swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 04:19:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2023-11-27 00:02:41 +00:00 committed by GitHub
parent e5bb78518f cbfa8ce87f
commit d5776afdf5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
65 changed files with 841 additions and 619 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/packages/darwin-builder.section.md
View file

@ -94,7 +94,11 @@ $ sudo launchctl kickstart -k system/org.nixos.nix-daemon
system = linuxSystem;
modules = [
"${nixpkgs}/nixos/modules/profiles/macos-builder.nix"
{ virtualisation.host.pkgs = pkgs; }
{ virtualisation = {
host.pkgs = pkgs;
darwin-builder.workingDirectory = "/var/lib/darwin-builder";
};
};
];
};
in {

32
lib/meta.nix
View file

@ -3,6 +3,11 @@
{ lib }:
let
inherit (lib) matchAttrs any all;
inherit (builtins) isString;
in
rec {
@ -83,14 +88,21 @@ rec {
We can inject these into a pattern for the whole of a structured platform,
and then match that.
*/
platformMatch = platform: elem: let
pattern =
if builtins.isString elem
then { system = elem; }
else if elem?parsed
then elem
else { parsed = elem; };
in lib.matchAttrs pattern platform;
platformMatch = platform: elem: (
# Check with simple string comparison if elem was a string.
#
# The majority of comparisons done with this function will be against meta.platforms
# which contains a simple platform string.
#
# Avoiding an attrset allocation results in significant performance gains (~2-30) across the board in OfBorg
# because this is a hot path for nixpkgs.
if isString elem then platform ? system && elem == platform.system
else matchAttrs (
# Normalize platform attrset.
if elem ? parsed then elem
else { parsed = elem; }
) platform
);
/* Check if a package is available on a given platform.
@ -102,8 +114,8 @@ rec {
2. None of `meta.badPlatforms` pattern matches the given platform.
*/
availableOn = platform: pkg:
((!pkg?meta.platforms) || lib.any (platformMatch platform) pkg.meta.platforms) &&
lib.all (elem: !platformMatch platform elem) (pkg.meta.badPlatforms or []);
((!pkg?meta.platforms) || any (platformMatch platform) pkg.meta.platforms) &&
all (elem: !platformMatch platform elem) (pkg.meta.badPlatforms or []);
/* Get the corresponding attribute in lib.licenses
from the SPDX ID.

20
lib/tests/misc.nix
View file

@ -1948,4 +1948,24 @@ runTests {
testGetExe'FailureSecondArg = testingThrow (
getExe' { type = "derivation"; } "dir/executable"
);
testPlatformMatch = {
expr = meta.platformMatch { system = "x86_64-linux"; } "x86_64-linux";
expected = true;
};
testPlatformMatchAttrs = {
expr = meta.platformMatch (systems.elaborate "x86_64-linux") (systems.elaborate "x86_64-linux").parsed;
expected = true;
};
testPlatformMatchNoMatch = {
expr = meta.platformMatch { system = "x86_64-darwin"; } "x86_64-linux";
expected = false;
};
testPlatformMatchMissingSystem = {
expr = meta.platformMatch { } "x86_64-linux";
expected = false;
};
}

8
nixos/doc/manual/release-notes/rl-2311.section.md
View file

@ -22,16 +22,20 @@
- [`sudo-rs`], a reimplementation of `sudo` in Rust, is now supported.
An experimental new module `security.sudo-rs` was added.
Switching to it (via `security.sudo.enable = false; security.sudo-rs.enable = true;`) introduces
Switching to it (via ` security.sudo-rs.enable = true;`) introduces
slight changes in sudo behaviour, due to `sudo-rs`' current limitations:
- terminfo-related environment variables aren't preserved for `root` and `wheel`;
- `root` and `wheel` are not given the ability to set (or preserve)
arbitrary environment variables.
- [glibc](https://www.gnu.org/software/libc/) has been updated from version 2.37 to 2.38, see [the release notes](https://sourceware.org/glibc/wiki/Release/2.38) for what was changed.
**Note:** The `sudo-rs` module only takes configuration through `security.sudo-rs`,
and in particular does not automatically use previously-set rules; this could be
achieved with `security.sudo-rs.extraRules = security.sudo.extraRules;` for instance.
[`sudo-rs`]: https://github.com/memorysafety/sudo-rs/
- [glibc](https://www.gnu.org/software/libc/) has been updated from version 2.37 to 2.38, see [the release notes](https://sourceware.org/glibc/wiki/Release/2.38) for what was changed.
- `linuxPackages_testing_bcachefs` is now soft-deprecated by `linuxPackages_testing`.
- Please consider changing your NixOS configuration's `boot.kernelPackages` to `linuxPackages_testing` until a stable kernel with bcachefs support is released.

13
nixos/modules/security/pam.nix
View file

@ -943,6 +943,11 @@ let
value.source = pkgs.writeText "${name}.pam" service.text;
};
optionalSudoConfigForSSHAgentAuth = optionalString config.security.pam.enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
'';
in
{
@ -1532,9 +1537,7 @@ in
concatLines
]);
security.sudo.extraConfig = optionalString config.security.pam.enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
'';
};
security.sudo.extraConfig = optionalSudoConfigForSSHAgentAuth;
security.sudo-rs.extraConfig = optionalSudoConfigForSSHAgentAuth;
};
}

77
nixos/modules/security/sudo-rs.nix
View file

@ -4,16 +4,9 @@ with lib;
let
inherit (pkgs) sudo sudo-rs;
cfg = config.security.sudo-rs;
enableSSHAgentAuth =
with config.security;
pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth;
usingMillersSudo = cfg.package.pname == sudo.pname;
usingSudoRs = cfg.package.pname == sudo-rs.pname;
inherit (config.security.pam) enableSSHAgentAuth;
toUserString = user: if (isInt user) then "#${toString user}" else "${user}";
toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}";
@ -41,33 +34,19 @@ in
defaultOptions = mkOption {
type = with types; listOf str;
default = optional usingMillersSudo "SETENV";
defaultText = literalMD ''
`[ "SETENV" ]` if using the default `sudo` implementation
'';
default = [];
description = mdDoc ''
Options used for the default rules, granting `root` and the
`wheel` group permission to run any command as any user.
'';
};
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Whether to enable the {command}`sudo` command, which
allows non-root users to execute commands as root.
'';
};
enable = mkEnableOption (mdDoc ''
a memory-safe implementation of the {command}`sudo` command,
which allows non-root users to execute commands as root.
'');
package = mkOption {
type = types.package;
default = pkgs.sudo-rs;
defaultText = literalExpression "pkgs.sudo-rs";
description = mdDoc ''
Which package to use for `sudo`.
'';
};
package = mkPackageOption pkgs "sudo-rs" { };
wheelNeedsPassword = mkOption {
type = types.bool;
@ -208,6 +187,12 @@ in
###### implementation
config = mkIf cfg.enable {
assertions = [ {
assertion = ! config.security.sudo.enable;
message = "`security.sudo` and `security.sudo-rs` cannot both be enabled";
}];
security.sudo.enable = mkDefault false;
security.sudo-rs.extraRules =
let
defaultRule = { users ? [], groups ? [], opts ? [] }: [ {
@ -235,20 +220,16 @@ in
# Don't edit this file. Set the NixOS options security.sudo-rs.configFile
# or security.sudo-rs.extraRules instead.
''
(optionalString enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
'')
(concatStringsSep "\n" (
lists.flatten (
map (
rule: optionals (length rule.commands != 0) [
(map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users)
(map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups)
]
) cfg.extraRules
)
) + "\n")
(pipe cfg.extraRules [
(filter (rule: length rule.commands != 0))
(map (rule: [
(map (user: "${toUserString user} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.users)
(map (group: "${toGroupString group} ${rule.host}=(${rule.runAs}) ${toCommandsString rule.commands}") rule.groups)
]))
flatten
(concatStringsSep "\n")
])
"\n"
(optionalString (cfg.extraConfig != "") ''
# extraConfig
${cfg.extraConfig}
@ -265,18 +246,12 @@ in
source = "${cfg.package.out}/bin/sudo";
inherit owner group setuid permissions;
};
# sudo-rs does not yet ship a sudoedit (as of v0.2.0)
sudoedit = mkIf usingMillersSudo {
source = "${cfg.package.out}/bin/sudoedit";
inherit owner group setuid permissions;
};
};
environment.systemPackages = [ sudo ];
environment.systemPackages = [ cfg.package ];
security.pam.services.sudo = { sshAgentAuth = true; usshAuth = true; };
security.pam.services.sudo-i = mkIf usingSudoRs
{ sshAgentAuth = true; usshAuth = true; };
security.pam.services.sudo-i = { sshAgentAuth = true; usshAuth = true; };
environment.etc.sudoers =
{ source =
@ -285,7 +260,7 @@ in
src = pkgs.writeText "sudoers-in" cfg.configFile;
preferLocalBuild = true;
}
"${pkgs.buildPackages."${cfg.package.pname}"}/bin/visudo -f $src -c && cp $src $out";
"${pkgs.buildPackages.sudo-rs}/bin/visudo -f $src -c && cp $src $out";
mode = "0440";
};

35
nixos/modules/services/backup/btrbk.nix
View file

@ -47,8 +47,21 @@ let
then [ "${name} ${value}" ]
else concatLists (mapAttrsToList (genSection name) value);
sudoRule = {
users = [ "btrbk" ];
commands = [
{ command = "${pkgs.btrfs-progs}/bin/btrfs"; options = [ "NOPASSWD" ]; }
{ command = "${pkgs.coreutils}/bin/mkdir"; options = [ "NOPASSWD" ]; }
{ command = "${pkgs.coreutils}/bin/readlink"; options = [ "NOPASSWD" ]; }
# for ssh, they are not the same than the one hard coded in ${pkgs.btrbk}
{ command = "/run/current-system/sw/bin/btrfs"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/mkdir"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; }
];
};
sudo_doas =
if config.security.sudo.enable then "sudo"
if config.security.sudo.enable || config.security.sudo-rs.enable then "sudo"
else if config.security.doas.enable then "doas"
else throw "The btrbk nixos module needs either sudo or doas enabled in the configuration";
@ -157,22 +170,10 @@ in
};
config = mkIf (sshEnabled || serviceEnabled) {
environment.systemPackages = [ pkgs.btrbk ] ++ cfg.extraPackages;
security.sudo = mkIf (sudo_doas == "sudo") {
extraRules = [
{
users = [ "btrbk" ];
commands = [
{ command = "${pkgs.btrfs-progs}/bin/btrfs"; options = [ "NOPASSWD" ]; }
{ command = "${pkgs.coreutils}/bin/mkdir"; options = [ "NOPASSWD" ]; }
{ command = "${pkgs.coreutils}/bin/readlink"; options = [ "NOPASSWD" ]; }
# for ssh, they are not the same than the one hard coded in ${pkgs.btrbk}
{ command = "/run/current-system/sw/bin/btrfs"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/mkdir"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; }
];
}
];
};
security.sudo.extraRules = mkIf (sudo_doas == "sudo") [ sudoRule ];
security.sudo-rs.extraRules = mkIf (sudo_doas == "sudo") [ sudoRule ];
security.doas = mkIf (sudo_doas == "doas") {
extraRules = let
doasCmdNoPass = cmd: { users = [ "btrbk" ]; cmd = cmd; noPass = true; };

