitHub {
owner = "manateelazycat";
repo = "lsp-bridge";
inherit rev;
hash = "sha256-4AKKsU+yuLA9qv6mhYPpjBJ8wrbGPMuzN98JXcVPAHg=";
hash = "sha256-hR7bZh0ElJ8F9ToJ4dkazF19T8PE01MTcxKrjeaEp4o=";
};
commit = rev;
@ -50,7 +51,6 @@ melpaBuild {
packageRequires = [
acm
markdown-mode
posframe
];
checkInputs = [

22
pkgs/applications/editors/emacs/elisp-packages/manual-packages/lsp-bridge/hardcode-dependencies.patch
View file

@ -1,18 +1,24 @@
diff --git a/lsp-bridge.el b/lsp-bridge.el
index 3a7ff0b..ea5e496 100644
index 278c27e..f0c67c2 100644
--- a/lsp-bridge.el
+++ b/lsp-bridge.el
@@ -326,13 +326,7 @@ Setting this to nil or 0 will turn off the indicator."
@@ -340,19 +340,7 @@ Setting this to nil or 0 will turn off the indicator."
"Name of LSP-Bridge buffer."
:type 'string)
-(defcustom lsp-bridge-python-command (cond ((memq system-type '(cygwin windows-nt ms-dos))
- (if (executable-find "pypy3.exe")
- "pypy3.exe"
- "python3.exe"))
- (t (if (executable-find "pypy3")
- "pypy3"
- "python3")))
- (cond ((executable-find "pypy3.exe")
- "pypy3.exe")
- ((executable-find "python3.exe")
- "python3.exe")
- ((executable-find "python.exe")
- "python.exe")))
- (t (cond ((executable-find "pypy3")
- "pypy3")
- ((executable-find "python3")
- "python3")
- ((executable-find "python")
- "python"))))
+(defcustom lsp-bridge-python-command "@python@"
"The Python interpreter used to run lsp_bridge.py."
:type 'string)

6
pkgs/applications/file-managers/felix-fm/default.nix
View file

@ -9,16 +9,16 @@
rustPlatform.buildRustPackage rec {
pname = "felix";
version = "2.8.1";
version = "2.9.0";
src = fetchFromGitHub {
owner = "kyoheiu";
repo = "felix";
rev = "v${version}";
hash = "sha256-RDCX5+Viq/VRb0SXUYxCtWF+aVahI5WGhp9/Vn+uHqI=";
hash = "sha256-bTe8fPFVWuAATXdeyUvtdK3P4vDpGXX+H4TQ+h9bqUI=";
};
cargoHash = "sha256-kgI+afly+/Ag0witToM95L9b3yQXP5Gskwl4Lf4SusY=";
cargoHash = "sha256-q86NiJPtr1X9D9ym8iLN1ed1FMmEb217Jx3Ei4Bn5y0=";
nativeBuildInputs = [ pkg-config ];

4
pkgs/applications/misc/calibre/default.nix
View file

@ -32,11 +32,11 @@
stdenv.mkDerivation (finalAttrs: {
pname = "calibre";
version = "6.28.1";
version = "6.29.0";
src = fetchurl {
url = "https://download.calibre-ebook.com/${finalAttrs.version}/calibre-${finalAttrs.version}.tar.xz";
hash = "sha256-ZoJN8weAXUQkxalRtVtEaychc30+l2kfzG9Tm5jZh9g=";
hash = "sha256-w9mvMKm76w5sDfW0OYxhZuhIOYKdUH3tpiGlpKNC2kM=";
};
patches = [

4
pkgs/applications/misc/corectrl/default.nix
View file

@ -23,13 +23,13 @@
stdenv.mkDerivation rec{
pname = "corectrl";
version = "1.3.5";
version = "1.3.6";
src = fetchFromGitLab {
owner = "corectrl";
repo = "corectrl";
rev = "v${version}";
sha256 = "sha256-HETD2+acxJf30iC6UwRXD/onFYo3ki4RwAAVs4NbSAw=";
sha256 = "sha256-a8cLtmv9nLtvN9o/aIwveTAT36XmTN1j85ZxVGIXO6E=";
};
patches = [
./polkit-dir.patch

1
pkgs/applications/misc/darkman/default.nix
View file

@ -44,5 +44,6 @@ buildGoModule rec {
license = licenses.isc;
maintainers = [ maintainers.ajgrf ];
platforms = platforms.linux;
mainProgram = "darkman";
};
}

2
pkgs/applications/misc/dasel/default.nix
View file

@ -12,7 +12,7 @@ buildGoModule rec {
owner = "TomWright";
repo = "dasel";
rev = "v${version}";
sha256 = "sha256-zxTT/CkSbH40R7itXAx0zD+haHOoMep/W4KfalJQ/8w=";
hash = "sha256-zxTT/CkSbH40R7itXAx0zD+haHOoMep/W4KfalJQ/8w=";
};
vendorHash = "sha256-CbR0uHtha2OoHW9mcB1I2lGJbjerbZARVN/mTstv/Y0=";

17
pkgs/applications/misc/diebahn/default.nix
View file

@ -15,6 +15,7 @@
, gtk4
, libadwaita
, pango
, gettext
, darwin
}:
@ -54,9 +55,19 @@ stdenv.mkDerivation rec {
gtk4
libadwaita
pango
] ++ lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
];
] ++ lib.optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [
CoreFoundation
Foundation
Security
]);
# Darwin needs to link against gettext from nixpkgs instead of the one vendored by gettext-sys
# because the vendored copy does not build with newer versions of clang.
env = lib.optionalAttrs stdenv.isDarwin {
GETTEXT_BIN_DIR = "${lib.getBin gettext}/bin";
GETTEXT_INCLUDE_DIR = "${lib.getDev gettext}/include";
GETTEXT_LIB_DIR = "${lib.getLib gettext}/lib";
};
meta = {
description = "GTK4 frontend for the travel information of the german railway";

4
pkgs/applications/misc/gallery-dl/default.nix
View file

@ -2,13 +2,13 @@
buildPythonApplication rec {
pname = "gallery-dl";
version = "1.26.0";
version = "1.26.1";
format = "setuptools";
src = fetchPypi {
inherit version;
pname = "gallery_dl";
sha256 = "sha256-+g4tfr7RF9rrimQcXhcz3o/Cx9xLNrTDV1Fx7XSxh7I=";
sha256 = "sha256-SJshEdvmPDQZ5mqiQfJpWcQ43WGXUxPvMMJiY/4Cxsc=";
};
propagatedBuildInputs = [

5
pkgs/applications/misc/haxor-news/default.nix
View file

@ -1,4 +1,4 @@
{ lib, fetchFromGitHub, python3 }:
{ lib, fetchFromGitHub, fetchPypi, python3 }:
let
@ -18,7 +18,8 @@ let
# Use click 7
click = super.click.overridePythonAttrs (old: rec {
version = "7.1.2";
src = old.src.override {
src = fetchPypi {
pname = "click";
inherit version;
hash = "sha256-0rUlXHxjSbwb0eWeCM0SrLvWPOZJ8liHVXg6qU37axo=";
};

5
pkgs/applications/misc/iptsd/default.nix
View file

@ -49,8 +49,11 @@ stdenv.mkDerivation rec {
substituteInPlace etc/meson.build \
--replace "install_dir: unitdir" "install_dir: '$out/etc/systemd/system'" \
--replace "install_dir: rulesdir" "install_dir: '$out/etc/udev/rules.d'"
substituteInPlace etc/systemd/iptsd-find-service \
--replace "iptsd-find-hidraw" "$out/bin/iptsd-find-hidraw" \
--replace "systemd-escape" "${lib.getExe' systemd "systemd-escape"}"
substituteInPlace etc/udev/50-iptsd.rules.in \
--replace "/bin/systemd-escape" "${systemd}/bin/systemd-escape"
--replace "/bin/systemd-escape" "${lib.getExe' systemd "systemd-escape"}"
'';
mesonFlags = [

6
pkgs/applications/misc/oxker/default.nix
View file

@ -2,14 +2,14 @@
rustPlatform.buildRustPackage rec {
pname = "oxker";
version = "0.3.2";
version = "0.3.3";
src = fetchCrate {
inherit pname version;
sha256 = "sha256-HFZSIzP3G6f78gTOpzZFG5ZAo5Lo6VuxQe6xMvCVfss=";
sha256 = "sha256-2zdsVItGZYQydpC9E/uCbzOE9Xoh7zTqa9DpxA5qNCc=";
};
cargoHash = "sha256-ZsqxlwgXqw9eUEjw1DLBMz05V/y/ZbcrCL6I8TcnnDs=";
cargoHash = "sha256-FXYFQpiK2BGUz9GjsUPS9LWPeezbBQ3A33juoVCl71g=";
meta = with lib; {
description = "A simple tui to view & control docker containers";

6
pkgs/applications/misc/pueue/default.nix
View file

@ -10,16 +10,16 @@
rustPlatform.buildRustPackage rec {
pname = "pueue";
version = "3.2.0";
version = "3.3.0";
src = fetchFromGitHub {
owner = "Nukesor";
repo = "pueue";
rev = "v${version}";
hash = "sha256-Fk31k0JIe1KJW7UviA8yikjfwlcdRD92wehNbuEoH2w=";
hash = "sha256-X6q8ePaADv1+n/WmCp4SOhVm9lnc14qGhLSCxtc/ONw=";
};
cargoHash = "sha256-eVJuebau0Y9oelniCzvOk9riMMZ9cS7E/G6KinbQa6k=";
cargoHash = "sha256-lfWuOkKNNDQ0b6oncuCC3KOAgtQGvLptIbmdyY8vy6o=";
nativeBuildInputs = [
installShellFiles

4
pkgs/applications/misc/remnote/default.nix
View file

@ -6,11 +6,11 @@ stdenv.mkDerivation (finalAttrs: let
in
{
pname = "remnote";
version = "1.12.43";
version = "1.12.64";
src = fetchurl {
url = "https://download.remnote.io/remnote-desktop/RemNote-${version}.AppImage";
hash = "sha256-3GNp+0ZUZbUcBkE8DbIEDRYlWfG3HDTTS6wK3u42jJg=";
hash = "sha256-Pvz3bBpv4wN2NXxuKNNraCuOqvvtYOyg5PTSwMpL3cw=";
};
appexec = appimageTools.wrapType2 {
inherit pname version src;

2
pkgs/applications/misc/tumpa/default.nix
View file

@ -12,7 +12,7 @@ python3.pkgs.buildPythonApplication rec {
owner = "kushaldas";
repo = "tumpa";
rev = "v${version}";
sha256 = "17nhdildapgic5l05f3q1wf5jvz3qqdjv543c8gij1x9rdm8hgxi";
hash = "sha256-sT+IasupBxkfYoOULRvG429ZHA94uAJoYfFd1Whs0J4=";
};
propagatedBuildInputs = with python3.pkgs; [

6
pkgs/applications/networking/cluster/temporal-cli/default.nix
View file

@ -17,16 +17,16 @@ let
tctl-next = buildGoModule rec {
pname = "tctl-next";
version = "0.9.0";
version = "0.10.6";
src = fetchFromGitHub {
owner = "temporalio";
repo = "cli";
rev = "v${version}";
hash = "sha256-zgi1wNx7fWf/iFGKaVffcXnC90vUz+mBT6HhCGdXMa0=";
hash = "sha256-4kNuudnYBD6rgIkysP7dEjsRu/dFvTm3hkbBYZ6+Zh4=";
};
vendorHash = "sha256-EX1T3AygarJn4Zae2I8CHQrZakmbNF1OwE4YZFF+nKc=";
vendorHash = "sha256-ZECwF/avHKE4L9GHa2w5Lx71wD6UIAaPpRkUtpEVafI=";
inherit overrideModAttrs;

9
pkgs/applications/networking/cluster/terraform-providers/providers.json
View file

@ -961,6 +961,15 @@
"spdx": "Apache-2.0",
"vendorHash": "sha256-Tj+NefCIacwpPS9rNPPxV2lLeKsXJMZhf9Xo+Rzz6gI="
},
"proxmox": {
"hash": "sha256-ikXLLNoAjrnGGGI3fHTKFXm8YwqNazE/U39JTjOBsW4=",
"homepage": "https://registry.terraform.io/providers/Telmate/proxmox",
"owner": "Telmate",
"repo": "terraform-provider-proxmox",
"rev": "v2.9.14",
"spdx": "MIT",
"vendorHash": "sha256-um4iOwYO6ASv9wpu5Jua9anUZBKly4yVgI224Fk2dOM="
},
"rabbitmq": {
"hash": "sha256-ArteHTNNUxgiBJamnR1bJFDrvNnqjbJ6D3mj1XlpVUA=",
"homepage": "https://registry.terraform.io/providers/cyrilgdn/rabbitmq",

4
pkgs/applications/networking/cluster/vcluster/default.nix
View file

@ -2,13 +2,13 @@
buildGoModule rec {
pname = "vcluster";
version = "0.15.6";
version = "0.16.4";
src = fetchFromGitHub {
owner = "loft-sh";
repo = pname;
rev = "v${version}";
hash = "sha256-frYE/0PcVNlk+hwSCoPwSbL2se4dEP9g6aLDMGdn6x8=";
hash = "sha256-LL+fikMTg79d9goFEkmxwYvF9E0GrPNTLmFy2tfnQtg=";
};
vendorHash = null;