19
nixos/modules/services/misc/amazon-ssm-agent.nix
View file

@ -15,6 +15,11 @@ let
-r) echo "${config.system.nixos.version}";;
esac
'';
sudoRule = {
users = [ "ssm-user" ];
commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
};
in {
imports = [
(mkRenamedOptionModule [ "services" "ssm-agent" "enable" ] [ "services" "amazon-ssm-agent" "enable" ])
@ -54,17 +59,9 @@ in {
# Add user that Session Manager needs, and give it sudo.
# This is consistent with Amazon Linux 2 images.
security.sudo.extraRules = [
{
users = [ "ssm-user" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
security.sudo.extraRules = [ sudoRule ];
security.sudo-rs.extraRules = [ sudoRule ];
# On Amazon Linux 2 images, the ssm-user user is pretty much a
# normal user with its own group. We do the same.
users.groups.ssm-user = {};

5
nixos/modules/services/monitoring/telegraf.nix
View file

@ -53,6 +53,10 @@ in {
###### implementation
config = mkIf config.services.telegraf.enable {
services.telegraf.extraConfig = {
inputs = {};
outputs = {};
};
systemd.services.telegraf = let
finalConfigFile = if config.services.telegraf.environmentFiles == []
then configFile
@ -61,6 +65,7 @@ in {
description = "Telegraf Agent";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
path = lib.optional (config.services.telegraf.extraConfig.inputs ? procstat) pkgs.procps;
serviceConfig = {
EnvironmentFile = config.services.telegraf.environmentFiles;
ExecStartPre = lib.optional (config.services.telegraf.environmentFiles != [])

15
nixos/modules/services/web-apps/mediawiki.nix
View file

@ -20,21 +20,21 @@ let
pkg = pkgs.stdenv.mkDerivation rec {
pname = "mediawiki-full";
version = src.version;
inherit (src) version;
src = cfg.package;
installPhase = ''
mkdir -p $out
cp -r * $out/
rm -rf $out/share/mediawiki/skins/*
rm -rf $out/share/mediawiki/extensions/*
# try removing directories before symlinking to allow overwriting any builtin extension or skin
${concatStringsSep "\n" (mapAttrsToList (k: v: ''
rm -rf $out/share/mediawiki/skins/${k}
ln -s ${v} $out/share/mediawiki/skins/${k}
'') cfg.skins)}
${concatStringsSep "\n" (mapAttrsToList (k: v: ''
rm -rf $out/share/mediawiki/extensions/${k}
ln -s ${if v != null then v else "$src/share/mediawiki/extensions/${k}"} $out/share/mediawiki/extensions/${k}
'') cfg.extensions)}
'';
@ -540,9 +540,8 @@ in
locations = {
"~ ^/w/(index|load|api|thumb|opensearch_desc|rest|img_auth)\\.php$".extraConfig = ''
rewrite ^/w/(.*) /$1 break;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
'';
"/w/images/".alias = withTrailingSlash cfg.uploadsDir;
@ -573,7 +572,7 @@ in
# Explicit access to the root website, redirect to main page (adapt as needed)
"= /".extraConfig = ''
return 301 /wiki/Main_Page;
return 301 /wiki/;
'';
# Every other entry point will be disallowed.
@ -634,7 +633,7 @@ in
++ optional (cfg.webserver == "apache" && cfg.database.createLocally && cfg.database.type == "postgres") "postgresql.service";
users.users.${user} = {
group = group;
inherit group;
isSystemUser = true;
};
users.groups.${group} = {};

246
nixos/modules/virtualisation/nixos-containers.nix
View file

@ -771,141 +771,147 @@ in
};
config = mkIf (config.boot.enableContainers) (let
config = mkMerge [
{
warnings = optional (!config.boot.enableContainers && config.containers != {})
"containers.<name> is used, but boot.enableContainers is false. To use containers.<name>, set boot.enableContainers to true.";
}
unit = {
description = "Container '%i'";
(mkIf (config.boot.enableContainers) (let
unit = {
description = "Container '%i'";
unitConfig.RequiresMountsFor = "${stateDirectory}/%i";
unitConfig.RequiresMountsFor = "${stateDirectory}/%i";
path = [ pkgs.iproute2 ];
path = [ pkgs.iproute2 ];
environment = {
root = "${stateDirectory}/%i";
INSTANCE = "%i";
environment = {
root = "${stateDirectory}/%i";
INSTANCE = "%i";
};
preStart = preStartScript dummyConfig;
script = startScript dummyConfig;
postStart = postStartScript dummyConfig;
restartIfChanged = false;
serviceConfig = serviceDirectives dummyConfig;
};
in {
warnings =
(optional (config.virtualisation.containers.enable && versionOlder config.system.stateVersion "22.05") ''
Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported.
'');
preStart = preStartScript dummyConfig;
systemd.targets.multi-user.wants = [ "machines.target" ];
script = startScript dummyConfig;
systemd.services = listToAttrs (filter (x: x.value != null) (
# The generic container template used by imperative containers
[{ name = "container@"; value = unit; }]
# declarative containers
++ (mapAttrsToList (name: cfg: nameValuePair "container@${name}" (let
containerConfig = cfg // (
optionalAttrs cfg.enableTun
{
allowedDevices = cfg.allowedDevices
++ [ { node = "/dev/net/tun"; modifier = "rw"; } ];
additionalCapabilities = cfg.additionalCapabilities
++ [ "CAP_NET_ADMIN" ];
}
);
in
recursiveUpdate unit {
preStart = preStartScript containerConfig;
script = startScript containerConfig;
postStart = postStartScript containerConfig;
serviceConfig = serviceDirectives containerConfig;
unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i";
environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i";
} // (
optionalAttrs containerConfig.autoStart
{
wantedBy = [ "machines.target" ];
wants = [ "network.target" ];
after = [ "network.target" ];
restartTriggers = [
containerConfig.path
config.environment.etc."${configurationDirectoryName}/${name}.conf".source
];
restartIfChanged = containerConfig.restartIfChanged;
}
)
)) config.containers)
));
postStart = postStartScript dummyConfig;
restartIfChanged = false;
serviceConfig = serviceDirectives dummyConfig;
};
in {
warnings =
(optional (config.virtualisation.containers.enable && versionOlder config.system.stateVersion "22.05") ''
Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported.
'');
systemd.targets.multi-user.wants = [ "machines.target" ];
systemd.services = listToAttrs (filter (x: x.value != null) (
# The generic container template used by imperative containers
[{ name = "container@"; value = unit; }]
# declarative containers
++ (mapAttrsToList (name: cfg: nameValuePair "container@${name}" (let
containerConfig = cfg // (
optionalAttrs cfg.enableTun
{
allowedDevices = cfg.allowedDevices
++ [ { node = "/dev/net/tun"; modifier = "rw"; } ];
additionalCapabilities = cfg.additionalCapabilities
++ [ "CAP_NET_ADMIN" ];
}
);
in
recursiveUpdate unit {
preStart = preStartScript containerConfig;
script = startScript containerConfig;
postStart = postStartScript containerConfig;
serviceConfig = serviceDirectives containerConfig;
unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i";
environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i";
} // (
optionalAttrs containerConfig.autoStart
{
wantedBy = [ "machines.target" ];
wants = [ "network.target" ];
after = [ "network.target" ];
restartTriggers = [
containerConfig.path
config.environment.etc."${configurationDirectoryName}/${name}.conf".source
];
restartIfChanged = containerConfig.restartIfChanged;
}
)
)) config.containers)
));
# Generate a configuration file in /etc/nixos-containers for each
# container so that container@.target can get the container
# configuration.
environment.etc =
let mkPortStr = p: p.protocol + ":" + (toString p.hostPort) + ":" + (if p.containerPort == null then toString p.hostPort else toString p.containerPort);
in mapAttrs' (name: cfg: nameValuePair "${configurationDirectoryName}/${name}.conf"
{ text =
''
SYSTEM_PATH=${cfg.path}
${optionalString cfg.privateNetwork ''
PRIVATE_NETWORK=1
${optionalString (cfg.hostBridge != null) ''
HOST_BRIDGE=${cfg.hostBridge}
# Generate a configuration file in /etc/nixos-containers for each
# container so that container@.target can get the container
# configuration.
environment.etc =
let mkPortStr = p: p.protocol + ":" + (toString p.hostPort) + ":" + (if p.containerPort == null then toString p.hostPort else toString p.containerPort);
in mapAttrs' (name: cfg: nameValuePair "${configurationDirectoryName}/${name}.conf"
{ text =
''
SYSTEM_PATH=${cfg.path}
${optionalString cfg.privateNetwork ''
PRIVATE_NETWORK=1
${optionalString (cfg.hostBridge != null) ''
HOST_BRIDGE=${cfg.hostBridge}
''}
${optionalString (length cfg.forwardPorts > 0) ''
HOST_PORT=${concatStringsSep "," (map mkPortStr cfg.forwardPorts)}
''}
${optionalString (cfg.hostAddress != null) ''
HOST_ADDRESS=${cfg.hostAddress}
''}
${optionalString (cfg.hostAddress6 != null) ''
HOST_ADDRESS6=${cfg.hostAddress6}
''}
${optionalString (cfg.localAddress != null) ''
LOCAL_ADDRESS=${cfg.localAddress}
''}
${optionalString (cfg.localAddress6 != null) ''
LOCAL_ADDRESS6=${cfg.localAddress6}
''}
''}
${optionalString (length cfg.forwardPorts > 0) ''
HOST_PORT=${concatStringsSep "," (map mkPortStr cfg.forwardPorts)}
INTERFACES="${toString cfg.interfaces}"
MACVLANS="${toString cfg.macvlans}"
${optionalString cfg.autoStart ''
AUTO_START=1
''}
${optionalString (cfg.hostAddress != null) ''
HOST_ADDRESS=${cfg.hostAddress}
''}
${optionalString (cfg.hostAddress6 != null) ''
HOST_ADDRESS6=${cfg.hostAddress6}
''}
${optionalString (cfg.localAddress != null) ''
LOCAL_ADDRESS=${cfg.localAddress}
''}
${optionalString (cfg.localAddress6 != null) ''
LOCAL_ADDRESS6=${cfg.localAddress6}
''}
''}
INTERFACES="${toString cfg.interfaces}"
MACVLANS="${toString cfg.macvlans}"
${optionalString cfg.autoStart ''
AUTO_START=1
''}
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts +
optionalString (cfg.extraFlags != [])
(" " + concatStringsSep " " cfg.extraFlags)}"
'';
}) config.containers;
EXTRA_NSPAWN_FLAGS="${mkBindFlags cfg.bindMounts +
optionalString (cfg.extraFlags != [])
(" " + concatStringsSep " " cfg.extraFlags)}"
'';
}) config.containers;
# Generate /etc/hosts entries for the containers.
networking.extraHosts = concatStrings (mapAttrsToList (name: cfg: optionalString (cfg.localAddress != null)
''
${head (splitString "/" cfg.localAddress)} ${name}.containers
'') config.containers);
# Generate /etc/hosts entries for the containers.
networking.extraHosts = concatStrings (mapAttrsToList (name: cfg: optionalString (cfg.localAddress != null)
''
${head (splitString "/" cfg.localAddress)} ${name}.containers
'') config.containers);
networking.dhcpcd.denyInterfaces = [ "ve-*" "vb-*" ];
networking.dhcpcd.denyInterfaces = [ "ve-*" "vb-*" ];
services.udev.extraRules = optionalString config.networking.networkmanager.enable ''
# Don't manage interfaces created by nixos-container.
ENV{INTERFACE}=="v[eb]-*", ENV{NM_UNMANAGED}="1"
'';
services.udev.extraRules = optionalString config.networking.networkmanager.enable ''
# Don't manage interfaces created by nixos-container.
ENV{INTERFACE}=="v[eb]-*", ENV{NM_UNMANAGED}="1"
'';
environment.systemPackages = [
nixos-container
];
environment.systemPackages = [
nixos-container
];
boot.kernelModules = [
"bridge"
"macvlan"
"tap"
"tun"
];
});
boot.kernelModules = [
"bridge"
"macvlan"
"tap"
"tun"
];
}))
];
meta.buildDocsInSandbox = false;
}