7
pkgs/applications/networking/instant-messengers/armcord/default.nix
View file

@ -20,7 +20,6 @@
, glib
, gtk3
, libappindicator-gtk3
, libdbusmenu
, libdrm
, libnotify
, libpulseaudio
@ -39,7 +38,7 @@
stdenv.mkDerivation rec {
pname = "armcord";
version = "3.2.4-libwebp";
version = "3.2.5";
src =
let
@ -48,11 +47,11 @@ stdenv.mkDerivation rec {
{
x86_64-linux = fetchurl {
url = "${base}/v${version}/ArmCord_${builtins.head (lib.splitString "-" version)}_amd64.deb";
hash = "sha256-WeHgai9vTaN04zMdAXmhemKroKH+kwHuOr/E85mfurE=";
hash = "sha256-6zlYm4xuYpG+Bgsq5S+B/Zt9TRB2GZnueKAg2ywYLE4=";
};
aarch64-linux = fetchurl {
url = "${base}/v${version}/ArmCord_${builtins.head (lib.splitString "-" version)}_arm64.deb";
hash = "sha256-4/vGdWXv8wrbF/EhMK6kJPjta0EOGH6C3kUyM0OTB8M=";
hash = "sha256-HJu1lRa3zOTohsPMe23puHxg1VMWNR2aOjDQJqc4TqE=";
};
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");

6
pkgs/applications/networking/instant-messengers/beeper/default.nix
View file

@ -11,11 +11,11 @@
}:
let
pname = "beeper";
version = "3.80.17";
version = "3.82.8";
name = "${pname}-${version}";
src = fetchurl {
url = "https://download.todesktop.com/2003241lzgn20jd/beeper-3.80.17-build-231010czwkkgnej.AppImage";
hash = "sha256-cfzfeM1czhZKz0HbbJw2PD3laJFg9JWppA2fKUb5szU=";
url = "https://download.todesktop.com/2003241lzgn20jd/beeper-3.82.8-build-231019pq0po3woq.AppImage";
hash = "sha256-tXPmTpbzWU+sUJHhyP2lexcAb33YmJnRaxX08G4CTaE=";
};
appimage = appimageTools.wrapType2 {
inherit version pname src;

10
pkgs/applications/networking/instant-messengers/matrix-dl/default.nix
View file

@ -1,8 +1,12 @@
{ lib, python3Packages, fetchFromGitHub }:
{ lib
, python3Packages
, fetchFromGitHub
}:
python3Packages.buildPythonApplication rec {
pname = "matrix-dl";
version = "unstable-2020-07-14";
format = "pyproject";
src = fetchFromGitHub {
owner = "rubo77";
@ -11,6 +15,10 @@ python3Packages.buildPythonApplication rec {
sha256 = "1l8nh8z7kz24v0wcy3ll3w6in2yxwa1yz8lyc3x0blz37d8ss4ql";
};
nativeBuildInputs = with python3Packages; [
setuptools
];
propagatedBuildInputs = with python3Packages; [
matrix-client
];

17
pkgs/applications/networking/irc/weechat/scripts/weechat-matrix/default.nix
View file

@ -34,10 +34,19 @@ in buildPythonPackage {
hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc=";
};
patches = fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/poljar/weechat-matrix/pull/309.patch";
sha256 = "sha256-Grdht+TOFvCYRpL7uhPivqL7YzLoNVF3iQNHgbv1Te0=";
};
patches = [
# server: remove set_npn_protocols()
(fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/poljar/weechat-matrix/pull/309.patch";
hash = "sha256-Grdht+TOFvCYRpL7uhPivqL7YzLoNVF3iQNHgbv1Te0=";
})
# Fix compatibility with matrix-nio 0.21
(fetchpatch {
url = "https://github.com/poljar/weechat-matrix/commit/feae9fda26ea9de98da9cd6733980a203115537e.patch";
hash = "sha256-MAfxJ85dqz5PNwp/GJdHA2VvXVdWh+Ayx5g0oHiw9rs=";
includes = ["matrix/config.py"];
})
];
propagatedBuildInputs = [
pyopenssl

4
pkgs/applications/networking/mailreaders/thunderbird/packages.nix
View file

@ -44,13 +44,13 @@ rec {
thunderbird-115 = (buildMozillaMach rec {
pname = "thunderbird";
version = "115.3.2";
version = "115.3.3";
application = "comm/mail";
applicationName = "Mozilla Thunderbird";
binaryName = pname;
src = fetchurl {
url = "mirror://mozilla/thunderbird/releases/${version}/source/thunderbird-${version}.source.tar.xz";
sha512 = "e94bdb940327296754324d8fcb055813247a79d377399b84184e0ff80123240d923aa3745c3076d37f06296c8cc49373db2d8e8a6ac4edeaf63cd56ca4652e35";
sha512 = "631042a3cdbcbae91d93eb71c0d4f6a1122e8bc7000d75fcc7d3cbdd0e82a4b31abac590c75771e77ab08d5700582b6dedacf62ce8e21a91e9ea81aedf1bbeaa";
};
extraPatches = [
# The file to be patched is different from firefox's `no-buildconfig-ffx90.patch`.

4
pkgs/applications/networking/nextcloud-client/default.nix
View file

@ -25,7 +25,7 @@
mkDerivation rec {
pname = "nextcloud-client";
version = "3.10.0";
version = "3.10.1";
outputs = [ "out" "dev" ];
@ -33,7 +33,7 @@ mkDerivation rec {
owner = "nextcloud";
repo = "desktop";
rev = "v${version}";
sha256 = "sha256-BNqMKL888DKuRiM537V7CBuCabg5YmGYGpWARtvs7go=";
sha256 = "sha256-PtWg9IMwZU0HG2pVHdRKgPQH8i2e72Fbs+q5wCwBsfo=";
};
patches = [

4
pkgs/applications/networking/remote/freerdp/default.nix
View file

@ -8,7 +8,7 @@
, alsa-lib
, faac
, faad2
, ffmpeg
, ffmpeg_5 # Depends on deprecated libav features
, glib
, openh264
, openssl
@ -112,7 +112,7 @@ stdenv.mkDerivation rec {
cairo
cups
faad2
ffmpeg
ffmpeg_5
glib
gst-plugins-base
gst-plugins-good

4
pkgs/applications/networking/sync/rclone/default.nix
View file

@ -6,13 +6,13 @@
buildGoModule rec {
pname = "rclone";
version = "1.64.1";
version = "1.64.2";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
hash = "sha256-JaUsclhAZpmVi3K9VdRfAber++ghiEfzmJDmeku9IXA=";
hash = "sha256-gOFOcqCgFAiTc6W3v8Z917hGCzxluswqnuOoUht73GA=";
};
vendorHash = "sha256-eYIGVCTvUfGbsIMFthEfD0r6aeA7Ly9xJ8PJ6hR2SjA=";

17
pkgs/applications/office/paperless-ngx/default.nix
View file

@ -1,6 +1,7 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, buildNpmPackage
, nixosTests
, gettext
@ -19,13 +20,13 @@
}:
let
version = "1.17.2";
version = "1.17.4";
src = fetchFromGitHub {
owner = "paperless-ngx";
repo = "paperless-ngx";
rev = "refs/tags/v${version}";
hash = "sha256-/0Ml3NRTghqNykB1RZfqDW9TtENnSRM7wqG7Vn4Kl04=";
hash = "sha256-Kl8AUfHfEiEy40qeDI8x2rxdXcj01mpitw7T/96ibQQ=";
};
# Use specific package versions required by paperless-ngx
@ -51,7 +52,7 @@ let
pname = "paperless-ngx-frontend";
inherit version src;
npmDepsHash = "sha256-6EvC9Ka8gl0eRgJtHooB3yQNVGYzuH/WRga4AtzQ0EY=";
npmDepsHash = "sha256-5Q9NtIO7k/6AiF9Er10HhmEBFyQOP9CiTkTZglUeChg=";
nativeBuildInputs = [
python3
@ -91,6 +92,16 @@ python.pkgs.buildPythonApplication rec {
inherit version src;
patches = [
# https://github.com/paperless-ngx/paperless-ngx/pull/4146
(fetchpatch {
name = "fix-tests-for-python311.patch";
url = "https://github.com/paperless-ngx/paperless-ngx/commit/73f6c0a056e3859061339e295f57213fd4239b2d.patch";
hash = "sha256-sZcRug5T4cw5ppKpGYrrfz9RxtYxnkeNOlXcMgdWT0E=";
})
];
nativeBuildInputs = [
gettext
];

1
pkgs/applications/office/zotero/default.nix
View file

@ -153,5 +153,6 @@ stdenv.mkDerivation rec {
license = licenses.agpl3Only;
platforms = platforms.linux;
maintainers = with maintainers; [ i077 ];
knownVulnerabilities = [ "CVE-2023-5217" ];
};
}

2
pkgs/applications/qubes/qubes-core-vchan-xen/default.nix
View file

@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
owner = "QubesOS";
repo = pname;
rev = "v${version}";
sha256 = "sha256:02l1vs5c2jfw22gxvl2fb66m0d99n8ya1i7rphsb5cxsljvxary0";
hash = "sha256:02l1vs5c2jfw22gxvl2fb66m0d99n8ya1i7rphsb5cxsljvxary0";
};
buildInputs = [ xen ];

4
pkgs/applications/radio/direwolf/default.nix
View file

@ -8,6 +8,7 @@
, hamlib
, hamlibSupport ? true
, perl
, portaudio
, python3
, espeak
, udev
@ -25,11 +26,14 @@ stdenv.mkDerivation rec {
sha256 = "0xmz64m02knbrpasfij4rrq53ksxna5idxwgabcw4n2b1ig7pyx5";
};
patches = [ ./fix-strlcpy-usage.patch ];
nativeBuildInputs = [ cmake ];
strictDeps = true;
buildInputs = lib.optionals stdenv.isLinux [ alsa-lib udev ]
++ lib.optionals stdenv.isDarwin [ portaudio ]
++ lib.optionals gpsdSupport [ gpsd ]
++ lib.optionals hamlibSupport [ hamlib ]
++ lib.optionals extraScripts [ python3 perl espeak ];

89
pkgs/applications/radio/direwolf/fix-strlcpy-usage.patch Normal file
View file

@ -0,0 +1,89 @@
strlcpy is now part of glibc, so there's absolutely no reason for a custom implementation, especially
one with printf debugging. Hence, removing all of that.
See also https://hydra.nixos.org/build/230546596
See glibc commit 454a20c8756c9c1d55419153255fc7692b3d2199
diff --git a/external/misc/strlcpy.c b/external/misc/strlcpy.c
index ff18800..b1cb443 100644
--- a/external/misc/strlcpy.c
+++ b/external/misc/strlcpy.c
@@ -56,65 +56,3 @@
#include "textcolor.h"
-/*
- * Copy src to string dst of size siz. At most siz-1 characters
- * will be copied. Always NUL terminates (unless siz == 0).
- * Returns strlen(src); if retval >= siz, truncation occurred.
- */
-
-#if DEBUG_STRL
-size_t strlcpy_debug(char *__restrict__ dst, const char *__restrict__ src, size_t siz, const char *file, const char *func, int line)
-#else
-size_t strlcpy_debug(char *__restrict__ dst, const char *__restrict__ src, size_t siz)
-#endif
-{
- char *d = dst;
- const char *s = src;
- size_t n = siz;
- size_t retval;
-
-#if DEBUG_STRL
- if (dst == NULL) {
- text_color_set (DW_COLOR_ERROR);
- dw_printf ("ERROR: strlcpy dst is NULL. (%s %s %d)\n", file, func, line);
- return (0);
- }
- if (src == NULL) {
- text_color_set (DW_COLOR_ERROR);
- dw_printf ("ERROR: strlcpy src is NULL. (%s %s %d)\n", file, func, line);
- return (0);
- }
- if (siz == 1 || siz == 4) {
- text_color_set (DW_COLOR_ERROR);
- dw_printf ("Suspicious strlcpy siz. Is it using sizeof a pointer variable? (%s %s %d)\n", file, func, line);
- }
-#endif
-
- /* Copy as many bytes as will fit */
- if (n != 0 && --n != 0) {
- do {
- if ((*d++ = *s++) == 0)
- break;
- } while (--n != 0);
- }
-
- /* Not enough room in dst, add NUL and traverse rest of src */
- if (n == 0) {
- if (siz != 0)
- *d = '\0'; /* NUL-terminate dst */
- while (*s++)
- ;
- }
-
- retval = s - src - 1; /* count does not include NUL */
-
-#if DEBUG_STRL
- if (retval >= siz) {
- text_color_set (DW_COLOR_ERROR);
- dw_printf ("WARNING: strlcpy result length %d exceeds maximum length %d. (%s %s %d)\n",
- (int)retval, (int)(siz-1), file, func, line);
- }
-#endif
- return (retval);
-}
-
diff --git a/src/direwolf.h b/src/direwolf.h
index efc329b..22eb748 100644
--- a/src/direwolf.h
+++ b/src/direwolf.h
@@ -294,7 +294,7 @@ char *strcasestr(const char *S, const char *FIND);
#define HAVE_STRLCPY 1
-#define DEBUG_STRL 1
+#define DEBUG_STRL 0
#if DEBUG_STRL