6
nixos/tests/sudo-rs.nix
View file

@ -22,11 +22,8 @@ in
test5 = { isNormalUser = true; };
};
security.sudo.enable = false;
security.sudo-rs = {
enable = true;
package = pkgs.sudo-rs;
wheelNeedsPassword = false;
extraRules = [
@ -56,10 +53,7 @@ in
noadmin = { isNormalUser = true; };
};
security.sudo.enable = false;
security.sudo-rs = {
package = pkgs.sudo-rs;
enable = true;
wheelNeedsPassword = false;
execWheelOnly = true;

1
nixos/tests/telegraf.nix
View file

@ -12,6 +12,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
services.telegraf.extraConfig = {
agent.interval = "1s";
agent.flush_interval = "1s";
inputs.procstat = {};
inputs.exec = {
commands = [
"${pkgs.runtimeShell} -c 'echo $SECRET,tag=a i=42i'"

2
nixos/tests/web-servers/stargazer.nix
View file

@ -24,7 +24,7 @@
geminiserver.wait_for_open_port(1965)
with subtest("check is serving over gemini"):
response = geminiserver.succeed("${pkgs.gmni}/bin/gmni -j once -i -N gemini://localhost:1965")
response = geminiserver.succeed("${pkgs.gemget}/bin/gemget --header -o - gemini://localhost:1965")
print(response)
assert "Hello NixOS!" in response
'';

4
pkgs/applications/editors/openvi/default.nix
View file

@ -7,13 +7,13 @@
stdenv.mkDerivation rec {
pname = "openvi";
version = "7.4.26";
version = "7.4.27";
src = fetchFromGitHub {
owner = "johnsonjh";
repo = "OpenVi";
rev = version;
hash = "sha256-Fgsw4ovq7PXqPF5ECVFJulrcHdsbRQsvy62DAr4RRr4=";
hash = "sha256-3cqe6woJvJt0ckI3aOhF0gARKy8VMCfWxIiiglkHBTo=";
};
buildInputs = [ ncurses perl ];

12
pkgs/applications/editors/sublime/4/packages.nix
View file

@ -5,15 +5,15 @@ let
in
{
sublime4 = common {
buildVersion = "4152";
x64sha256 = "bt48g1GZWYlwQcZQboUHU8GZYmA7cb2fc6Ylrh5NNVQ=";
aarch64sha256 = "nSH5a5KRYzqLMnLo2mFk3WpjL9p6Qh3zNy8oFPEHHoA=";
buildVersion = "4169";
x64sha256 = "jk9wKC0QgfhiHDYUcnDhsmgJsBPOUmCkyvQeI54IJJ4=";
aarch64sha256 = "/W/xGbE+8gGu1zNh6lERZrfG9Dh9QUGkYiqTzp216JI=";
} {};
sublime4-dev = common {
buildVersion = "4155";
buildVersion = "4168";
dev = true;
x64sha256 = "owcux1/CjXQsJ8/6ex3CWV1/Wvh/ofZFH7yNQtxl9d4=";
aarch64sha256 = "YAcdpBDmaajQPvyp8ypJNom+XOKx2YKA2uylfxlKuZY=";
x64sha256 = "KfW1Mh78CUBTmthHQd1s15a7GrmssSnWZ1RgaarJeag=";
aarch64sha256 = "qJ9oix1kwWN+TUb5/WSKyHcHzB+Q87XolMOhmqx1OFc=";
} {};
}

10
pkgs/applications/emulators/citra/default.nix
View file

@ -9,19 +9,19 @@ let
# Please make sure to update this when updating citra!
compat-list = fetchurl {
name = "citra-compat-list";
url = "https://web.archive.org/web/20230807103651/https://api.citra-emu.org/gamedb/";
url = "https://web.archive.org/web/20231111133415/https://api.citra-emu.org/gamedb";
hash = "sha256-J+zqtWde5NgK2QROvGewtXGRAWUTNSKHNMG6iu9m1fU=";
};
in {
nightly = qt6Packages.callPackage ./generic.nix rec {
pname = "citra-nightly";
version = "1963";
version = "2043";
src = fetchFromGitHub {
owner = "citra-emu";
repo = "citra-nightly";
rev = "nightly-${version}";
sha256 = "0ggi1l8327s43xaxs616g0s9vmal6q7vsv69bn07gp71gchhcmyi";
sha256 = "sha256-26M3uzqp4rUMOhr619UooupZT11B03IJfamUPNkceQk=";
fetchSubmodules = true;
};
@ -30,13 +30,13 @@ in {
canary = qt6Packages.callPackage ./generic.nix rec {
pname = "citra-canary";
version = "2573";
version = "2695";
src = fetchFromGitHub {
owner = "citra-emu";
repo = "citra-canary";
rev = "canary-${version}";
sha256 = "sha256-tQJ3WcqGcnW9dOiwDrBgL0n3UNp1DGQ/FjCR28Xjdpc=";
sha256 = "sha256-090er4aUGze8bk3DIFZoa+/6EcJhr4bim3nWgZHs1mo=";
fetchSubmodules = true;
};

107
pkgs/applications/emulators/citra/generic.nix
View file

@ -6,70 +6,93 @@
, lib
, stdenv
, fetchFromGitHub
, cmake
, boost
, pkg-config
, libusb1
, catch2_3
, cpp-jwt
, cryptopp
, enet
, ffmpeg
, fmt
, glslang
, httplib
, inih
, libusb1
, nlohmann_json
, openal
, openssl
, SDL2
, soundtouch
, spirv-tools
, zstd
, libressl
, enableSdl2 ? true, SDL2
, enableQt ? true, qtbase, qtmultimedia, wrapQtAppsHook
, vulkan-headers
, vulkan-loader
, enableSdl2Frontend ? true
, enableQt ? true, qtbase, qtmultimedia, qtwayland, wrapQtAppsHook
, enableQtTranslation ? enableQt, qttools
, enableWebService ? true
, enableCubeb ? true, cubeb
, enableFfmpegAudioDecoder ? true
, enableFfmpegVideoDumper ? true
, ffmpeg_4
, useDiscordRichPresence ? true, rapidjson
, enableFdk ? false, fdk_aac
}:
assert lib.assertMsg (!enableFfmpegAudioDecoder || !enableFdk) "Can't enable both enableFfmpegAudioDecoder and enableFdk";
stdenv.mkDerivation rec {
stdenv.mkDerivation {
inherit pname version src;
nativeBuildInputs = [
cmake
glslang
pkg-config
ffmpeg
glslang
] ++ lib.optionals enableQt [ wrapQtAppsHook ];
buildInputs = [
boost
catch2_3
cpp-jwt
cryptopp
# intentionally omitted: dynarmic - prefer vendored version for compatibility
enet
fmt
httplib
inih
libusb1
] ++ lib.optionals enableQt [ qtbase qtmultimedia ]
++ lib.optional enableSdl2 SDL2
nlohmann_json
openal
openssl
SDL2
soundtouch
spirv-tools
vulkan-headers
# intentionally omitted: xbyak - prefer vendored version for compatibility
zstd
] ++ lib.optionals enableQt [ qtbase qtmultimedia qtwayland ]
++ lib.optional enableQtTranslation qttools
++ lib.optionals enableCubeb cubeb.passthru.backendLibs
++ lib.optional (enableFfmpegAudioDecoder || enableFfmpegVideoDumper) ffmpeg_4
++ lib.optional useDiscordRichPresence rapidjson
++ lib.optional enableFdk fdk_aac;
++ lib.optional enableCubeb cubeb
++ lib.optional useDiscordRichPresence rapidjson;
cmakeFlags = [
"-DUSE_SYSTEM_BOOST=ON"
"-DCITRA_WARNINGS_AS_ERRORS=OFF"
"-DCITRA_USE_BUNDLED_FFMPEG=OFF"
"-DCITRA_USE_BUNDLED_QT=OFF"
"-DUSE_SYSTEM_SDL2=ON"
"-DCMAKE_INSTALL_INCLUDEDIR=include"
"-DCMAKE_INSTALL_LIBDIR=lib"
"-DUSE_SYSTEM_LIBS=ON"
# We dont want to bother upstream with potentially outdated compat reports
"-DDISABLE_SYSTEM_DYNARMIC=ON"
"-DDISABLE_SYSTEM_GLSLANG=ON" # The following imported targets are referenced, but are missing: SPIRV-Tools-opt
"-DDISABLE_SYSTEM_LODEPNG=ON" # Not packaged in nixpkgs
"-DDISABLE_SYSTEM_VMA=ON"
"-DDISABLE_SYSTEM_XBYAK=ON"
# We don't want to bother upstream with potentially outdated compat reports
"-DCITRA_ENABLE_COMPATIBILITY_REPORTING=ON"
"-DENABLE_COMPATIBILITY_LIST_DOWNLOAD=OFF" # We provide this deterministically
] ++ lib.optional (!enableSdl2) "-DENABLE_SDL2=OFF"
] ++ lib.optional (!enableSdl2Frontend) "-DENABLE_SDL2_FRONTEND=OFF"
++ lib.optional (!enableQt) "-DENABLE_QT=OFF"
++ lib.optional enableQtTranslation "-DENABLE_QT_TRANSLATION=ON"
++ lib.optional (!enableWebService) "-DENABLE_WEB_SERVICE=OFF"
++ lib.optional (!enableCubeb) "-DENABLE_CUBEB=OFF"
++ lib.optional enableFfmpegAudioDecoder "-DENABLE_FFMPEG_AUDIO_DECODER=ON"
++ lib.optional enableFfmpegVideoDumper "-DENABLE_FFMPEG_VIDEO_DUMPER=ON"
++ lib.optional useDiscordRichPresence "-DUSE_DISCORD_PRESENCE=ON"
++ lib.optional enableFdk "-DENABLE_FDK=ON";
++ lib.optional useDiscordRichPresence "-DUSE_DISCORD_PRESENCE=ON";
postPatch = with lib; let
# causes redefinition of _FORTIFY_SOURCE
hardeningDisable = [ "fortify3" ];
postPatch = let
branchCaptialized = (lib.toUpper (lib.substring 0 1 branch) + lib.substring 1 (-1) branch);
in ''
# Fix file not found when looking in var/empty instead of opt
@ -85,19 +108,17 @@ stdenv.mkDerivation rec {
# Add versions
echo 'set(BUILD_FULLNAME "${branchCaptialized} ${version}")' >> CMakeModules/GenerateBuildInfo.cmake
# Devendoring
rm -rf externals/zstd externals/libressl
cp -r ${zstd.src} externals/zstd
tar xf ${libressl.src} -C externals/
mv externals/${libressl.name} externals/libressl
chmod -R a+w externals/zstd
'';
# Fixes https://github.com/NixOS/nixpkgs/issues/171173
postInstall = lib.optionalString (enableCubeb && enableSdl2) ''
postInstall = let
libs = lib.makeLibraryPath [ vulkan-loader ];
in lib.optionalString enableSdl2Frontend ''
wrapProgram "$out/bin/citra" \
--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath cubeb.passthru.backendLibs}
--prefix LD_LIBRARY_PATH : ${libs}
'' + lib.optionalString enableQt ''
qtWrapperArgs+=(
--prefix LD_LIBRARY_PATH : ${libs}
)
'';
meta = with lib; {

4
pkgs/applications/gis/qgis/unwrapped-ltr.nix
View file

@ -76,14 +76,14 @@ let
urllib3
];
in mkDerivation rec {
version = "3.28.12";
version = "3.28.13";
pname = "qgis-ltr-unwrapped";
src = fetchFromGitHub {
owner = "qgis";
repo = "QGIS";
rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}";
hash = "sha256-C80ZrQW7WFXz8UMXSt3FJcK2gDd292H24Ic3pJD/yqI=";
hash = "sha256-5UHyRxWFqhTq97VNb8AU8QYGaY0lmGB8bo8yXp1vnFQ=";
};
passthru = {

4
pkgs/applications/gis/qgis/unwrapped.nix
View file

@ -77,14 +77,14 @@ let
urllib3
];
in mkDerivation rec {
version = "3.34.0";
version = "3.34.1";
pname = "qgis-unwrapped";
src = fetchFromGitHub {
owner = "qgis";
repo = "QGIS";
rev = "final-${lib.replaceStrings [ "." ] [ "_" ] version}";
hash = "sha256-+Yzp8kfd7cfxTwsrxRo+6uS+2Aj4HfKA2E8hSf7htsU=";
hash = "sha256-y+MATjhGUh0Qu4mNRALmP04Zd2/ozvaJnJDdM38Cy+w=";
};
passthru = {

8
pkgs/applications/misc/clipcat/default.nix
View file

@ -8,16 +8,16 @@
rustPlatform.buildRustPackage rec {
pname = "clipcat";
version = "0.6.2";
version = "0.7.0";
src = fetchFromGitHub {
owner = "xrelkd";
repo = pname;
rev = "v${version}";
sha256 = "sha256-sofP+zyyakB4w1R3wS/FNDTOWwNeDJyB5CBtR3yZsmE=";
hash = "sha256-MEyKUSEGVELk00TtKdfEgfzc3zwBllYrIjtC4NVbmRo=";
};
cargoHash = "sha256-aOXAjxmk5uqBOw/l1CW/LbeBucr7p4iudbVY6d7yEjg=";
cargoHash = "sha256-LiTZfkp0uuKgfl4uaxNEJAn7UlrHHaWh/ivaJxYhULY=";
nativeBuildInputs = [
protobuf
@ -33,7 +33,7 @@ rustPlatform.buildRustPackage rec {
# cargo-nextest help us retry the failed test cases
NEXTEST_RETRIES = 5;
# Some test cases need to interactive with X11, we use xvfb-run here
# Some test cases interact with X11, we use xvfb-run here
checkPhase = ''
xvfb-run --auto-servernum cargo nextest run --release --workspace --no-fail-fast --no-capture
'';

4
pkgs/applications/misc/khard/default.nix
View file

@ -1,12 +1,12 @@
{ lib, python3, fetchPypi, khard, testers }:
python3.pkgs.buildPythonApplication rec {
version = "0.18.0";
version = "0.19.0";
pname = "khard";
src = fetchPypi {
inherit pname version;
sha256 = "05860fdayqap128l7i6bcmi9kdyi2gx02g2pmh88d56xgysd927y";
sha256 = "sha256-5ki+adfz7m0+FbxC9+IXHLn8oeLKLkASuU15lyDATKQ=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;

92
pkgs/applications/networking/instant-messengers/mirage/default.nix
View file

@ -1,92 +0,0 @@
{ lib
, stdenv
, mkDerivation
, fetchFromGitHub
, libXScrnSaver
, olm
, pkg-config
, pyotherside
, python3Packages
, qmake
, qtbase
, qtgraphicaleffects
, qtkeychain
, qtmultimedia
, qtquickcontrols2
, wrapQtAppsHook
}:
mkDerivation rec {
pname = "mirage";
version = "0.7.2";
src = fetchFromGitHub {
owner = "mirukana";
repo = pname;
rev = "v${version}";
sha256 = "sha256-dJS4lAXHHNUEAG75gQaS9+aQTTTj8KHqHjISioynFdY=";
fetchSubmodules = true;
};
nativeBuildInputs = [
pkg-config
python3Packages.wrapPython
qmake
wrapQtAppsHook
];
buildInputs = [
libXScrnSaver
olm
pyotherside
qtbase
qtgraphicaleffects
qtkeychain
qtmultimedia
qtquickcontrols2
] ++ pythonPath;
pythonPath = with python3Packages; [
pillow
aiofiles
appdirs
cairosvg
filetype
html-sanitizer
lxml
mistune
pymediainfo
plyer
sortedcontainers
watchgod
redbaron
hsluv
simpleaudio
setuptools
watchgod
dbus-python
matrix-nio
] ++ matrix-nio.optional-dependencies.e2e;
qmakeFlags = [
"PREFIX=${placeholder "out"}"
"CONFIG+=qtquickcompiler"
];
dontWrapQtApps = true;
postInstall = ''
buildPythonPath "$out $pythonPath"
wrapProgram $out/bin/mirage \
--prefix PYTHONPATH : "$PYTHONPATH" \
"''${qtWrapperArgs[@]}"
'';
meta = with lib; {
homepage = "https://github.com/mirukana/mirage";
description = "A fancy, customizable, keyboard-operable Qt/QML+Python Matrix chat client for encrypted and decentralized communication";
license = licenses.lgpl3Plus;
maintainers = with maintainers; [ colemickens AndersonTorres ];
inherit (qtbase.meta) platforms;
broken = stdenv.isDarwin || python3Packages.isPy37 || python3Packages.isPy38;
};
}

7
pkgs/applications/networking/instant-messengers/twinkle/default.nix
View file

@ -21,13 +21,13 @@
mkDerivation rec {
pname = "twinkle";
version = "unstable-2021-02-06";
version = "unstable-2023-03-25";
src = fetchFromGitHub {
owner = "LubosD";
repo = "twinkle";
rev = "2301b66a3f54b266675415d261985488d86e9e4c";
sha256 = "xSwcaj1Hm62iL7C/AxqjVR07VEae8gDgYdr2EWmCoOM=";
rev = "355813d5640ad58c84dc063826069384470ce310";
hash = "sha256-u+RewFwW17Oz2+lJLlmwebaGn4ebTBquox9Av7Jh1as=";
};
buildInputs = [
@ -56,6 +56,7 @@ mkDerivation rec {
"-DWITH_G729=On"
"-DWITH_SPEEX=On"
"-DWITH_ILBC=On"
"-DHAVE_LIBATOMIC=atomic"
/* "-DWITH_DIAMONDCARD=On" seems ancient and broken */
];

4
pkgs/applications/radio/cloudlog/default.nix
View file

@ -8,13 +8,13 @@
stdenvNoCC.mkDerivation rec {
pname = "cloudlog";
version = "2.5.0";
version = "2.5.1";
src = fetchFromGitHub {
owner = "magicbug";
repo = "Cloudlog";
rev = version;
hash = "sha256-4+aP+y7TNCq7zGOK3HCrl1NQOmpOHezfbL9B1vW2AUo=";
hash = "sha256-wFtMMphHz8JBX4hpgD85wn4G7Qs4/nwRcrW12A1tQm4=";
};
postPatch = ''

3
pkgs/applications/science/biology/igv/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchzip, jdk11 }:
{ lib, stdenv, fetchzip, jdk11, wrapGAppsHook }:
stdenv.mkDerivation rec {
pname = "igv";
@ -24,6 +24,7 @@ stdenv.mkDerivation rec {
chmod +x $out/bin/igv
chmod +x $out/bin/igvtools
'';
nativeBuildInputs = [ wrapGAppsHook ];
meta = with lib; {
homepage = "https://www.broadinstitute.org/igv/";

8
pkgs/applications/version-management/forgejo/default.nix
View file

@ -24,7 +24,7 @@ let
pname = "forgejo-frontend";
inherit (forgejo) src version;
npmDepsHash = "sha256-YZzVw+WWqTmJafqnZ5vrzb7P6V4DTMNQwW1/+wvZEM8=";
npmDepsHash = "sha256-7ruJczJ2cE51UmoER8C3JsGm0p3RTwfqKx0eErB7LZs=";
patches = [
./package-json-npm-build-frontend.patch
@ -39,17 +39,17 @@ let
in
buildGoModule rec {
pname = "forgejo";
version = "1.20.5-1";
version = "1.21.1-0";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "forgejo";
repo = "forgejo";
rev = "v${version}";
hash = "sha256-4arWZge+RC2lwa6CQIEsDHo229cElspm0TJo3JHz2WQ=";
hash = "sha256-e7Y1YBJq3PwYl7hf5KUa/CSI4ihbpN/TjWwltjNwXRM=";
};
vendorHash = "sha256-dgtZjsLBwblhdge3BvdbK/mN/TeZKps9K5dJbqomtjo=";
vendorHash = "sha256-+/wOEF44dSqy7ZThZyd66xyI3wVnFwZbsAd4ujyVku8=";
subPackages = [ "." ];

3
pkgs/applications/window-managers/sway/wrapper.nix
View file

@ -1,4 +1,5 @@
{ lib
, sway-unwrapped
, makeWrapper, symlinkJoin, writeShellScriptBin
, withBaseWrapper ? true, extraSessionCommands ? "", dbus
, withGtkWrapper ? false, wrapGAppsHook, gdk-pixbuf, glib, gtk3
@ -10,8 +11,6 @@
, dbusSupport ? true
}:
sway-unwrapped:
assert extraSessionCommands != "" -> withBaseWrapper;
with lib;

9
pkgs/build-support/build-graalvm-native-image/default.nix
View file

@ -3,6 +3,7 @@
, glibcLocales
# The GraalVM derivation to use
, graalvmDrv
, removeReferencesTo
, executable ? args.pname
# JAR used as input for GraalVM derivation, defaults to src
, jar ? args.src
@ -38,12 +39,13 @@ let
"buildPhase"
"nativeBuildInputs"
"installPhase"
"postInstall"
];
in
stdenv.mkDerivation ({
inherit dontUnpack jar;
nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ graalvmDrv glibcLocales ];
nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ graalvmDrv glibcLocales removeReferencesTo ];
nativeImageBuildArgs = nativeImageBuildArgs ++ extraNativeImageBuildArgs ++ [ graalvmXmx ];
@ -63,6 +65,11 @@ stdenv.mkDerivation ({
runHook postInstall
'';
postInstall = ''
remove-references-to -t ${graalvmDrv} $out/bin/${executable}
${args.postInstall or ""}
'';
disallowedReferences = [ graalvmDrv ];
passthru = { inherit graalvmDrv; };