2
pkgs/applications/radio/qdmr/default.nix
View file

@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
owner = "hmatuschek";
repo = "qdmr";
rev = "v${version}";
sha256 = "sha256-YLGsKGcKIPd0ihd5IzlT71dYkxZfeH7BpnKQMEyY8dI=";
hash = "sha256-YLGsKGcKIPd0ihd5IzlT71dYkxZfeH7BpnKQMEyY8dI=";
};
nativeBuildInputs = [

4
pkgs/applications/science/astronomy/gnuastro/default.nix
View file

@ -3,11 +3,11 @@
stdenv.mkDerivation rec {
pname = "gnuastro";
version = "0.20";
version = "0.21";
src = fetchurl {
url = "mirror://gnu/gnuastro/gnuastro-${version}.tar.gz";
sha256 = "sha256-kkuLtqwc0VFj3a3Dqb/bi4jKx7UJnV+CHs7bw/Cwac0=";
sha256 = "sha256-L7qZPYQiORUXtV9+tRF4iUbXqIaqFYSYT9Rni90nU38=";
};
nativeBuildInputs = [ libtool ];

4
pkgs/applications/science/chemistry/apbs/default.nix
View file

@ -65,6 +65,10 @@ stdenv.mkDerivation (finalAttrs: {
substituteInPlace CMakeLists.txt \
--replace "include(ImportFETK)" "" \
--replace 'import_fetk(''${FETK_VERSION})' ""
# U was removed in python 3.11 because it had no effect
substituteInPlace tools/manip/inputgen.py \
--replace '"rU"' '"r"'
'';
nativeBuildInputs = [

7
pkgs/applications/science/math/sage/sage-src.nix
View file

@ -110,6 +110,13 @@ stdenv.mkDerivation rec {
url = "https://github.com/sagemath/sage/commit/d88bc3815c0901bfdeaa3e4a31107c084199f614.diff";
sha256 = "sha256-dXaEwk2wXxmx02sCw4Vu9mF0ZrydhFD4LRwNAiQsPgM=";
})
# https://github.com/sagemath/sage/pull/36279, landed in 10.2.beta4
(fetchpatch {
name = "matplotlib-3.8-upgrade.patch";
url = "https://github.com/sagemath/sage/commit/0fcf88935908440930c5f79202155aca4ad57518.diff";
sha256 = "sha256-mvqAHaTCXsxPv901L8HSTnrfghfXYdq0wfLoP/cYQZI=";
})
];
patches = nixPatches ++ bugfixPatches ++ packageUpgradePatches;

3
pkgs/applications/science/math/sage/sagelib.nix
View file

@ -78,6 +78,7 @@
, sphinx
, sympy
, typing-extensions
, nbclassic
}:
assert (!blas.isILP64) && (!lapack.isILP64);
@ -181,6 +182,8 @@ buildPythonPackage rec {
sphinx
sympy
typing-extensions
nbclassic
];
preBuild = ''

13
pkgs/applications/science/misc/root/default.nix
View file

@ -2,6 +2,7 @@
, lib
, callPackage
, fetchurl
, fetchpatch
, makeWrapper
, cmake
, coreutils
@ -109,6 +110,18 @@ stdenv.mkDerivation rec {
patches = [
./sw_vers.patch
# glibc >=2.38 already has strlcat implemented.
# merged upstream, remove on next package bump.
(fetchpatch {
url = "https://github.com/root-project/root/commit/8fb0e35446ed67c9d56639b4708c8f05459b7f84.patch";
hash = "sha256-7EabmYanqlQsYSQsi+S9eWs1v1pY6MncopL420Y3D4w=";
})
] ++ lib.optionals (python.pkgs.pythonAtLeast "3.11") [
# Fix build against Python 3.11
(fetchpatch {
url = "https://github.com/root-project/root/commit/484deb056dacf768aba4954073b41105c431bffc.patch";
hash = "sha256-4qur2e3SxMIPgOg4IjlvuULR2BObuP7xdvs+LmNT2/s=";
})
];
preConfigure = ''

4
pkgs/applications/science/robotics/qgroundcontrol/default.nix
View file

@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
pname = "qgroundcontrol";
version = "4.2.8";
qtInputs = [
propagatedBuildInputs = [
qtbase qtcharts qtlocation qtserialport qtsvg qtquickcontrols2
qtgraphicaleffects qtspeech qtx11extras
];
@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
wayland
];
buildInputs = [ SDL2 ] ++ gstInputs ++ qtInputs;
buildInputs = [ SDL2 ] ++ gstInputs ++ propagatedBuildInputs;
nativeBuildInputs = [ pkg-config qmake qttools wrapQtAppsHook ];
preConfigure = ''

6
pkgs/applications/version-management/gh/default.nix
View file

@ -2,16 +2,16 @@
buildGoModule rec {
pname = "gh";
version = "2.36.0";
version = "2.37.0";
src = fetchFromGitHub {
owner = "cli";
repo = "cli";
rev = "v${version}";
hash = "sha256-ya+Iuhe+vXNqt6mfpZ3h8jq++82AGMj+Zd4ozGFjuqY=";
hash = "sha256-EAvBPUm2U31gzpfyjEPClT1lbBYiITXpdc+T3nUMOeg=";
};
vendorHash = "sha256-tJDn3pyX5iTIa61OQXbErdBprqxu1N2LXqyJtpDQnBE=";
vendorHash = "sha256-G3cpR5S+upk3js5anZHXxcRayTEGMqnBpmtp4HO0pjQ=";
nativeBuildInputs = [ installShellFiles ];

6
pkgs/applications/version-management/git-mit/default.nix
View file

@ -10,7 +10,7 @@
}:
let
version = "5.12.162";
version = "5.12.163";
in
rustPlatform.buildRustPackage {
pname = "git-mit";
@ -20,10 +20,10 @@ rustPlatform.buildRustPackage {
owner = "PurpleBooth";
repo = "git-mit";
rev = "v${version}";
hash = "sha256-qwnzq1CKo7kJXITpPjKAhk1dbGSj6TXat7ioP7o3ifg=";
hash = "sha256-Vntwh3YVi6W5eoO0lgMkwMu6EhNhtZDSrkoIze8gBDs=";
};
cargoHash = "sha256-AGE+zA5DHabqgzCC/T1DDG9bGPciSdl1euZbbCeKPzQ=";
cargoHash = "sha256-l+fABvV3nBTUqd6oA6/b7mHIi9LObrsL7beEEveKxgU=";
nativeBuildInputs = [ pkg-config ];