26
pkgs/build-support/node/fetch-yarn-deps/index.js
View file

@ -88,10 +88,17 @@ const isGitUrl = pattern => {
}
const downloadPkg = (pkg, verbose) => {
const [ name, spec ] = pkg.key.split('@', 2);
if (spec.startsWith('file:')) {
console.info(`ignoring relative file:path dependency "${spec}"`)
const fileMarker = '@file:'
const split = pkg.key.split(fileMarker)
if (split.length == 2) {
console.info(`ignoring lockfile entry "${split[0]}" which points at path "${split[1]}"`)
return
} else if (split.length > 2) {
throw new Error(`The lockfile entry key "${pkg.key}" contains "${fileMarker}" more than once. Processing is not implemented.`)
}
if (pkg.resolved === undefined) {
throw new Error(`The lockfile entry with key "${pkg.key}" cannot be downloaded because it is missing the "resolved" attribute, which should contain the URL to download from. The lockfile might be invalid.`)
}
const [ url, hash ] = pkg.resolved.split('#')
@ -133,19 +140,10 @@ const performParallel = tasks => {
const prefetchYarnDeps = async (lockContents, verbose) => {
const lockData = lockfile.parse(lockContents)
const tasks = Object.values(
await performParallel(
Object.entries(lockData.object)
.map(([key, value]) => {
return { key, ...value }
})
.reduce((out, pkg) => {
out[pkg.resolved] = pkg
return out
}, {})
.map(([key, value]) => () => downloadPkg({ key, ...value }, verbose))
)
.map(pkg => () => downloadPkg(pkg, verbose))
await performParallel(tasks)
await fs.promises.writeFile('yarn.lock', lockContents)
if (verbose) console.log('Done')
}

4
pkgs/build-support/node/fetch-yarn-deps/tests/default.nix
View file

@ -1,6 +1,10 @@
{ testers, fetchYarnDeps, ... }:
{
file = testers.invalidateFetcherByDrvHash fetchYarnDeps {
yarnLock = ./file.lock;
sha256 = "sha256-BPuyQVCbdpFL/iRhmarwWAmWO2NodlVCOY9JU+4pfa4=";
};
simple = testers.invalidateFetcherByDrvHash fetchYarnDeps {
yarnLock = ./simple.lock;
sha256 = "sha256-FRrt8BixleILmFB2ZV8RgPNLqgS+dlH5nWoPgeaaNQ8=";

9
pkgs/build-support/node/fetch-yarn-deps/tests/file.lock Normal file
View file

@ -0,0 +1,9 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
"@org/somepack@file:vendor/orgpacks/somepack/assets":
version "1.0.0"
"otherpack@file:vendor/otherpack":
version "1.0.0"

42
pkgs/build-support/vm/default.nix
View file

@ -1034,24 +1034,46 @@ rec {
};
debian11i386 = {
name = "debian-11.6-bullseye-i386";
fullName = "Debian 11.6 Bullseye (i386)";
name = "debian-11.8-bullseye-i386";
fullName = "Debian 11.8 Bullseye (i386)";
packagesList = fetchurl {
url = "https://snapshot.debian.org/archive/debian/20230131T034648Z/dists/bullseye/main/binary-i386/Packages.xz";
hash = "sha256-z9eG7RlvelEnZAaeCfIO+XxTZVL3d+zTA7ShU43l/pw=";
url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bullseye/main/binary-i386/Packages.xz";
hash = "sha256-0bKSLLPhEC7FB5D1NA2jaQP0wTe/Qp1ddiA/NDVjRaI=";
};
urlPrefix = "https://snapshot.debian.org/archive/debian/20230131T034648Z";
urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z";
packages = commonDebianPackages;
};
debian11x86_64 = {
name = "debian-11.6-bullseye-amd64";
fullName = "Debian 11.6 Bullseye (amd64)";
name = "debian-11.8-bullseye-amd64";
fullName = "Debian 11.8 Bullseye (amd64)";
packagesList = fetchurl {
url = "https://snapshot.debian.org/archive/debian/20230131T034648Z/dists/bullseye/main/binary-amd64/Packages.xz";
hash = "sha256-mz0eCWdn6uWt40OxsSPheHzEnMeLE52yR/vpb48/VF0=";
url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bullseye/main/binary-amd64/Packages.xz";
hash = "sha256-CYPsGgQgJZkh3JmbcAQkYDWP193qrkOADOgrMETZIeo=";
};
urlPrefix = "https://snapshot.debian.org/archive/debian/20230131T034648Z";
urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z";
packages = commonDebianPackages;
};
debian12i386 = {
name = "debian-12.2-bookworm-i386";
fullName = "Debian 12.2 Bookworm (i386)";
packagesList = fetchurl {
url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bookworm/main/binary-i386/Packages.xz";
hash = "sha256-OeN9Q2HFM3GsPNhOa4VhM7qpwT66yUNwC+6Z8SbGEeQ=";
};
urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z";
packages = commonDebianPackages;
};
debian12x86_64 = {
name = "debian-12.2-bookworm-amd64";
fullName = "Debian 12.2 Bookworm (amd64)";
packagesList = fetchurl {
url = "https://snapshot.debian.org/archive/debian/20231124T031419Z/dists/bookworm/main/binary-amd64/Packages.xz";
hash = "sha256-SZDElRfe9BlBwDlajQB79Qdn08rv8whYoQDeVCveKVs=";
};
urlPrefix = "https://snapshot.debian.org/archive/debian/20231124T031419Z";
packages = commonDebianPackages;
};
};

6
pkgs/by-name/fo/fortune-kind/package.nix
View file

@ -11,16 +11,16 @@
rustPlatform.buildRustPackage rec {
pname = "fortune-kind";
version = "0.1.9";
version = "0.1.10";
src = fetchFromGitHub {
owner = "cafkafk";
repo = "fortune-kind";
rev = "v${version}";
hash = "sha256-93BEy9FX3bZTYNewotBv1ejmMSnSdu9XnC4TgIvcYG0=";
hash = "sha256-KOrJIGLNZxFJ/KeRq1hcIQHDYPQQdQCzr6QA/pVIs5A=";
};
cargoHash = "sha256-xm6BOYnxUoCRuMAAFyWRcKEcqrs5FmnOgIO/Gj1bCoI=";
cargoHash = "sha256-iiGCCbTc0b+93XRMpkhFs0hj9Nuse1HaqahQz7NaheU=";
nativeBuildInputs = [ makeBinaryWrapper installShellFiles ];
buildInputs = lib.optionals stdenv.isDarwin [ libiconv darwin.apple_sdk.frameworks.Security ];

7
pkgs/development/interpreters/babashka/default.nix
View file

@ -1,7 +1,6 @@
{ lib
, buildGraalvmNativeImage
, graalvmCEPackages
, removeReferencesTo
, fetchurl
, writeScript
, installShellFiles
@ -21,7 +20,7 @@ let
executable = "bb";
nativeBuildInputs = [ removeReferencesTo installShellFiles ];
nativeBuildInputs = [ installShellFiles ];
extraNativeImageBuildArgs = [
"-H:+ReportExceptionStackTraces"
@ -39,11 +38,7 @@ let
$out/bin/bb '(prn "bépo àê")' | fgrep 'bépo àê'
'';
# As of v1.2.174, this will remove references to ${graalvmDrv}/conf/chronology,
# not sure the implications of this but this file is not available in
# graalvm-ce anyway.
postInstall = ''
remove-references-to -t ${graalvmDrv} $out/bin/${executable}
installShellCompletion --cmd bb --bash ${./completions/bb.bash}
installShellCompletion --cmd bb --zsh ${./completions/bb.zsh}
installShellCompletion --cmd bb --fish ${./completions/bb.fish}

5
pkgs/development/libraries/libxmlxx/default.nix
View file

@ -9,6 +9,11 @@ stdenv.mkDerivation rec {
sha256 = "1sb3akryklvh2v6m6dihdnbpf1lkx441v972q9hlz1sq6bfspm2a";
};
configureFlags = [
# remove if library is updated
"CXXFLAGS=-std=c++11"
];
outputs = [ "out" "devdoc" ];
nativeBuildInputs = [ pkg-config perl ];

11
pkgs/development/python-modules/aiolifx-themes/default.nix
View file

@ -12,8 +12,8 @@
buildPythonPackage rec {
pname = "aiolifx-themes";
version = "0.4.9";
format = "pyproject";
version = "0.4.10";
pyproject = true;
disabled = pythonOlder "3.9";
@ -21,7 +21,7 @@ buildPythonPackage rec {
owner = "Djelibeybi";
repo = "aiolifx-themes";
rev = "refs/tags/v${version}";
hash = "sha256-8t0yRia/grSSEqySV57QoB3lgU9iwqiVOvVLE5Jd2pM=";
hash = "sha256-zpUvbG/89MeZ50565MVjehSTnLmOKScBA07yBjZ521I=";
};
prePatch = ''
@ -31,11 +31,6 @@ buildPythonPackage rec {
--replace "typer = " "# unused: typer = "
'';
postPatch = ''
substituteInPlace pyproject.toml \
--replace 'aiolifx = "^0.8.6"' 'aiolifx = "*"'
'';
nativeBuildInputs = [
poetry-core
];

4
pkgs/development/python-modules/nextdns/default.nix
View file

@ -12,7 +12,7 @@
buildPythonPackage rec {
pname = "nextdns";
version = "2.0.1";
version = "2.1.0";
format = "setuptools";
disabled = pythonOlder "3.10";
@ -21,7 +21,7 @@ buildPythonPackage rec {
owner = "bieniu";
repo = "nextdns";
rev = "refs/tags/${version}";
hash = "sha256-NJjnk/FadD4QUqPYxbbS7gsIKVxwR5tpnBth1HFLkr0=";
hash = "sha256-haw6t7pepMN77LFVgDFBbV4StRqcRMvnCaup8K38kEg=";
};
propagatedBuildInputs = [

56
pkgs/development/python-modules/python-hosts/default.nix
View file

@ -1,31 +1,61 @@
{ lib, buildPythonPackage, fetchPypi, pyyaml, pytest, pytest-cov }:
{ lib
, buildPythonPackage
, fetchPypi
, pytestCheckHook
, pythonOlder
, pyyaml
, setuptools
}:
buildPythonPackage rec {
pname = "python-hosts";
version = "1.0.4";
version = "1.0.5";
pyproject = true;
disabled = pythonOlder "3.7";
src = fetchPypi {
inherit pname version;
hash = "sha256-y7d7CuGuKYEUCjFHvWb+iDI6oDeVsTzBNPSySzxu1Zk=";
hash = "sha256-xabbGnvzXNiE0koQVq9dmEib5Cv7kg1JjpZAyb7IZM0=";
};
# win_inet_pton is required for windows support
# win_inet_pton is required for Windows support
prePatch = ''
substituteInPlace setup.py --replace "install_requires=['win_inet_pton']," ""
substituteInPlace python_hosts/utils.py --replace "import win_inet_pton" ""
substituteInPlace setup.py \
--replace "install_requires=['win_inet_pton']," ""
substituteInPlace python_hosts/utils.py \
--replace "import win_inet_pton" ""
'';
nativeCheckInputs = [ pyyaml pytest pytest-cov ];
nativeBuildInputs = [
setuptools
];
# Removing 1 test file (it requires internet connection) and keeping the other two
checkPhase = ''
pytest tests/test_hosts_entry.py
pytest tests/test_utils.py
'';
nativeCheckInputs = [
pyyaml
pytestCheckHook
];
pythonImportsCheck = [
"python_hosts"
];
disabledTests = [
# Tests require network access
"test_import_from_url_counters_for_part_success"
"test_import_from_url_with_force"
"test_import_from_url_without_force"
"test_import_from_url"
];
meta = with lib; {
description = "A library for managing a hosts file. It enables adding and removing entries, or importing them from a file or URL";
description = "Library for managing a hosts file";
longDescription = ''
python-hosts is a Python library for managing a hosts file. It enables you to add
and remove entries, or import them from a file or URL.
'';
homepage = "https://github.com/jonhadfield/python-hosts";
changelog = "https://github.com/jonhadfield/python-hosts/blob/${version}/CHANGELOG.md";
license = licenses.mit;
maintainers = with maintainers; [ psyanticy ];
};

15
pkgs/development/python-modules/tcxreader/default.nix
View file

@ -1,24 +1,29 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, poetry-core
, pytestCheckHook
, pythonOlder
}:
buildPythonPackage rec {
pname = "tcxreader";
version = "0.4.4";
format = "setuptools";
version = "0.4.5";
pyproject = true;
disabled = pythonOlder "3.7";
disabled = pythonOlder "3.6";
src = fetchFromGitHub {
owner = "alenrajsp";
repo = "tcxreader";
rev = "v${version}";
hash = "sha256-UJ6F+GcdF0b2gALQWepLyCnWm+6RKBRnBt1eJNoRRzo=";
rev = "refs/tags/v${version}";
hash = "sha256-CiOLcev9fo2BPgnPZZ2borU25f/gKISqRAapAHgLN3w=";
};
nativeBuildInputs = [
poetry-core
];
nativeCheckInputs = [
pytestCheckHook
];

4
pkgs/development/python-modules/tldextract/default.nix
View file

@ -15,7 +15,7 @@
buildPythonPackage rec {
pname = "tldextract";
version = "5.1.0";
version = "5.1.1";
pyproject = true;
disabled = pythonOlder "3.8";
@ -24,7 +24,7 @@ buildPythonPackage rec {
owner = "john-kurkowski";
repo = "tldextract";
rev = "refs/tags/${version}";
hash = "sha256-x5SJcbTUrqG7mMUPXIhR1rEu3PZ+VA00dFYeoGnX5l0=";
hash = "sha256-/VBbU8FuB8MEuX6MgGO44+gfqVjl1aHHDHncHY2Jo38=";
};
SETUPTOOLS_SCM_PRETEND_VERSION = version;

33
pkgs/development/python-modules/warcio/default.nix
View file

@ -2,18 +2,22 @@
, buildPythonPackage
, fetchFromGitHub
, fetchpatch
, six
, setuptools
, pytestCheckHook
, httpbin
, requests
, wsgiprox
, multidict
, pytestCheckHook
, pythonOlder
, requests
, setuptools
, six
, wsgiprox
}:
buildPythonPackage rec {
pname = "warcio";
version = "1.7.4";
format = "setuptools";
disabled = pythonOlder "3.7";
src = fetchFromGitHub {
owner = "webrecorder";
@ -24,6 +28,7 @@ buildPythonPackage rec {
patches = [
(fetchpatch {
# Add offline mode to skip tests that require an internet connection, https://github.com/webrecorder/warcio/pull/135
name = "add-offline-option.patch";
url = "https://github.com/webrecorder/warcio/pull/135/commits/2546fe457c57ab0b391764a4ce419656458d9d07.patch";
hash = "sha256-3izm9LvAeOFixiIUUqmd5flZIxH92+NxL7jeu35aObQ=";
@ -36,20 +41,30 @@ buildPythonPackage rec {
];
nativeCheckInputs = [
pytestCheckHook
httpbin
multidict # Optional. Without this, one test in test/test_utils.py is skipped.
pytestCheckHook
requests
wsgiprox
multidict # Optional. Without this, one test in test/test_utils.py is skipped.
];
pytestFlagsArray = [ "--offline" ];
pytestFlagsArray = [
"--offline"
];
pythonImportsCheck = [ "warcio" ];
disabledTests = [
# Tests require network access, see above
"test_get_cache_to_file"
];
pythonImportsCheck = [
"warcio"
];
meta = with lib; {
description = "Streaming WARC/ARC library for fast web archive IO";
homepage = "https://github.com/webrecorder/warcio";
changelog = "https://github.com/webrecorder/warcio/blob/master/CHANGELIST.rst";
license = licenses.asl20;
maintainers = with maintainers; [ Luflosi ];
};

6
pkgs/development/tools/fq/default.nix
View file

@ -7,16 +7,16 @@
buildGoModule rec {
pname = "fq";
version = "0.8.0";
version = "0.9.0";
src = fetchFromGitHub {
owner = "wader";
repo = "fq";
rev = "v${version}";
hash = "sha256-7q08fQUFy4qX3VqUHuvOZuVQdFeoeo5+7HUQ4WWMWYw=";
hash = "sha256-ohSjQxVbywOcZHwDditqDyQ+EAgzWtLXRc130dpIzzE=";
};
vendorHash = "sha256-7TGdbGVx7YTuYBmHYK0dqccxSTkLzUlBk21EREv9XBA=";
vendorHash = "sha256-yfunwj+0fVrWV1RgZtCsdmV4ESKF7VLr12P2nULyqOg=";
ldflags = [
"-s"

13
pkgs/development/tools/jet/default.nix
View file

@ -1,4 +1,9 @@
{ lib, buildGraalvmNativeImage, fetchurl }:
{ lib
, buildGraalvmNativeImage
, fetchurl
, testers
, jet
}:
buildGraalvmNativeImage rec {
pname = "jet";
@ -16,6 +21,12 @@ buildGraalvmNativeImage rec {
"--no-server"
];
passthru.tests.version = testers.testVersion {
inherit version;
package = jet;
command = "jet --version";
};
meta = with lib; {
description = "CLI to transform between JSON, EDN, YAML and Transit, powered with a minimal query language";
homepage = "https://github.com/borkdude/jet";

22
pkgs/development/tools/misc/clojure-lsp/default.nix
View file

@ -1,4 +1,14 @@
{ lib, stdenv, buildGraalvmNativeImage, babashka, fetchurl, fetchFromGitHub, clojure, writeScript }:
{ lib
, stdenv
, buildGraalvmNativeImage
, babashka
, fetchurl
, fetchFromGitHub
, clojure
, writeScript
, testers
, clojure-lsp
}:
buildGraalvmNativeImage rec {
pname = "clojure-lsp";
@ -28,12 +38,18 @@ buildGraalvmNativeImage rec {
export HOME="$(mktemp -d)"
./${pname} --version | fgrep -q '${version}'
''
# TODO: fix classpath issue per https://github.com/NixOS/nixpkgs/pull/153770
#${babashka}/bin/bb integration-test ./${pname}
# TODO: fix classpath issue per https://github.com/NixOS/nixpkgs/pull/153770
#${babashka}/bin/bb integration-test ./${pname}
+ ''
runHook postCheck
'';
passthru.tests.version = testers.testVersion {
inherit version;
package = clojure-lsp;
command = "clojure-lsp --version";
};
passthru.updateScript = writeScript "update-clojure-lsp" ''
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl common-updater-scripts gnused jq nix

4
pkgs/development/tools/yamlpath/default.nix
View file

@ -46,5 +46,9 @@ python3.pkgs.buildPythonApplication rec {
'';
license = licenses.isc;
maintainers = with maintainers; [ Flakebi ];
# No support for ruamel.yaml > 0.17.21
# https://github.com/wwkimball/yamlpath/issues/217
broken = true;
};
}

13
pkgs/development/tools/zprint/default.nix
View file

@ -1,4 +1,9 @@
{ lib, buildGraalvmNativeImage, fetchurl }:
{ lib
, buildGraalvmNativeImage
, fetchurl
, testers
, zprint
}:
buildGraalvmNativeImage rec {
pname = "zprint";
@ -18,6 +23,12 @@ buildGraalvmNativeImage rec {
"--no-fallback"
];
passthru.tests.version = testers.testVersion {
inherit version;
package = zprint;
command = "zprint --version";
};
meta = with lib; {
description = "Clojure/EDN source code formatter and pretty printer";
longDescription = ''

5
pkgs/os-specific/darwin/yabai/default.nix
View file

@ -108,6 +108,11 @@ in
dontConfigure = true;
enableParallelBuilding = true;
env = {
# silence service.h error
NIX_CFLAGS_COMPILE = "-Wno-implicit-function-declaration";
};
postPatch = ''
# aarch64 code is compiled on all targets, which causes our Apple SDK headers to error out.
# Since multilib doesnt work on darwin i dont know of a better way of handling this.

8
pkgs/os-specific/linux/zfs/stable.nix
View file

@ -18,20 +18,20 @@ callPackage ./generic.nix args {
# check the release notes for compatible kernels
kernelCompatible =
if stdenv'.isx86_64 || removeLinuxDRM
then kernel.kernelOlder "6.6"
then kernel.kernelOlder "6.7"
else kernel.kernelOlder "6.2";
latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM
then linuxKernel.packages.linux_6_5
then linuxKernel.packages.linux_6_6
else linuxKernel.packages.linux_6_1;
# this package should point to the latest release.
version = "2.2.0";
version = "2.2.1";
tests = [
nixosTests.zfs.installer
nixosTests.zfs.stable
];
hash = "sha256-s1sdXSrLu6uSOmjprbUa4cFsE2Vj7JX5i75e4vRnlvg=";
hash = "sha256-2Q/Nhp3YKgMCLPNRNBq5r9U4GeuYlWMWAsjsQy3vFW4=";
}

9
pkgs/os-specific/linux/zfs/unstable.nix
View file

@ -16,21 +16,20 @@ callPackage ./generic.nix args {
kernelModuleAttribute = "zfsUnstable";
# check the release notes for compatible kernels
kernelCompatible = if stdenv'.isx86_64 || removeLinuxDRM
then kernel.kernelOlder "6.6"
then kernel.kernelOlder "6.7"
else kernel.kernelOlder "6.2";
latestCompatibleLinuxPackages = if stdenv'.isx86_64 || removeLinuxDRM
then linuxKernel.packages.linux_6_5
then linuxKernel.packages.linux_6_6
else linuxKernel.packages.linux_6_1;
# this package should point to a version / git revision compatible with the latest kernel release
# IMPORTANT: Always use a tagged release candidate or commits from the
# zfs-<version>-staging branch, because this is tested by the OpenZFS
# maintainers.
version = "2.2.1-unstable-2023-10-21";
rev = "95785196f26e92d82cf4445654ba84e4a9671c57";
version = "2.2.1";
hash = "sha256-s1sdXSrLu6uSOmjprbUa4cFsE2Vj7JX5i75e4vRnlvg=";
hash = "sha256-2Q/Nhp3YKgMCLPNRNBq5r9U4GeuYlWMWAsjsQy3vFW4=";
isUnstable = true;
tests = [