4
pkgs/applications/version-management/git-repo/default.nix
View file

@ -4,13 +4,13 @@
stdenv.mkDerivation rec {
pname = "git-repo";
version = "2.37";
version = "2.38";
src = fetchFromGitHub {
owner = "android";
repo = "tools_repo";
rev = "v${version}";
hash = "sha256-6OAubRkNXIm1HaiDq4jzBPUhgbwQowSZXSqAzAe7Rv0=";
hash = "sha256-o3uNFGnccFU3ZSc8BZLh8JTc8517bho/qX6otC5oC5s=";
};
# Fix 'NameError: name 'ssl' is not defined'

59
pkgs/applications/video/catt/default.nix
View file

@ -1,55 +1,32 @@
{ lib
, fetchFromGitHub
, fetchPypi
, fetchpatch
, python3
}:
let
py = python3.override {
packageOverrides = self: super: {
# Upstream is pinning releases incl. dependencies of their dependencies
zeroconf = super.zeroconf.overridePythonAttrs (oldAttrs: rec {
version = "0.31.0";
src = fetchFromGitHub {
owner = "jstasiak";
repo = "python-zeroconf";
rev = version;
hash = "sha256-8pYbIkPsg16VelwqpYSzqfAJaCU37lun+XZ/crzCDZU=";
};
});
click = super.click.overridePythonAttrs (oldAttrs: rec {
version = "7.1.2";
src = oldAttrs.src.override {
inherit version;
hash = "sha256-0rUlXHxjSbwb0eWeCM0SrLvWPOZJ8liHVXg6qU37axo=";
};
disabledTests = [ "test_bytes_args" ]; # https://github.com/pallets/click/commit/6e05e1fa1c2804
});
pychromecast = super.pychromecast.overridePythonAttrs (oldAttrs: rec {
version = "9.2.0";
src = oldAttrs.src.override {
inherit version;
hash = "sha256-bTRZNXXPd1Zd9Hr0x13UfGplgx7BiowQtTZ7LxwXLwo=";
};
});
};
};
in
with py.pkgs;
buildPythonApplication rec {
python3.pkgs.buildPythonApplication rec {
pname = "catt";
version = "0.12.7";
format = "setuptools";
version = "0.12.11";
format = "pyproject";
src = fetchPypi {
inherit pname version;
hash = "sha256-Q9ePWRLwuuTG+oPKFg7xn1gj4uAVlXUxegWdyH3Yd90=";
hash = "sha256-0bqYYfWwF7yYoAbjZPhi/f4CLcL89imWGYaMi5Bwhtc=";
};
propagatedBuildInputs = [
patches = [
(fetchpatch {
# set explicit build-system
url = "https://github.com/skorokithakis/catt/commit/08e7870a239e85badd30982556adc2aa8a8e4fc1.patch";
hash = "sha256-QH5uN3zQNVPP6Th2LHdDBF53WxwMhoyhhQUAZOeHh4k=";
})
];
nativeBuildInputs = with python3.pkgs; [
poetry-core
];
propagatedBuildInputs = with python3.pkgs; [
click
ifaddr
pychromecast

0
pkgs/applications/video/manim/conftest- Normal file
View file

13
pkgs/applications/video/manim/default.nix
View file

@ -68,27 +68,29 @@ let
in python.pkgs.buildPythonApplication rec {
pname = "manim";
format = "pyproject";
version = "0.16.0.post0";
pyproject = true;
version = "0.17.3";
disabled = python3.pythonOlder "3.8";
src = fetchFromGitHub {
owner = "ManimCommunity";
repo = pname;
rev = "refs/tags/v${version}";
sha256 = "sha256-iXiPnI6lTP51P1X3iLp75ArRP66o8WAANBLoStPrz4M=";
sha256 = "sha256-TU/b5nwk5Xc9wmFKAIMeBwC4YBy7HauGeGV9/n4Y64c=";
};
nativeBuildInputs = with python.pkgs; [
poetry-core
];
patches = [
./pytest-report-header.patch
];
postPatch = ''
substituteInPlace pyproject.toml \
--replace "--no-cov-on-fail --cov=manim --cov-report xml --cov-report term" "" \
--replace 'cloup = "^0.13.0"' 'cloup = "*"' \
--replace 'mapbox-earcut = "^0.12.10"' 'mapbox-earcut = "*"' \
--replace 'click = ">=7.2<=9.0"' 'click = ">=7.2,<=9.0"' # https://github.com/ManimCommunity/manim/pull/2954
'';
buildInputs = [ cairo ];
@ -119,6 +121,7 @@ in python.pkgs.buildPythonApplication rec {
screeninfo
skia-pathops
srt
svgelements
tqdm
watchdog
];

21
pkgs/applications/video/manim/pytest-report-header.patch Normal file
View file

@ -0,0 +1,21 @@
diff --git a/conftest.py b/conftest.py
index da37e19b..d9f850d8 100644
--- a/conftest.py
+++ b/conftest.py
@@ -32,16 +32,3 @@ def temp_media_dir(tmpdir, monkeypatch, request):
with tempconfig({"media_dir": str(tmpdir)}):
assert config.media_dir == str(tmpdir)
yield tmpdir
-
-
-def pytest_report_header(config):
- ctx = moderngl.create_standalone_context()
- info = ctx.info
- ctx.release()
- return (
- "\nOpenGL information",
- "------------------",
- f"vendor: {info['GL_VENDOR'].strip()}",
- f"renderer: {info['GL_RENDERER'].strip()}",
- f"version: {info['GL_VERSION'].strip()}\n",
- )

4
pkgs/applications/video/ustreamer/default.nix
View file

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
pname = "ustreamer";
version = "5.41";
version = "5.42";
src = fetchFromGitHub {
owner = "pikvm";
repo = "ustreamer";
rev = "v${version}";
hash = "sha256-N70wBKiKfOhlAR9qOSkc6dlO44lJXHWiUYb8nwXMKxo=";
hash = "sha256-V4ScXzZwh3fWCWmeGeb1hce+INYBmf3wtemwNch5FjY=";
};
buildInputs = [ libbsd libevent libjpeg ];

4
pkgs/applications/video/vdr/markad/default.nix
View file

@ -19,12 +19,12 @@
}:
stdenv.mkDerivation rec {
pname = "vdr-markad";
version = "3.3.3";
version = "3.3.5";
src = fetchFromGitHub {
repo = "vdr-plugin-markad";
owner = "kfb77";
sha256 = "sha256-wU8hfNss0Lxvf9CqFhDAPOxIVaG/9vNR620xpEJkxWI=";
sha256 = "sha256-5D4nlGZfmPaNaLx2PoqLRqlbcukpM6DHpCtqmee+cww=";
rev = "V${version}";
};