13
pkgs/servers/gemini/stargazer/default.nix
View file

@ -5,22 +5,27 @@
, installShellFiles
, scdoc
, Security
, nixosTests
}:
rustPlatform.buildRustPackage rec {
pname = "stargazer";
version = "1.0.5";
version = "1.1.0";
src = fetchFromSourcehut {
owner = "~zethra";
repo = "stargazer";
rev = version;
hash = "sha256-n88X3RJD7PqOcVRK/bp/gMNLVrbwnJ2iwi2rCpsfp+o=";
hash = "sha256-c0gKvVaMiUOGHlPmtaW6it8J9MusQY7BA/5F9I3ysMc=";
};
cargoHash = "sha256-Yqh3AQIOahKz2mLeVNm58Yr6vhjU4aQwN62y3Z5/EJc=";
cargoHash = "sha256-8VrEZZNSFLAjUagsiRApvjiXusBHLLn1O/+QKtQY4wg=";
doCheck = false; # Uses extenal testing framework that requires network
doCheck = false; # Uses external testing framework that requires network
passthru.tests = {
basic-functionality = nixosTests.stargazer;
};
nativeBuildInputs = [ installShellFiles scdoc ];

4
pkgs/servers/metabase/default.nix
View file

@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
pname = "metabase";
version = "0.47.6";
version = "0.47.8";
src = fetchurl {
url = "https://downloads.metabase.com/v${version}/metabase.jar";
hash = "sha256-LWF8O6v1x1iX5eJCugQ1noLeUJsVthZ7cGuyW3w6XGg=";
hash = "sha256-ugGDyoMSAvoKZti3xnxGQseoDVroRGBkawt/F7ma4K4=";
};
nativeBuildInputs = [ makeWrapper ];

153
pkgs/servers/sip/kamailio/default.nix
View file

@ -1,13 +1,105 @@
{ callPackage
, fetchurl
, lib
, pkgs
, stdenv
, pkg-config
, which
, bison
, flex
, json_c
, libevent
, libxml2
, mariadb-connector-c
, pcre
, gnugrep
, gawk
, coreutils
, gdb
, gnused
, openssl
}:
stdenv.mkDerivation (finalAttrs: {
pname = "kamailio";
version = "5.7.2";
version = "5.7.3";
src = fetchurl {
url = "https://www.kamailio.org/pub/kamailio/${finalAttrs.version}/src/kamailio-${finalAttrs.version}_src.tar.gz";
hash = "sha256-x6YgsDl05OBNQZ4Iancf0Leo4mnz1pwZocZghaSY/Yw=";
};
buildInputs = [
json_c
libevent
libxml2
mariadb-connector-c
pcre
openssl
];
nativeBuildInputs = [
pkg-config
which
bison
flex
];
modules = [
"db_mysql"
"dialplan"
"jsonrpcc"
"json"
"lcr"
"presence"
"presence_conference"
"presence_dialoginfo"
"presence_mwi"
"presence_profile"
"presence_reginfo"
"presence_xml"
"pua"
"pua_bla"
"pua_dialoginfo"
"pua_json"
"pua_reginfo"
"pua_rpc"
"pua_usrloc"
"pua_xmpp"
"regex"
"rls"
"tls"
"xcap_client"
"xcap_server"
];
configurePhase = ''
runHook preConfigure
make PREFIX="$out" include_modules="${lib.concatStringsSep " " finalAttrs.modules}" cfg
runHook postConfigure
'';
preInstall = ''
makeFlagsArray+=(PREFIX="$out" "MYSQLCFG=${lib.getDev mariadb-connector-c}/bin/mariadb_config")
'';
postInstall = ''
echo 'MD5="${coreutils}/bin/md5sum"' >> $out/etc/kamailio/kamctlrc
echo 'AWK="${gawk}/bin/awk"' >> $out/etc/kamailio/kamctlrc
echo 'GDB="${gdb}/bin/gdb"' >> $out/etc/kamailio/kamctlrc
echo 'GREP="${gnugrep}/bin/grep "' >> $out/etc/kamailio/kamctlrc
echo 'EGREP="${gnugrep}/bin/grep -E"' >> $out/etc/kamailio/kamctlrc
echo 'SED="${gnused}/bin/sed"' >> $out/etc/kamailio/kamctlrc
echo 'LAST_LINE="${coreutils}/bin/tail -n 1"' >> $out/etc/kamailio/kamctlrc
echo 'EXPR="${gnugrep}/bin/expr"' >> $out/etc/kamailio/kamctlrc
'';
enableParallelBuilding = true;
passthru.tests = {
kamailio-bin = callPackage ./test-kamailio-bin { };
};
meta = {
description = "Fast and flexible SIP server, proxy, SBC, and load balancer";
@ -16,61 +108,4 @@ stdenv.mkDerivation (finalAttrs: {
maintainers = with lib.maintainers; [ mawis ];
platforms = lib.platforms.linux;
};
src = fetchurl {
url = "https://www.kamailio.org/pub/kamailio/5.7.2/src/kamailio-${finalAttrs.version}_src.tar.gz";
hash = "sha256-csmgZ9qNb6kg03N9mM1/ZsMh+Ay+EHbi1aOStCJQMSI=";
};
buildInputs = with pkgs; [
bison
flex
gnugrep
json_c.dev
libevent.dev
libxml2.dev
mariadb-connector-c.dev
pcre.dev
];
nativeBuildInputs = with pkgs; [
pkg-config
which
];
configurePhase = ''
runHook preConfigure
make PREFIX="$out" include_modules="db_mysql dialplan jsonrpcc json lcr presence presence_conference presence_dialoginfo presence_mwi presence_profile presence_reginfo presence_xml pua pua_bla pua_dialoginfo pua_json pua_reginfo pua_rpc pua_usrloc pua_xmpp regex rls xcap_client xcap_server" cfg
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
make MYSQLCFG=${pkgs.mariadb-connector-c.dev}/bin/mariadb_config all
runHook postBuild
'';
installPhase = ''
runHook preInstall
make MYSQLCFG=${pkgs.mariadb-connector-c.dev}/bin/mariadb_config install
echo 'MD5="${pkgs.coreutils}/bin/md5sum"' >> $out/etc/kamailio/kamctlrc
echo 'AWK="${pkgs.gawk}/bin/awk"' >> $out/etc/kamailio/kamctlrc
echo 'GDB="${pkgs.gdb}/bin/gdb"' >> $out/etc/kamailio/kamctlrc
echo 'GREP="${pkgs.gnugrep}/bin/grep "' >> $out/etc/kamailio/kamctlrc
echo 'EGREP="${pkgs.gnugrep}/bin/grep -E"' >> $out/etc/kamailio/kamctlrc
echo 'SED="${pkgs.gnused}/bin/sed"' >> $out/etc/kamailio/kamctlrc
echo 'LAST_LINE="${pkgs.coreutils}/bin/tail -n 1"' >> $out/etc/kamailio/kamctlrc
echo 'EXPR="${pkgs.gnugrep}/bin/expr"' >> $out/etc/kamailio/kamctlrc
runHook postInstall
'';
passthru.tests = {
kamailio-bin = callPackage ./test-kamailio-bin {};
};
})

6
pkgs/shells/nushell/nu_scripts/default.nix
View file

@ -6,13 +6,13 @@
stdenvNoCC.mkDerivation rec {
pname = "nu_scripts";
version = "unstable-2023-10-31";
version = "unstable-2023-11-22";
src = fetchFromGitHub {
owner = "nushell";
repo = pname;
rev = "c2bb125a6790bef1e448680e077345c4d10dcb12";
hash = "sha256-Sug07QTL7fxxQAf9YOprMNEQSDqeXEk7qt1g2dP0Eqk=";
rev = "91b6a2b2280123ed5789f5c0870b9de22c722fb3";
hash = "sha256-nRplK0w55I1rk15tfkCMxFBqTR9ihhnE/tHRs9mKLdY=";
};
installPhase = ''

8
pkgs/tools/misc/mods/default.nix
View file

@ -8,18 +8,18 @@
buildGoModule rec {
pname = "mods";
version = "0.2.0";
version = "1.1.0";
src = fetchFromGitHub {
owner = "charmbracelet";
repo = "mods";
rev = "v${version}";
hash = "sha256-jOvXT/KAfSN9E4ZgntCbTu05VJu1jhGtv6gEgLStd98=";
hash = "sha256-ZWH3YuN1cmdw96/HVzsp1u70ziUfupUeBjJiNI5a538=";
};
vendorHash = "sha256-GNGX8dyTtzRSUznEV/do1H7GEf6nYf0w+CLCZfkktfg=";
vendorHash = "sha256-PgaxqfgtwBYnzyL2F/OPJP1rdmLOtBCTKEPhMgvC6XA=";
ldflags = [ "-s" "-w" "-X=main.version=${version}" ];
ldflags = [ "-s" "-w" "-X=main.Version=${version}" ];
passthru = {
updateScript = gitUpdater {

6
pkgs/tools/networking/ooniprobe-cli/default.nix
View file

@ -5,16 +5,16 @@
buildGoModule rec {
pname = "ooniprobe-cli";
version = "3.19.0";
version = "3.19.1";
src = fetchFromGitHub {
owner = "ooni";
repo = "probe-cli";
rev = "v${version}";
hash = "sha256-W3C4KbZnOdljofnlYZk/F6E77/AXjdNTRoWrtoEVfqg=";
hash = "sha256-sYIp5zl49waERfTYPfNjbyzep7p4sRlweDVcuTtWB28=";
};
vendorHash = "sha256-wEhh0nMdFH9wLfNSxYvbkbtu69cNEmVpQDk57/gdnw8=";
vendorHash = "sha256-6RyK0oy9Lcuh2TXpQqAqmrA+bS9hug6+il7L1z+kYvs=";
subPackages = [ "cmd/ooniprobe" ];

89
pkgs/tools/nix/nixos-render-docs/src/nixos_render_docs/options.py
View file

@ -8,6 +8,7 @@ import xml.sax.saxutils as xml
from abc import abstractmethod
from collections.abc import Mapping, Sequence
from markdown_it.token import Token
from pathlib import Path
from typing import Any, Generic, Optional
from urllib.parse import quote
@ -287,18 +288,27 @@ class ManpageConverter(BaseConverter[OptionsManpageRenderer]):
_links_in_last_description: Optional[list[str]] = None
def __init__(self, revision: str,
header: list[str] | None,
footer: list[str] | None,
*,
# only for parallel rendering
_options_by_id: Optional[dict[str, str]] = None):
super().__init__(revision)
self._options_by_id = _options_by_id or {}
self._renderer = OptionsManpageRenderer({}, self._options_by_id)
self._header = header
self._footer = footer
def _parallel_render_prepare(self) -> Any:
return (self._revision, { '_options_by_id': self._options_by_id })
return (
self._revision,
self._header,
self._footer,
{ '_options_by_id': self._options_by_id },
)
@classmethod
def _parallel_render_init_worker(cls, a: Any) -> ManpageConverter:
return cls(a[0], **a[1])
return cls(a[0], a[1], a[2], **a[3])
def _render_option(self, name: str, option: dict[str, Any]) -> RenderedOption:
links = self._renderer.link_footnotes = []
@ -342,26 +352,29 @@ class ManpageConverter(BaseConverter[OptionsManpageRenderer]):
def finalize(self) -> str:
result = []
result += [
r'''.TH "CONFIGURATION\&.NIX" "5" "01/01/1980" "NixOS" "NixOS Reference Pages"''',
r'''.\" disable hyphenation''',
r'''.nh''',
r'''.\" disable justification (adjust text to left margin only)''',
r'''.ad l''',
r'''.\" enable line breaks after slashes''',
r'''.cflags 4 /''',
r'''.SH "NAME"''',
self._render('{file}`configuration.nix` - NixOS system configuration specification'),
r'''.SH "DESCRIPTION"''',
r'''.PP''',
self._render('The file {file}`/etc/nixos/configuration.nix` contains the '
'declarative specification of your NixOS system configuration. '
'The command {command}`nixos-rebuild` takes this file and '
'realises the system configuration specified therein.'),
r'''.SH "OPTIONS"''',
r'''.PP''',
self._render('You can use the following options in {file}`configuration.nix`.'),
]
if self._header is not None:
result += self._header
else:
result += [
r'''.TH "CONFIGURATION\&.NIX" "5" "01/01/1980" "NixOS" "NixOS Reference Pages"''',
r'''.\" disable hyphenation''',
r'''.nh''',
r'''.\" disable justification (adjust text to left margin only)''',
r'''.ad l''',
r'''.\" enable line breaks after slashes''',
r'''.cflags 4 /''',
r'''.SH "NAME"''',
self._render('{file}`configuration.nix` - NixOS system configuration specification'),
r'''.SH "DESCRIPTION"''',
r'''.PP''',
self._render('The file {file}`/etc/nixos/configuration.nix` contains the '
'declarative specification of your NixOS system configuration. '
'The command {command}`nixos-rebuild` takes this file and '
'realises the system configuration specified therein.'),
r'''.SH "OPTIONS"''',
r'''.PP''',
self._render('You can use the following options in {file}`configuration.nix`.'),
]
for (name, opt) in self._sorted_options():
result += [
@ -383,11 +396,14 @@ class ManpageConverter(BaseConverter[OptionsManpageRenderer]):
result.append(".RE")
result += [
r'''.SH "AUTHORS"''',
r'''.PP''',
r'''Eelco Dolstra and the Nixpkgs/NixOS contributors''',
]
if self._footer is not None:
result += self._footer
else:
result += [
r'''.SH "AUTHORS"''',
r'''.PP''',
r'''Eelco Dolstra and the Nixpkgs/NixOS contributors''',
]
return "\n".join(result)
@ -573,6 +589,8 @@ def _build_cli_db(p: argparse.ArgumentParser) -> None:
def _build_cli_manpage(p: argparse.ArgumentParser) -> None:
p.add_argument('--revision', required=True)
p.add_argument("--header", type=Path)
p.add_argument("--footer", type=Path)
p.add_argument("infile")
p.add_argument("outfile")
@ -603,7 +621,22 @@ def _run_cli_db(args: argparse.Namespace) -> None:
f.write(md.finalize())
def _run_cli_manpage(args: argparse.Namespace) -> None:
md = ManpageConverter(revision = args.revision)
header = None
footer = None
if args.header is not None:
with args.header.open() as f:
header = f.read().splitlines()
if args.footer is not None:
with args.footer.open() as f:
footer = f.read().splitlines()
md = ManpageConverter(
revision = args.revision,
header = header,
footer = footer,
)
with open(args.infile, 'r') as f:
md.add_options(json.load(f))

9
pkgs/tools/security/govulncheck/default.nix
View file

@ -1,6 +1,7 @@
{ lib
, buildGoModule
, fetchFromGitHub
, substituteAll
}:
buildGoModule rec {
@ -14,6 +15,14 @@ buildGoModule rec {
hash = "sha256-cewQ03dK/k3mXevE09M01Yox/3ZWP6IrG0H4QsZMzy8=";
};
patches = [
# patch in version information
(substituteAll {
src = ./version.patch;
inherit version;
})
];
vendorHash = "sha256-r9XshbgVA5rppJF46SFYPad344ZHMLWTHTnL6vbIFH8=";
subPackages = [

15
pkgs/tools/security/govulncheck/version.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/internal/scan/run.go b/internal/scan/run.go
index fa7fe37..216ca43 100644
--- a/internal/scan/run.go
+++ b/internal/scan/run.go
@@ -99,8 +99,8 @@ func scannerVersion(cfg *config, bi *debug.BuildInfo) {
if bi.Path != "" {
cfg.ScannerName = path.Base(bi.Path)
}
- if bi.Main.Version != "" && bi.Main.Version != "(devel)" {
- cfg.ScannerVersion = bi.Main.Version
+ if true {
+ cfg.ScannerVersion = "@version@"
return
}

6
pkgs/tools/security/hashcat/default.nix
View file

@ -21,8 +21,14 @@ stdenv.mkDerivation rec {
};
postPatch = ''
# Select libstdc++ or libc++ based on stdenv
# MACOSX_DEPLOYMENT_TARGET is defined by the enviroment
# Remove hardcoded paths on darwin
substituteInPlace src/Makefile \
'' + lib.optionalString (stdenv.cc.libcxx != null) ''
--replace "-lstdc++" "-lc++ -l${stdenv.cc.libcxx.cxxabi.libName}" \
'' + ''
--replace "export MACOSX_DEPLOYMENT_TARGET" "#export MACOSX_DEPLOYMENT_TARGET" \
--replace "/usr/bin/ar" "ar" \
--replace "/usr/bin/sed" "sed" \
--replace '-i ""' '-i'

22
pkgs/tools/security/zsteg/Gemfile.lock
View file

@ -1,13 +1,19 @@
GEM
remote: https://rubygems.org/
specs:
iostruct (0.0.4)
rainbow (3.0.0)
zpng (0.3.1)
rainbow
zsteg (0.2.2)
iostruct
zpng (>= 0.3.1)
forwardable (1.3.3)
iostruct (0.0.5)
prime (0.1.2)
forwardable
singleton
rainbow (3.1.1)
singleton (0.2.0)
zpng (0.4.5)
rainbow (~> 3.1.1)
zsteg (0.2.13)
iostruct (>= 0.0.5)
prime
zpng (>= 0.4.5)
PLATFORMS
ruby
@ -16,4 +22,4 @@ DEPENDENCIES
zsteg
BUNDLED WITH
2.1.4
2.4.13

3
pkgs/tools/security/zsteg/default.nix
View file

@ -11,6 +11,7 @@ bundlerApp {
description = "Detect stegano-hidden data in PNG & BMP.";
homepage = "http://zed.0xff.me/";
license = licenses.mit;
maintainers = with maintainers; [ applePrincess ];
maintainers = with maintainers; [ applePrincess h7x4 ];
mainProgram = "zsteg";
};
}

49
pkgs/tools/security/zsteg/gemset.nix
View file

@ -1,23 +1,54 @@
{
forwardable = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1b5g1i3xdvmxxpq4qp0z4v78ivqnazz26w110fh4cvzsdayz8zgi";
type = "gem";
};
version = "1.3.3";
};
iostruct = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0kwp6ryis32j3z7myw8g7v1yszwrwyl04g2c7flr42pwxga1afxc";
sha256 = "1z3vnb8mhzns3ybf78vlj5cy6lq4pyfm8n40kqba2s33xccs3kl0";
type = "gem";
};
version = "0.0.4";
version = "0.0.5";
};
prime = {
dependencies = ["forwardable" "singleton"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1973kz8lbck6ga5v42f55jk8b8pnbgwp9p67dl1xw15gvz55dsfl";
type = "gem";
};
version = "0.1.2";
};
rainbow = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0bb2fpjspydr6x0s8pn1pqkzmxszvkfapv0p4627mywl7ky4zkhk";
sha256 = "0smwg4mii0fm38pyb5fddbmrdpifwv22zv3d3px2xx497am93503";
type = "gem";
};
version = "3.0.0";
version = "3.1.1";
};
singleton = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0qq54imvbksnckzf9hrq9bjzcdb0n8wfv6l5jc0di10n88277jx6";
type = "gem";
};
version = "0.2.0";
};
zpng = {
dependencies = ["rainbow"];
@ -25,20 +56,20 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0ciyab7qxqsxjhfvr6rbpdzg655fi1zygqg9sd9m6wmgc037dj74";
sha256 = "0xyr7ipgls7wci1gnsz340idm69jls0gind0q4f63ccjwgzsfkqw";
type = "gem";
};
version = "0.3.1";
version = "0.4.5";
};
zsteg = {
dependencies = ["iostruct" "zpng"];
dependencies = ["iostruct" "prime" "zpng"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1mwajlsgs27449n2yf2f9hz8g46qv9bz9f58i9cz1jg58spvpxpk";
sha256 = "128kbv9vsi288mj17zwvc45ijpzf3p116vk9kcvkz978hz0n6spm";
type = "gem";
};
version = "0.2.2";
version = "0.2.13";
};
}

1
pkgs/top-level/aliases.nix
View file

@ -585,6 +585,7 @@ mapAliases ({
miopen-opencl = throw "'miopen-opencl' has been replaced with 'rocmPackages.miopen-opencl'"; # Added 2023-10-08
mime-types = mailcap; # Added 2022-01-21
minizip2 = pkgs.minizip-ng; # Added 2022-12-28
mirage-im = throw "'mirage-im' has been removed, as it was broken and unmaintained"; # Added 2023-11-26
monero = monero-cli; # Added 2021-11-28
mongodb-4_0 = throw "mongodb-4_0 has been removed, it's end of life since April 2022"; # Added 2023-01-05
mongodb-4_2 = throw "mongodb-4_2 has been removed, it's end of life since April 2023"; # Added 2023-06-06

10
pkgs/top-level/all-packages.nix
View file

@ -4391,8 +4391,6 @@ with pkgs;
quaternion = libsForQt5.callPackage ../applications/networking/instant-messengers/quaternion { };
mirage-im = libsForQt5.callPackage ../applications/networking/instant-messengers/mirage { };
tensor = libsForQt5.callPackage ../applications/networking/instant-messengers/tensor { };
libtensorflow = python3.pkgs.tensorflow.libtensorflow;
@ -11540,6 +11538,8 @@ with pkgs;
oh-my-posh = callPackage ../development/tools/oh-my-posh { };
oh-my-zsh = callPackage ../shells/zsh/oh-my-zsh { };
ola = callPackage ../applications/misc/ola {
protobuf = protobuf_21;
};
@ -32641,11 +32641,10 @@ with pkgs;
wlroots_0_16
wlroots;
wrapSway = callPackage ../applications/window-managers/sway/wrapper.nix { };
sway-unwrapped = callPackage ../applications/window-managers/sway {
wlroots = wlroots_0_16;
};
sway = wrapSway sway-unwrapped;
sway = callPackage ../applications/window-managers/sway/wrapper.nix { };
swaybg = callPackage ../applications/window-managers/sway/bg.nix { };
swayidle = callPackage ../applications/window-managers/sway/idle.nix { };
swaylock = callPackage ../applications/window-managers/sway/lock.nix { };
@ -32656,8 +32655,7 @@ with pkgs;
swaycons = callPackage ../applications/window-managers/sway/swaycons.nix { };
swayfx-unwrapped = callPackage ../applications/window-managers/sway/fx.nix { };
swayfx = wrapSway swayfx-unwrapped;
swayfx = callPackage ../applications/window-managers/sway/fx.nix { };
swaylock-fancy = callPackage ../applications/window-managers/sway/lock-fancy.nix { };