2
pkgs/applications/video/w_scan2/default.nix
View file

@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
owner = "stefantalpalaru";
repo = "w_scan2";
rev = version;
sha256 = "sha256-fDFAJ4EMwu4X1Go3jkRjwA66xDY4tJ5wCKlEdZUT4qQ=";
hash = "sha256-fDFAJ4EMwu4X1Go3jkRjwA66xDY4tJ5wCKlEdZUT4qQ=";
};
meta = {

2
pkgs/applications/virtualization/kvmtool/default.nix
View file

@ -10,6 +10,8 @@ stdenv.mkDerivation {
sha256 = "sha256-wpc5DfHnui0lBVH4uOq6a7pXVUZStjNLRvauu6QpRvE=";
};
patches = [ ./strlcpy-glibc-2.38-fix.patch ];
buildInputs = lib.optionals stdenv.hostPlatform.isAarch64 [ dtc ];
enableParallelBuilding = true;

25
pkgs/applications/virtualization/kvmtool/strlcpy-glibc-2.38-fix.patch Normal file
View file

@ -0,0 +1,25 @@
Manually tell the compiler that strlcpy exists. The `try-build` function seems
somewhat broken, i.e. any code that I try to pass to it doesn't link because of an
"undefined reference to main" error (and some more quoting issues with newlines being
swalloed).
Because both musl and glibc seemt o support strlcpy nowadays, I decided to just skip the
possibly broken feature-check and hardcode that it exists.
diff --git a/Makefile b/Makefile
index ed2414b..37be9cd 100644
--- a/Makefile
+++ b/Makefile
@@ -239,10 +239,8 @@ endif
# On a given system, some libs may link statically, some may not; so, check
# both and only build those that link!
-ifeq ($(call try-build,$(SOURCE_STRLCPY),$(CFLAGS),$(LDFLAGS)),y)
- CFLAGS_DYNOPT += -DHAVE_STRLCPY
- CFLAGS_STATOPT += -DHAVE_STRLCPY
-endif
+CFLAGS_DYNOPT += -DHAVE_STRLCPY
+CFLAGS_STATOPT += -DHAVE_STRLCPY
ifeq ($(call try-build,$(SOURCE_BFD),$(CFLAGS),$(LDFLAGS) -lbfd -static),y)
CFLAGS_STATOPT += -DCONFIG_HAS_BFD

5838
pkgs/applications/window-managers/cosmic/applets/Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

62
pkgs/applications/window-managers/cosmic/applets/default.nix Normal file
View file

@ -0,0 +1,62 @@
{ lib, stdenv, fetchFromGitHub, rust, rustPlatform
, cargo, just, pkg-config, util-linuxMinimal
, dbus, glib, libxkbcommon, pulseaudio, wayland
}:
rustPlatform.buildRustPackage {
pname = "cosmic-applets";
version = "unstable-2023-10-04";
src = fetchFromGitHub {
owner = "pop-os";
repo = "cosmic-applets";
rev = "fefaea9b63548b1baa5e64521b860234ee46339a";
hash = "sha256-I+18NCKLH/3QajYpZRPYmCUxkbptAjuEHfKtnZVOlH4=";
};
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"accesskit-0.11.0" = "sha256-/6KUCH1CwMHd5YEMOpAdVeAxpjl9JvrzDA4Xnbd1D9k=";
"cosmic-client-toolkit-0.1.0" = "sha256-pVWK+dODQxNej5jWyb5wX/insoiXkX8NFBDkDEejVV0=";
"cosmic-config-0.1.0" = "sha256-pUDuRHX46fbcPw19s5DEsPyJdb/Bem/lJg+3NEO/WX0=";
"cosmic-dbus-networkmanager-0.1.0" = "sha256-eWqB+zRCfJYdrcPE8Ey+WgzPBJltN0zRiutzgdtWsDA=";
"cosmic-notifications-config-0.1.0" = "sha256-KnPQdrMpzA05v4bt0Fz9fbcKdC0cSU60Hv7wqrthIaw=";
"cosmic-panel-config-0.1.0" = "sha256-H3QuiP7Og69wm9yCX/uoSG0aQ3B/61q9Sdj+rW4KZMU=";
"cosmic-time-0.3.0" = "sha256-JiTwbJSml8azelBr6b3cBvJsuAL1hmHtuHx2TJupEzE=";
"smithay-client-toolkit-0.17.0" = "sha256-v3FxzDypxSfbEU50+oDoqrGWPm+S+kDZQq//3Q4DDRU=";
"softbuffer-0.2.0" = "sha256-VD2GmxC58z7Qfu/L+sfENE+T8L40mvUKKSfgLmCTmjY=";
"xdg-shell-wrapper-config-0.1.0" = "sha256-Otxp8D5dNZl70K1ZIBswGj6K5soGVbVim7gutUHkBvw=";
};
};
postPatch = ''
substituteInPlace justfile --replace '#!/usr/bin/env' "#!$(command -v env)"
'';
nativeBuildInputs = [ just pkg-config util-linuxMinimal ];
buildInputs = [ dbus glib libxkbcommon pulseaudio wayland ];
dontUseJustBuild = true;
justFlags = [
"--set" "prefix" (placeholder "out")
"--set" "target" "${rust.lib.toRustTargetSpecShort stdenv.hostPlatform}/release"
];
# Force linking to libwayland-client, which is always dlopen()ed.
"CARGO_TARGET_${rust.toRustTargetForUseInEnvVars stdenv.hostPlatform}_RUSTFLAGS" =
map (a: "-C link-arg=${a}") [
"-Wl,--push-state,--no-as-needed"
"-lwayland-client"
"-Wl,--pop-state"
];
meta = with lib; {
homepage = "https://github.com/pop-os/cosmic-applets";
description = "Applets for the COSMIC Desktop Environment";
license = licenses.gpl3Only;
maintainers = with maintainers; [ qyliss ];
platforms = platforms.linux;
};
}

5606
pkgs/applications/window-managers/cosmic/comp/Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

61
pkgs/applications/window-managers/cosmic/comp/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ lib, rustPlatform, fetchFromGitHub, makeBinaryWrapper, pkg-config
, libinput, libglvnd, libxkbcommon, mesa, seatd, udev, wayland, xorg
}:
rustPlatform.buildRustPackage {
pname = "cosmic-comp";
version = "unstable-2023-10-04";
src = fetchFromGitHub {
owner = "pop-os";
repo = "cosmic-comp";
rev = "a3ac6c42b6913193b76e481d9a60f775f67aa858";
hash = "sha256-nPQx3Pkd9WAq9ooLs8K8UI1rCHYwJlu88SP2PbC/avU=";
};
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"calloop-0.12.2" = "sha256-d/LB65l1DEC/5Kk8yvenTQYfIFBs99XqXn4tAM2mfHI=";
"cosmic-config-0.1.0" = "sha256-0HKv0/UHZMpSGF54aCip9PbwfWiWMSMHZpiipM6Qrf0=";
"cosmic-protocols-0.1.0" = "sha256-oBE/69A4haCN6Etih6B8SlbSnKg1bEocI6Rvf9IegLE=";
"id_tree-1.8.0" = "sha256-uKdKHRfPGt3vagOjhnri3aYY5ar7O3rp2/ivTfM2jT0=";
"smithay-0.3.0" = "sha256-7oOVAoEl+X09e0+V1eR5GviodntMbineEO8Igk2+BM0=";
"smithay-egui-0.1.0" = "sha256-FcSoKCwYk3okwQURiQlDUcfk9m/Ne6pSblGAzHDaVHg=";
"softbuffer-0.2.0" = "sha256-VD2GmxC58z7Qfu/L+sfENE+T8L40mvUKKSfgLmCTmjY=";
"taffy-0.3.11" = "sha256-Py9D8+L9G+sBkHPtlenOdugH5nQKTXa+XdKArOg5+qU=";
};
};
separateDebugInfo = true;
nativeBuildInputs = [ makeBinaryWrapper pkg-config ];
buildInputs = [ libglvnd libinput libxkbcommon mesa seatd udev wayland ];
# Force linking to libEGL, which is always dlopen()ed, and to
# libwayland-client, which is always dlopen()ed except by the
# obscure winit backend.
RUSTFLAGS = map (a: "-C link-arg=${a}") [
"-Wl,--push-state,--no-as-needed"
"-lEGL"
"-lwayland-client"
"-Wl,--pop-state"
];
# These libraries are only used by the X11 backend, which will not
# be the common case, so just make them available, don't link them.
postInstall = ''
wrapProgram $out/bin/cosmic-comp \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [
xorg.libX11 xorg.libXcursor xorg.libXi xorg.libXrandr
]}
'';
meta = with lib; {
homepage = "https://github.com/pop-os/cosmic-comp";
description = "Compositor for the COSMIC Desktop Environment";
license = licenses.gpl3Only;
maintainers = with maintainers; [ qyliss ];
platforms = platforms.linux;
};
}

3165
pkgs/applications/window-managers/cosmic/panel/Cargo.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

54
pkgs/applications/window-managers/cosmic/panel/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ lib, stdenv, fetchFromGitHub, cargo, just, pkg-config, rust, rustPlatform
, libglvnd, libxkbcommon, wayland
}:
rustPlatform.buildRustPackage {
pname = "cosmic-panel";
version = "unstable-2023-09-22";
src = fetchFromGitHub {
owner = "pop-os";
repo = "cosmic-panel";
rev = "df55f44f504c1cee9377cb331c1fb9d95ca83967";
hash = "sha256-qf1ITvP6PPATZ6jvlc0UuCes1UYMseY4Wr57/5xRZPE=";
};
cargoLock = {
lockFile = ./Cargo.lock;
outputHashes = {
"cosmic-client-toolkit-0.1.0" = "sha256-pVWK+dODQxNej5jWyb5wX/insoiXkX8NFBDkDEejVV0=";
"cosmic-config-0.1.0" = "sha256-XsFfQzR1gn8Je5lbd6PmSgz/T7XAFTVnR1G6pUY+eX4=";
"cosmic-notifications-util-0.1.0" = "sha256-wRUPovWJucsrKGhjHXku/4UoZf9ih9+Wpbs0sLN+oCI=";
"launch-pad-0.1.0" = "sha256-gFtUtrD/cUVpLxPvg6iLxxAK97LTlvI4uLxo06UYIU4=";
"smithay-0.3.0" = "sha256-hulj6zr4h8A9RElQyrJBy3lvYMd7COe3uDaFMMaWNrM=";
"smithay-client-toolkit-0.17.0" = "sha256-13fXDYqO/701tzoOk8ujHtzgzzz1N6GGbcHUrsNhQ0U=";
"xdg-shell-wrapper-0.1.0" = "sha256-VCiDjvcCsb02LMo7UpEROV6lzX2DYf4Ix9zfEDO2pUg=";
};
};
nativeBuildInputs = [ just pkg-config ];
buildInputs = [ libglvnd libxkbcommon wayland ];
dontUseJustBuild = true;
justFlags = [
"--set" "prefix" (placeholder "out")
"--set" "bin-src" "target/${rust.lib.toRustTargetSpecShort stdenv.hostPlatform}/release/cosmic-panel"
];
# Force linking to libEGL, which is always dlopen()ed.
"CARGO_TARGET_${rust.toRustTargetForUseInEnvVars stdenv.hostPlatform}_RUSTFLAGS" =
map (a: "-C link-arg=${a}") [
"-Wl,--push-state,--no-as-needed"
"-lEGL"
"-Wl,--pop-state"
];
meta = with lib; {
homepage = "https://github.com/pop-os/cosmic-panel";
description = "Panel for the COSMIC Desktop Environment";
license = licenses.gpl3Only;
maintainers = with maintainers; [ qyliss ];
platforms = platforms.linux;
};
}

2
pkgs/applications/window-managers/cwm/default.nix
View file

@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
owner = "leahneukirchen";
repo = pname;
rev = "v${version}";
sha256 = "sha256-L3u4mH2UH2pTHhSPVr5dUi94b9DheslkIWL6EgQ05yA=";
hash = "sha256-L3u4mH2UH2pTHhSPVr5dUi94b9DheslkIWL6EgQ05yA=";
};
strictDeps = true;

2
pkgs/build-support/cc-wrapper/cc-wrapper.sh
View file

@ -31,7 +31,6 @@ cxxLibrary=1
cInclude=1
expandResponseParams "$@"
linkType=$(checkLinkType "${params[@]}")
declare -ag positionalArgs=()
declare -i n=0
@ -175,6 +174,7 @@ extraAfter=(${hardeningCFlagsAfter[@]+"${hardeningCFlagsAfter[@]}"} $NIX_CFLAGS_
extraBefore=(${hardeningCFlagsBefore[@]+"${hardeningCFlagsBefore[@]}"} $NIX_CFLAGS_COMPILE_BEFORE_@suffixSalt@)
if [ "$dontLink" != 1 ]; then
linkType=$(checkLinkType $NIX_LDFLAGS_BEFORE_@suffixSalt@ "${params[@]}" ${NIX_CFLAGS_LINK_@suffixSalt@:-} $NIX_LDFLAGS_@suffixSalt@)
# Add the flags that should only be passed to the compiler when
# linking.

Some files were not shown because too many files have changed in this diff Show more